Corporate Computer Security 4th Edition

Total software reinstallation effectively addresses data loss. Answer: FALSE FALSE FALSE The most common attack against a wireless network is a wireless DoS attack. Answer: FALSE FALSE FALSE Under current U.S. federal laws, if a company allows personal information to be stolen, it may be subject to government fines. Answer: TRUE TRUE TRUE Website defacement occurs when attackers take over a computer

If a PC fails its initial NAC health assessment, it may be ________. A) refused access B) allowed to go to a remediation server and other nonsensitive resources C) Either A or B D) Neither A nor B Answer: A A A ________ is the destruction of hardware, software, or data. A) Sabotage B) Hacking C) Extortion D) Denial of Service Answer: A A A Which

The Microsoft Windows Server interface looks like the interface in ________. A) client versions of Microsoft Windows B) UNIX C) Both A and B D) Neither A nor B Answer: A A A Allowing an attacker to continue working in a system after the attack has been discovered ________. A) may allow the company to collect evidence for prosecution B)

Border management ________. A) is no longer important because there are so many ways to bypass borders B) is close to a complete solution to access control C) Both A and B D) Neither A nor B Answer: D D D What protection can a firm provide for people in the event of an emergency? A) Not allowing people

The most common form of deletion in Windows-based systems is nominal deletion. Answer: TRUE TRUE TRUE Trade secret theft can occur through interception, hacking, and other traditional cybercrimes. Answer: TRUE TRUE TRUE Incident response is defined as reacting to incidents according to plan. Answer: TRUE TRUE TRUE Users usually must click on malicious links in order to execute them. Answer: TRUE TRUE TRUE Backing up data

A(n) ________ is defined as an attack that comes before fixes are released. A) exploit B) zero-day attack C) worm D) anomaly attack Answer: B B B ________ ciphers leave letters in their original positions. A) Transposition B) Substitution C) Both A and B D) Neither A nor B Answer: B B B ________ allows for very recent file changes to be restored. A) Shadowing B) File backup C)

Misappropriation of assets is an example of employee financial theft. Answer: TRUE TRUE TRUE The first task in establishing a cryptographic system is selecting a cryptographic system standard for the dialogue. Answer: TRUE TRUE TRUE When a hashing algorithm is applied, the hash will ALWAYS have a fixed length. Answer: TRUE TRUE TRUE In hacking, the perpetrator tries to obtain money or other

Flooding the frequency of a wireless network is one method attackers use to affect the network. Answer: TRUE TRUE TRUE Security tends to impede functionality. Answer: TRUE TRUE TRUE Vulnerability testing typically is not outsourced. Answer: FALSE FALSE FALSE CLIs usually are easier to learn than GUIs. Answer: FALSE FALSE FALSE You can quickly assess the general security posture of your Windows Vista PC by using the

The attacker sends a mal-formed TCP segment. The victim host sends back a TCP RST message. This exchange verifies that the victim host exists and has a certain IP address. Answer: TRUE TRUE TRUE Prosecuting attackers in other countries is relatively straightforward under existing computer crime laws. Answer: FALSE FALSE FALSE Mobile code usually is contained in webpages.

Firewall appliances need little or no hardening before they are installed. Answer: TRUE TRUE TRUE File/directory data backup copies data, programs, configurations, and registry settings. Answer: FALSE FALSE FALSE Different honest people can make different ethical decisions in a given situation. Answer: TRUE TRUE TRUE Programmers can trust user input if the person is strongly authenticated. Answer: FALSE FALSE FALSE Attackers cannot use IP address spoofing

Botnets usually have multiple owners over time. Answer: TRUE TRUE TRUE Wireless attacks avoid the access points to limit detection. Answer: FALSE FALSE FALSE In authentication, the party trying to provide its identity to the other party is called the applicant. Answer: FALSE FALSE FALSE Scripts do not have the ability to permanently change your computer registry. Answer: FALSE FALSE FALSE If a PC user has

In this book, when internet is spelled with a capital I, it means the global Internet. Answer: TRUE TRUE TRUE Backed-up data must be physically stored on something. Answer: TRUE TRUE TRUE You have access to your home page on a server. By accident, you discover that if you hit a certain key, you can get into someone

To outsource some security functions, a firm can use an MISP. Answer: FALSE FALSE FALSE After access is granted to a network, many NACs continue to monitor network PCs. Answer: TRUE TRUE TRUE Antivirus protections may be deliberately turned off by users. Answer: TRUE TRUE TRUE There is a legitimate reason for systems administrators to crack user passwords. Answer: TRUE TRUE TRUE The goal of IT

Because fingerprint scanning is often deceived, it should never be used as a security measure. Answer: FALSE FALSE FALSE In benefits, costs and benefits are expressed on a per-year basis. Answer: TRUE TRUE TRUE Incremental and full backups may be restored out of order in which they were created. Answer: FALSE FALSE FALSE Attackers rarely use IP address spoofing to conceal their

Most cookies are dangerous. Answer: FALSE FALSE FALSE SIP identity protocols are common on IP telephones. Answer: TRUE TRUE TRUE When assigning initial permissions, it is good to add more permissions than strictly necessary and then remove permissions if appropriate. Answer: FALSE FALSE FALSE Backup onto another hard drive is a very slow method of backup. Answer: FALSE FALSE FALSE DRM restricts what people can do

A technical security architecture should be created ________. A) annually B) before a firm creates individual countermeasures C) before a firm creates a specific countermeasure D) after each major compromise Answer: B B B Prosecutors initiate legal proceedings in ________ cases. A) civil B) criminal C) Both A and B D) Neither A nor B Answer: B B B In IM, all messages pass through a

When you use your mobile firm to surf the Internet, it is a host. Answer: TRUE TRUE TRUE EAP uses RADIUS for authentication. Answer: FALSE FALSE FALSE On a compromised computer, if you mistype the name of a URL, you may be taken to a malicious website even if you set your browser security to high. Answer: TRUE TRUE TRUE Antivirus servers can

Generally speaking, vendors use similar mechanisms for downloading and installing patches. Answer: FALSE FALSE FALSE Focusing electronic attacks on specific high-value targets is known as promiscuous attacks. Answer: FALSE FALSE FALSE Social engineering is rarely used in hacking. Answer: FALSE FALSE FALSE A false acceptance occurs when a person is improperly matched to a template. Answer: TRUE TRUE TRUE Policies should not require that backup data

In internets, different networks are connected by ________. A) switches B) routers C) Both A and B D) Neither A nor B Answer: B B B The ________ collects event data and stores them in log files on the monitoring devices. A) manager B) agent C) Both A and B D) Neither A nor B Answer: B B B What protection do cryptographic systems provide on

Another name for data is raw facts. Answer: TRUE TRUE TRUE SPI filtering for packets that are part of ongoing communications is usually simple. Answer: TRUE TRUE TRUE DoS attacks against VoIP can be successful even if they increase latency only slightly. Answer: TRUE TRUE TRUE Training users what not to put into e-mail messages is the most effective method of avoiding

A ________ server gives an original host the IP address of another host to which the original host wishes to send packets. A) DHCP B) DNS C) Both A and B D) Neither A nor B Answer: B B B When risk analysis deals with costs and benefits that vary by year, the computations should use ________. A) NPV B)

In order to be considered strong today, a symmetric encryption key must be at least ________ bits long. A) 6 B) 8 C) 100 D) 1,000 Answer: C C C Integrated log files ________. A) tend to have problems with format incompatibilities B) tend to have time synchronization problems C) Both A and B D) Neither A nor B Answer: C C C In a firm,

A network administrator notices extensive damage to wireless packets. This might indicate a ________ attack. A) man-in-the-middle B) SYN/ACK C) DoS flood attack D) None of the above Answer: C C C Regarding retention policies, firms need to ________. A) implement strong and clear backup policies B) specify how long data will be retained C) ensure implementation is compliant with policies