IS3110 CHAP 15

Question 1

A Web site used to hide a user’s activity on the Internet. The user visits the ___ site and then requests pages from other sites. The ___ retrieves the Web pages and serves them as if they are served from the ___ site.

Answer 1

Anonymizer

Question 2

A formal process created by the organization to respond to computer incidents. It includes a definition of a computer incident.

Answer 2

CIRT plan

Question 3

___ is any activity that threatens the security of the computer systems. It affects the organization’s security. It may result in loss of confidentiality, integrity, or availability.

Answer 3

computer incident

Question 4

A group of people who will respond to incidents. This group can be a formal team designated in advance. It can also be an informal group created after an incident occurs.

Answer 4

Computer incident response team (CIRT)

Question 5

A result of peer-to-peer (P2P) programs. P2P programs are commonly used to download pirated music, movies, and applications. Users are often unaware that the P2P programs also share data on their systems. ___ occurs when data on a user’s system is shared without the user’s knowing it.

Answer 5

Data leakage

Question 6

Software that includes viruses, worms, Trojan horses, or any other type of malicious software.

Answer 6

Malware

Question 7

1. A(n) ___ is a violation of a security policy or security practice.

Answer 7

Computer incident or computer security incident

Question 8

2. All events on a system or network are considered computer security incidents.
   TRUE OR FALSE

Answer 8

FALSE.

Question 9

3. An administrator has discovered that a Web server is responding very slowly. Investigation show that the processor, memory, and network resources are being consumed by outside attackers. This is a ___ attack.

Answer 9

Denial of service (DoS) or distributed DoS (DDoS)

Question 10

4. A user has installed P2P software on a system. The organization’s policy specifically states this is unauthorized. An administrator discovered the software on the user’s system. Is this a computer security incident? If so, what type?
5. This is not a computer security incident
6. This is a form of inappropriate usage
7. This is a form of unauthorized access
8. This is a form of malware

Answer 10

This is a form of inappropriate usage

Question 11

5. Some malware can execute on a user’s system after the user accesses a Web site. The malware executes
   from within the Web browser. What type of malware is
   this?
6. Virus
7. Worm
8. Trojan horse
9. Mobile code

Answer 11

Mobile code

Question 12

6. A malicious virus is replicating and causing damage to computer. How do security professionals refer to the virus?
7. In the open
8. In the containment field
9. In the jungle
10. In the wild

Answer 12

In the wild

Question 13

7. What is the greatest risk to an organization when peer to peer software is installed on a user’s system?
8. Loss of copyrights
9. Piracy of the organization’s copyrighted material
10. Data leakage
11. DoS attacks

Answer 13

Data leakage

Question 14

8. Only police or other law enforcement personnel are allowed to do computer forensic investigations.
   TRUE OR FALSE

Answer 14

FALSE

Question 15

9. A log has shown that a user has copied proprietary data to his computer. The organization wants to take legal action against the user. You are tasked with seizing the computer as evidence.
10. Chain of command
11. Forensic chain
12. Permission from the user
13. Chain of custody
14. All the above

Answer 15

Chain of command
Forensic chain
Permission from the user
Chain of custody

Question 16

10. Many steps are taken before, during, and after an incident. Of the following choices, what accurately identifies the incident response life cycle?
11. Preparation, deletion and analysis, eradication and recovery, and post-incident recover
12. Detection and analysis, containment, backup and eradication, and post-incident recovery
13. Preparation, detection and analysis, containment, eradication and recovery, and post-incident recovery
14. Preparation, detection, deletion and analysis, containment and recovery, and post-incident recovery

Answer 16

Preparation, detection and analysis, containment, eradication and recovery, and post-incident recovery

Question 17

11. In general, it is acceptable for members of a CIRT to take actions to attack attackers. This is one of the normal responsibilities of a CIRT.
    TRUE OR FALSE

Answer 17

FALSE

Question 18

12. After an incident has been verified, you need to ensure that it doesn’t spread to other systems. What is this called?
13. Spread avoidance
14. Containment
15. Incident response
16. Impact and priority calculation

Answer 18

Containment

Question 19

13. Which of the following may be included in a CIRT plan?
14. Policies
15. Definitions of incidents
16. CIRT member responsibilities
17. Incident handling procedures
18. All the above
19. 3 and 4 only

Answer 19

CIRT member responsibilities

Incident handling procedures

Question 20

14. Attackers attempt a DoS attack on servers in your organization. The CIRT respond and mitigates the attack. What should be the last step that the CIRT will complete in response to this incident?
15. Attack the attacker
16. Contain the threat
17. Document the incident
18. Report the incident

Answer 20

Document the incident

Question 21

15. Several types of malicious code exist. Malware that appears to be one thing but is actually something else is ___.

Answer 21

A Trojan Horse