___ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts
a. traffic routing b. traffic control c. traffic integetiy d. traffic padding
A loss of ___ is the unauthorized disclosure of information
a. integrity b. confidentiality c. authenticity d. availability
A ___ is any action that compromises the security of information owned by an individual
a. security policy b. security attack c. security mechanism d. security service
The assurance that data received are exactly as sent by an authorized entity is
a. authentication b. data integrity c. data confidentiality d. access control
Masquerade,
falsification, and repudiation are threat actions that cause ___ threat consequences
a. disruption b. deception c. usurpation d. unauthorized discourse
An example of ___ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user
a. interception b. inference c. repudiation d. masquerade
A threat action in which sensitive data are directly
released to an unauthorized entity is ___
a. corruption b. intrusion c. exposure d. disruption
A ___ level breach of security breach could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals
a. high b. normal c. moderate d. low
On average, ____ of all possible keys must be tried to order to achieve success
with a brute-force attack
a. two thirds b. three fourths c. on fourth d. half
A ____ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key
a. keystream b. one-way has function c. secret key d. digital signature
If the only form of attack that could be made on an encryption algorithm is brute-force,
then the way to counter such attacks would be to ____
a. use more keys b. use less keys c. use shorter keys d. user longer keys
The original message or data that is fed into the algorithm is ____
a. encryption algorithm b. secret key c. plain text d. decryption algorithm
The ___ is the encryption algorithm run in reverse
a. decryption algorithm b. encryption algorithm c.
plain text d. cipher text
____ is a procedure that allows communicating parties to verity that received or stored messages are authentic
a. decryption b. cryptanalysis c. collision resistance d. message authentication
d. message authentication
The purpose of a ___ is to produce a
"fingerprint" of file, message, or other block of data
a. key stream b. has function c. digital signature d. secret key
___ is the scrambled message produced as output
a. cipher text b. secret key c. cryptanalyst d. plain text
___ is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n
a. SHA b. RSA c. DSS d. AES
The most important symmetric algorithms, all of which are block ciphers, are the DES, triple DES, and the ____
a. AES b. DSS c. SHA d. RSA
The most common means of human to human identification are ____
a. fingerprints b. facial characteristics c, signatures d. retinal patterns
b. facial characteristics
The ___ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords
a.protective password checking b. user education c. reactive password checking d. computer-generated password
___ systems identify features of the hand, including shape, and lengths and widths of fingers
a. fingerprint b. signature c. hand geometry d. palm print
A ___ strategy is one in which systems periodically runs its own password cracker to find guessable passwords
a. user education b. reactive password checking c. computer-generated password d. proactive password checking
b. reactive password checking
Presenting or generating authentication information that corroborates the binding between the entity and the identifies is the ____
a. authentication step b. identification step c. corroboration step d. verification step
To counter threats to remote user authentication, systems generally rely on some form of ____ protocol
a. torjan horse b. eavesdropping c. denial-of-service d.
challenge-respinse
Recognition by fingerprint, retina, and face are example of ____
a. face recognition b. static bio-metrics c. token authentication d. dynamic bio-metrics
Each individual who is to be included in the database of authorized users must first by ____ in the system
a. authenticated b. identified c. verified d. enrolled
___ defines user authentication as "the process of verifying an identity claimed by or for a system entity"
a. RFC 2328 b. RFC 2493 c. RFC 4949 d. RFC 2298
A ___ is a password guessing program
a. password biometric b. password salt c. password hash d. password cracker
___ implements a security policy that specifies who or what may have access to each specific
system resource and the type of access that is permitted in each instance
a. resource control b. access control c. audit control d. system control
___ controls access based on comparing security labels with security clearances
a. DAC b. MAC c. RBAC d. MBAC
The final permission bit is the ___ bit
a. kernel b. sticky c. set user d. superuser
A(n) ___ is a resource to which access is controlled
a. world b. owner c. subject d. object
___ is the granting of a right or permission to a system entity to access a system resource
a. authentication b. monitoring c. control d. authorization
A ___ is an entity capable of accessing objects
a. subject b. owner c. object d. group
___ is the traditional method of implementing access control
a. MAC b. MBAC b. RBAC d. DAC
___ is based on the roles the users assume in a system rather than the user's identity
a. URAC b. DAC c. MAC d. RBAC
___ is verification that the credentials of a user or other system entity are valid
a. authorization b.
authentication c. audit d. adequacy
A concept that evolved out of requirements for military information security is ___
a. discretionary input b. reliable input c. open and closed policies d. mandatory access control
d. mandatory access control
An end
user who operates on database objects via a particular application but does not own any of the database objects is the ___
a. end user other than application owner b. administrator c. application owner d. foreign key
a. end user other than application owner
The basic building block of a ___ is a table of data, consisting of rows and columns, similar to a spreadsheet
a.
DBMS b. relational database c. query set d. perturbation
___ encompasses intrusion detection, prevention and response
a. intrusion management b. security assessments c. database access control d. data loss prevention
A ___ is a virtual table
a. DBMS b. tuple c. view d. query
A ___ is defined to be a portion of a row used to
uniquely identify a row in a table
a. query b. foreign key c. data perturbation d. primary key
A(n) ___ is a user who has administrative responsibility for part or all of the database
a. administrator b. database relations manager c. end of user other than application owner d. application owner
___ is the process performing authorized queries and deducing unauthorized information
from the legitimate responses received
a. compromise b. portioning c. pertubation d. inference
A(n) ___ is a structured collection of data stored for use by one or more applications
a. tuple b. inference c. attribute d. database
A ___ is a person or organization that maintains a business relationship with cloud providers
a. cloud broker b. cloud consumer c. cloud carrier
d. cloud auditor
The ___ cloud infrastructure is a composition of two or more clouds that remain unique entities but a re bound together by standardized or proprietary technology that enable data and application portability
a. community b. hybrid c. private d. public
True or false?
Email is a common method for spreading macro viruses
True or false?
In addition to propagation, a worm usually carries some form of a payload
True or false?
Metamorphic code is software that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics
True or false?
Many forms of infection can be blocked by denying normal users the right to modify programs in
the system
True or false?
A logic bomb is the event or condition that determines when the payload is activated or delivered
True or false?
A virus that attaches to an executable program can do anything that program is permitted to do
True or false?
It is not possible to spread a virus via USB stick
True or false?
A macro virus infects executable portions of code
True or false?
Malicious software aims to trick users into revealing sensitive personal data
True or false?
Keyware captures keystrokes on a compromised system
True or false?
A program that is covertly inserted
into a system with the intent of compromising the integrity or confidentiality of the victim's data is ___
a. malware b. animoto c. adobe d. prezi
During the ___ the virus is idle
a. triggering phase b. dormant phase c. execution phase d. propagation phase
The ___ is when the virus function is performed
a. triggering phase b. dormant phase c. propagation phase d. execution
phase
The term "computer virus" is attributed to ___
a. Charles Babbage b. Fred Cohen c. Herman Hollerith d. Albert Einstein
A ___ is code inserted into malware that lies dormant until a predefined condition, which triggers an unauthorized act, is met
a. trapdoor b. logic bomb c. worm d. trojan horse
___ are used to send
large volumes of unwanted email
a. down-loaders b. auto-rooter d. rootkits d. spammer programs
___ is the first function in the propagation phase for a network worm
a. propagating b. fingerprinting c. spear phishing d. keylogging
A ___ uses macro or scripting code, typically embedded in a document and triggered when the document is viewed or edited, to run and replicate itself
into other such documents
a. boot sector infector b. multipart virus c. file infector d. macro virus
Computer viruses first appeared in the early
a. 1990s b. 1980s c. 1970s d. 1960s
The ___ is what a virus does
a. payload b. trigger c. logic bomb d. infection mechanism
True or false?
Given sufficiently privileged
access to the network handling code on a computer system, it is difficult to create packets with a forged source code
True or false?
The attacker needs access to high-volume network connection for a SYN spoof attack
True or false?
The source of the attack is explicitly identified in the classic ping flood attack
True or
false?
Flooding attacks take a variety of forms based on which network protocol is being used to implement the attack
True or false?
The SYN spoofing attack targets the table of TCP connections on the server
True or false?
SYN-ACK and ACK packets are transported using IP, which is an unreliable network protocol
True or
false?
A denial-of-service attack is an attempt to compromise availability by hindering or blocking completely the provision of some service
True of false?
DOC attacks cause damage or destruction of IT infrastructures
True or false?
A DoS attack targeting application resources typically aims to overload or crash its network handling software
True or false?
A cyberslam is an application attack that consumes significant resources, limiting the server's ability to respond to valid requests from other users
Bots starting form a given HTTP link and then following all links on the provided Web site in a recursive way is called ____
a. spidering b. trailing c. crowding d. spoofing
___
attempts to monopolize all of the available request handling thread in the Web server by sending HTTP requests that have never complete
a. SYN flooding b. reflection attacks c. slowloris d. HTTP
The ___ attacks the ability of a network server to respond the TCP connection requests by overflowing the tables used to manage such connections
a. prison packet attack b. DNS amplification attack c. SYN spoofing attack d. basic flooding attach
A ___ triggers a bug in the system's network handling software causing it to crash and the system can no longer communicate over the network until this software is reloaded
a. echo b. flash flood c. reflection d. poison packet
A characteristic of reflection attack is the lack of ___ traffic
a. three-way b. backscatter c. botnet d. network
___ bandwidth attacks attempt to take advantage of the disproportionally large resource consumption at a server
a. application based b. amplification c. random d. system based
___ relates to the capacity of the network links connecting a server to the wider Internet
a. directed broadcast b. application resource c. network bandwidth d. system payload
Using forged source address is known as ___
a. directed broadcast b. source address spoofing c. random dropping d. a three-way address
b. source address spoofing
___ is a text-based protocol with a syntax similar to that of HTTP
a. RIP b. DIP c. HIP d. SIP
TCP uses
the ___ to establish a connection
a. directed broadcast b. SYN cookie c. zombie d. three-way handshake
True or false?
The primary purpose of an IDS is to detect intrusions, log suspicious events, and send alerts
True or false?
The IDS component responsible for collecting data is the user interface
True or false?
Anomaly detection is effective against misfeasors
True or false?
Those who hack into computers do so for the thrill of it or for status
True or false?
Activists are either individuals or members of an organized crime group with a goal of financial reward
True or false?
An intruder can also be refereed to as a
hacker or cracker
True or false?
Intruders typically use steps from a common attack methodology
True or false?
Signature-based approaches attempt to define normal, or expected, behavior, whereas anomaly approaches attempt to define proper behavior
True or false?
Intrusion detection is based on the assumption that the
behavior of the intruder differs from that of a legitimate user is ways that can be quantified
True or false?
Running a packet sniffer on a workstation to capture usernames and passwords is an example of intrusion
The purpose of the ___ module is to collect data on security related events on the host and transmit these to the central manager
a. LAN monitor agent b. central
manager agent c. architecture agent d. host agent
A ___ monitors the characteristics of a single host and the events occurring with that host for suspicious activity
a. network-based IDS b. intrusion detection c. host-based IDS d. security intrusion
A ___ is a security event that constitutes a security incident in which an intruder gains access to a system without having
authorization to do so
a. criminal enterprise b. intrusion detection c. IDS d. security intrusion
A(n) ___ is a hacker with minimal technical skill who primarily uses existing attack toolkits
a. apprentice b. journeyman c. activist d. master
A(n) ___ event is an alert that is generated when the gossip traffic enable platform to conclude that an attack is under way
a. PEP
b. DDI c. IDEP d. IDME
___ is a document that describes the application level protocol for exchanging data between intrusion detection entities
a. RFC 4787 b. RFC 4766 c. RFC 4764 d. RFC 4765
___ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder
a. profile based-detection b. signature detection
c. threshold detection d. anomaly detection
A ___ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity
a. network based IDC b. host based IDS c. security intrusion d. intrusion detection
The ___ module analyzes LAN traffic and report the results to the central manager
a.
architecture agent b. host agent c. central manager agent d. LAN monitor agent
___ involves the collection of data relating to the behavior of legitimate users over a period of time
a. anomaly detection b. profile based detection c. signature detection d. threshold detection
A(n) ___ is inserted into a network segment so that the traffic that it is monitoring must pass through
the sensor
a. LAN sensor b. inline sensor c. analysis sensor d. passive sensor
The ___ is responsible for determining if an intrusion has occurred
a. host b. user interface c. sensor d. analyzer
The __ is the ID component that analyzes the data collected by the sensor for signs of unauthorized of undesired activity or for events that might be interest to the security
administrator
a. analyzer b. sensor c. data source d. operator
___ are either individuals or members of a larger group of outside attackers who are motivated by social or political causes
a. others b. cyber criminals c. activists d. state-sponsored organizations
The rule ___ tells Snort what to do when it finds a packet that matches the rule criteria
a. direction b.
action c. destination port d. protocol
True or false?
A packet filtering firewall is typically configured to filter packets going in both directions
True or false?
A DMZ is one of the internal firewalls protecting the bulk of the enterprise network
True or false?
The countermeasure to tiny fragment attacks is to
discard packets with an inside course address if the packet arrives on an external interface
True or false?
One disadvantage of a packet filtering firewall is its simplicity
True or false?
The prime disadvantage of an application-level gateway is the additional overhead on each connection
True or false?
A firewall
can serve as the platform for IPSec
True or false?
The firewall can protect against attacks that bypass the firewall
True or false?
The firewall may be a single computer system or set of two or more systems that cooperate to perform the firewall function
True or false?
The primary role of the personal firewall is
to deny unauthorized remote access to the computer
True or false?
A traditional packet filter makes filtering decisions on an individual packet basis and does not take in consideration any higher layer context
A ___ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control
a. distributed firewall b.
stateful inspection firewall c. packet filtering firewall d. personal firewall
___ control determines the types of Internet services that can be accessed, inbound our outbound
a. behavior b. user c. service d. direction
___ control controls access to a service according to which user is attempting to access it
a. user b. service c. behavior d. direction
A ___ gateway sets up two TCP connections, one between itself and a TCP user on inner host and one between itself and a TCP user on an outside host
a. application level b. circuit level c. stateful inspection d. packet filtering
___ control controls how particular services are used
a. user b. behavior c. direction d. service
___
control determines the direction in which particular service requests may be initiated and allowed to flow through the firewall
a. user b. direction c. behavior d. service
Typically, the system in the ___ require or foster external connectivity such a corporate web site, email server, or a DSN server
a. DMZ b. VPN c. boundary firewall d. IP protocol field
A ___ consists of a
set of computers that interconnect by means of a relatively unsecure network and makes user of encryption and special protocols to provide security
a. proxy b. UTM c. stateful inspection firewall d. VPN
The ___ defines the transport protocol
a. interface b. source IP address c. destination IP address d. IP protocol field
An example of circuit-level gateway implementation
is the ___ package
a. SMTP b. application level c. SOCKS d. stateful inspection
True or false?
IT security management consists of first determining a clear view of an organization's IT security objective and general risk profile
True or false?
IT security management has evolved considerably over the last few decades due to the rise in risks to networked systems
True or false?
Organizational security objectives identify what IT security outcomes should be achieved
True or false?
Detecting and reacting to incidents is not a function of IT security management
True or false?
IT security needs to be a key part of an organization's overall management plan
True or false?
Once the IT management process is in place and working the process never needs to be repeated
A ___ is anything that might hinder or prevent an asset from providing appropriate levels of the key security services
a. control b. threat c. risk d. vulnerability
The ___ has revised and consolidated a number of national and
international standard into a consensus of best practice
a. CSI b. ISO c. VSM d. DBI
The purpose of ___ is to determine the basic parameters within which the risk assessment will be conducted and then to identify the assets to be examined
a. control b. establishing the contect c. combing d. risk avoidance
b. establishing the context
The ___ approach involved conducting a risk analysis for the organization's IT systems that exploits the knowledge and expertise of the individuals performing the analysis
a. informal b. baseline c. combined d. detailed
The intent of the ___ is to provide a clear overview of how an organization's IT infrastructure supports its overall business
objectives
a. risk register b. threat assessment c. corporate security policy d. vulnerability source
c. corporate security policy
___ ensures that critical assets are sufficiently protected in a cost-effective manner
a. IT risk implementations b. IT security management c. IT discipline d. IT control
b. IT security management
___ is choosing to accept a risk level greater than normal for business reasons
a. risk transfer b. reducing likelihood c. risk avoidance d. risk acceptance
The advantages of the ___ approach are that it doesn't require the expenditure of additional resources in conducting a more formal risk assessment and
the same measure can be replicated over a range of systems
a. informal b. combined c. detailed d. baseline
___ specification indicated the impact of the organization should be particular threat in question actually eventuate
a. consequence b. threat c. risk d. likelihood
___ include management, operational, and technical processes and procedure that act to reduce the exposure
of the organization to some risks by reducing the ability of a threat source to exploit some vulnerabilities
a. risk controls b. none of these c. risk appetite d. security controls
The results of the risk analysis should be documented in a ___
a. journal b. risk register c. consequence d. none of these