Midterm 1 Flashcards

Question 1

Q

External attacks are the only threats to database security. (T/F)

Question 2

Q

A virus that attaches to an executable program can do anything that the program is permitted to do. (T/F)

Question 3

Q

It is not possible to spread a virus via a USB stick. (T/F)

Question 4

Q

Many forms of infection can be blocked by denying normal users the right to modify programs on the system. (T/F)

Question 5

Q

A macro virus infects executes portions of code. (T/F)

Question 6

Q

In addition to propagating, a worn usually carries some form of payload. (T/F)

Question 7

Q

______is the process of performing authorized queries and reducing unauthorized information from the legitimate responses received.

A. Perturbation
B. Inference
C. Compromise
D. Partitioning

Answer

A

B. Inference.

Question 8

Q

_____ is a defence against SQL injections attacks.

A. Perturbation
B. Input validation
C. Anonymization
D. Partitioning

Answer

A

B. Input Validation

Question 9

Q

To defend against database inference attacks, we can apply ________

A. Perturbation
B. De-identification
C. Anonymization
D. All the above

Answer

A

D. All the above

Question 10

Q

_______ are used to send large volumes of unwanted email.

A. Rootkits
B. Spammer programs
C. Downloaders
D. Auto-rooter

Answer

A

B. Spammer programs

Question 11

Q

A ______ is code inserted into malware that lies dormant until a predefined condition, which triggers an unauthorized act, is met.

A. logic bomb
B. trapdoor
C. worm
D. Trojan horse

Answer

A

A. logic bomb

Question 12

Q

The ____ is what the virus does?

A. infection mechanism
B. trigger
C. logic bomb
D. payload

Answer

A

D. payload

Question 13

Q

_____ is the first function in the propagation phase for a network worm.

A. Propagating
B. Fingerprinting
C. Keylogging
D. Spear phishing

Answer

A

B. Fingerprint

Question 14

Q

_____ is malware that encrypts the user’s data and demands payment in order to access the key needed to recover the information.

is malware that encrypts the user?s data and demands payment in order to access the key needed to recover the information.

A. Trojan horse
B. Ransomware
C. Crimeware
D. Polymorphic

Answer

A

B. Ransomware

Question 15

Q

Each layer of code needs appropriate hardening measures in place to provide appropriate security services. (T/F)

Question 16

Q

It is possible for system to be compromised during the install process. (T/F)

Question 17

Q

The default configuration for many operating systems usually maximizes security. (T/F)

Question 18

Q

A malicious driver can potentially bypass many security controls to install malware. (T/F)

Question 19

Q

Performing regular backups of data on a system is critical control that assists with maintaining the integrity of the system and user data. (T/F)

Question 20

Q

Many users choose password that is too short or too easy to guess because it is hard for users to remember long random passwords. (T/F)

Question 21

Q

In a biometric scheme some physical characteristic of the individual is mapped into a digital representation. (T/F)

Question 22

Q

Users authentication is a procedure that allows communicating parties to verify that the contents of received message have not been altered and that the source is authentic. (T/F)

Question 23

Q

Which of the following need to be taken into consideration during the system security planning process?

A.) how users are authenticated
B.) the categories of users of the system
C.) what access the system has to information stored on other hosts
D.) All the above

Answer

A

D. all the above

Question 24

Q

The following steps should be used to secure an operating system:

A.) test the security of the basic operating system
B.) remove unnecessary services
C.) install and patch the operating system
D.) all of the above

Answer

A

D. all the above

Question 25

Q

_____ applications is a control that limits the programs that can execute on the system to just those in an explicit list.

Answer

A

White listing

Question 26

Q

The most important changes needed to improve system security are to _______

A.) disable remotely accessible services that are not required
B.) ensure that applications and services that are needed are appropriately configured
C.) disable services and applications that are not required
D.) all of the above

Answer

A

D. all of the above

Question 27

Q

Security concerns that result from the use of virtualized systems include ______.

A. guest OS isolation
B. guest OS monitoring by the hypervisor
C. virtualized environment security
D. all of the above

Answer

A

D. all of the above

Question 28

Q

Presenting or generating authentication information that corroborates the binding between the entity and the identifier is the _______.

A. identification step
B. authentication step
C. verification step
D. corroboration step

Answer

A

C. Verification step

Question 29

Q

Recognition by fingerprint, retina, and face are examples of _______.

A. face recognition
B. static biometrics
C. dynamic biometrics
D. token authentication

Answer

A

B. static biometrics

Question 30

Q

Voice pattern, handwriting characteristics, and typing rhythm are examples _______.

A. face recognition
B. static biometrics
C. dynamic biometrics
D. token authentication

Answer

A

C. dynamic biometrics

Question 31

Q

A _____ strategy is one in which the system periodically runs its own password cracker to find guessable passwords.

A. user education
B. reactive password checking
C. proactive password checking
D. computer-generated password

Answer

A

B. reactive password checking

Question 32

Q

Each individual who is to be included in the database of authorized users must first be ______ in the system.

A. verified
B. identified
C. authenticated
D. enrolled

Answer

A

D. enrolled

Question 33

Q

Which of the following is an example of multi-factor authentication:

A. Enter both a group password and a user password
B. Enter a pin number and put a finger on fingerprint reader
C. Use an authentication token (e.g., a smartcard)
D. All of the above

Answer

A

B. Enter a pin number and put a finger on fingerprint reader

Question 34

Q

Which of the following is a threat to or concern of biometric authentication:

A. Inherent imprecision (e.g., two people may have their fingerprints digitally interpreted as the same)
B. Impersonation (e.g., use a voice recording)
C. Coercion (e.g., force the user to put his finger on the fingerprint reader)
D. All of the above

Answer

A

D. All of the above

Question 35

Q

The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner. (T/F)

Question 36

Q

Security labels indicate which system entities are eligible to access certain resources. (T/F)

Question 37

Q

A user may belong to multiple groups. (T/F)

Question 38

Q

An access right describes the way in which a subject may access an object. (T/F)

Question 39

Q

Any program that is owned by, and SetUID to, the “superuser” potentially grants unrestricted access to the system to any user executing that program. (T/F)

Question 40

Q

“No write down” is also referred to as the *-property. (T/F)

Question 41

Q

A subject can exercise only accesses for which it has the necessary authorization and which satisfy the MAC rules. (T/F)

Question 42

Q

One way to secure against Trojan horse attacks is the use of a secure, trusted operating system. (T/F)

Question 43

Q

Multilevel security is of interest when there is a requirement to maintain a resource in which multiple levels of data sensitivity are defined. (T/F)

Question 44

Q

The Common Criteria for Information Technology and Security Evaluation are ISO standards for specifying security requirements and defining evaluation criteria. (T/F)

Question 45

Q

_____ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.

A. Audit control
B. Resource control
C. System control
D. Access control

Answer

A

D. Access Control

Question 46

Q

_____ is the granting of a right or permission to a system entity to access a system resource.

A. Authorization
B. Authentication
C. Control
D. Monitoring

Answer

A

A. Authorization

Question 47

Q

______ controls access based on comparing security labels with security clearances.

A. MAC
B. DAC
C. RBAC
D. MBAC

Question 48

Q

A(n) ______ is a named job function within the organization that controls this computer system.

A. user
B. role
C. permission
D. session

Question 49

Q

_____ provide a means of adapting RBAC to the specifics of administrative and security policies in an organization.

A. Constraints
B. Mutually Exclusive Roles
C. Cardinality
D. Prerequisites

Answer

A

A. Constraints

Question 50

Q

A multilevel secure system for confidentiality must enforce:

A. no read up
B. ss-property
C. no write down
D. all of the above

Answer

A

D. All of the above

Question 51

Q

The ______ Model was developed for commercial applications in which conflicts of interest can arise.

A. Biba
B. Clark-Wilson Integrity
C. Bell-Lapadula
D. Chinese Wall

Answer

A

D. Chinese Wall

Question 52

Q

______ data are data that may be derived from corporate data but that cannot be used to discover the corporation’s identity.

A. Reference
B. Trust
C. Sanitized
D. MAC

Answer

A

C. Sanitized

Question 53

Q

The _____ is a hardware module that is at the heart of a hardware/software approach to trusted computing.

A. BLP
B. TC
C. CC
D. TPM

Question 54

Q

_____ is a process that ensures a system is developed and operated as intended by the system’s security policy.

A. Trust
B. Assurance
C. Evaluation
D. Functionality

Answer

A

B. Assurance

Question 55

Q

Security mechanisms typically do not involve more than one particular algorithm or protocol. (T/F)

Question 56

Q

The first step in devising security services and mechanisms is to develop a security policy. (T/F)

Question 57

Q

To exploit any type of buffer overflow the attacker needs to identify a buffer overflow vulnerability in some program that can be triggered using externally sourced data under the attacker’s control. (T/F)

Question 58

Q

Shellcode is not specific to a particular processor architecture. (T/F)

Question 59

Q

An attacker can generally determine in advance exactly where the targeted buffer will be located in the stack frame of the function in which it is defined.

Question 60

Q

It is possible to write a compiler tool to check any C program and identify all possible buffer overflow bugs. (T/F)

Question 61

Q

The OpenSSL heartbleed vulnerability would have been prevented if OpenSSL had been implemented in Java (and the Java runtime environment works properly). (T/F)

Question 62

Q

ASLR (if implemented correctly) can prevent return-to-libc attacks. (T/F)

Question 63

Q

_____ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

A. Availability
B. Privacy
C. System Integrity
D. Data Integrity

Answer

A

B. Privacy

Question 64

Q

____ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

A. System Integrity
B. Availability
C. Data Integrity
D. Confidentiality

Answer

A

A. System Integrity

Answer 30

A

A. Confidentiality

Answer 31

A

C. vulnerability

Answer 32

A

B. attack

Answer 33

A

C. countermeasure

Answer 34

A

A. masquerade

Answer 35

A

D. data Integrity

Answer 36

A

D. all of the above

Answer 37

A

A. shellcode

Answer 38

A

D. All of the above

Answer 39

A

D. all of the above.

Brainscape's Knowledge GenomeTM

Midterm 1 Flashcards

Brainscape's Knowledge Genome^TM