Archives

__________ programming is a form of design intended to ensure the continuing function of a piece of software in spite of unforeseeable usage of the software. A __________ authentication system attempts to authenticate an individual based on his or her […]

___________ was the first published public-key algorithm. A. NIST B. Diffie-Hellman C. RC4 D. RSA The Common Criteria for Information Technology and Security Evaluation are ISO standards for specifying security requirements and defining evaluation criteria. Answer: T _________ attacks have […]

_______ is an XML-based language for the exchange of security information between online business partners. The countermeasure to tiny fragment attacks is to discard packets with an inside source address if the packet arrives on an external interface. Answer: F […]

Security flaws occur as a consequence of sufficient checking and validation of data and error codes in programs. A message authentication code is a small block of data generated by a secret key and appended to a message. Answer: T […]

A ______ is a word, name, symbol, or device that is used in trade with goods to indicate the source of the goods and to distinguish them from the goods of others. A. copyright B. patent C. trademark D. all […]

To structure the need for assurance the CC defines a scale for rating assurance consisting of _____ evaluation assurance levels ranging from the least rigor and scope for assurance evidence to the most. __________ code refers to programs that can […]

The ciphertext-only attack is the easiest to defend against. “Smashing the Stack for Fun and Profit” was a step by step introduction to exploiting stack-based buffer overflow vulnerabilities that was published in Phrack magazine by _________ . Answer: Aleph One […]

The 802.11i RSN security specification defines the following services: authentication, privacy with message integrity, and ________. The _________ model is aimed at commercial rather than military applications and closely models real commercial operations. Answer: Clark-Wilson (CWM) Update is not required […]

______ is UNIX’s general-purpose logging mechanism found on all UNIX variants and Linux. __________ defenses aim to detect and abort attacks in existing programs. Answer: Run-time If an organization is dependent on network services it should consider mirroring and ________ […]

Incident response is part of the ________ class of security controls. _________ is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management […]

The education and experience learning level provides the foundation for subsequent training by providing a universal baseline of key security terms and concepts. A __________ firewall controls the traffic between a personal computer or workstation on one side and the […]

An ABAC model can define authorizations that express conditions on properties of both the resource and the subject. Threats are attacks carried out. Answer: F Public-key algorithms are based on simple operations on bit patterns. Answer: F The SSL record […]

Management should conduct a ________ to identify those controls that are most appropriate and provide the greatest benefit to the organization given the available resources. A. cost analysis B. cost-benefit analysis C. benefit analysis D. none of the above Issued […]

________ audit trail traces the activity of individual users over time and can be used to hold a user accountable for his or her actions. __________ access control controls access based on the identity of the requestor and on access […]

Depending on the application, user authentication on a biometric system involves either verification or identification. Security implementation involves four complementary courses of action: prevention, detection, response, and _________. Answer: recovery The __________ is a pair of keys that have been […]

Unlike RSA, DSS cannot be used for encryption or key exchange. An intruder transmitting packets from the outside with a source IP address field containing an address of an internal host is known as IP address _________. Answer: spoofing __________ […]

A __________ is when a user views a Web page controlled by the attacker that contains a code that exploits the browser bug and downloads and installs malware on the system without the user’s knowledge or consent. The MAC service […]

_________ is the original message or data that is fed into the algorithm as input. A. Plaintext B. Encryption algorithm C. Decryption algorithm D. Ciphertext _________ is a program flaw that occurs when program input data can accidentally or deliberately […]

A __________ is any action that compromises the security of information owned by an organization. A. security mechanism B. security policy C. security attack D. security service _______ is a form of crime that targets a computer system to acquire […]

Most large software systems do not have security weaknesses. A very common configuration fault seen with Web and file transfer servers is for all the files supplied by the service to be owned by the same “user” account that the […]

It is not possible to spread a virus via an USB stick. Depending on the details of the overall authentication system, the registration authority issues some sort of electronic credential to the subscriber. Answer: F A DoS attack targeting application […]

The advantages of the _________ risk assessment approach are that it provides the most detailed examination of the security risks of an organization’s IT system and produces strong justification for expenditure on the controls proposed. A _________ value is named […]

__________ is a standardized language that can be used to define schema, manipulate, and query data in a relational database. Gaps, or __________ , are flagged in the MMU as illegal addresses, and any attempt to access them results in […]

The __________ approach to risk assessment aims to implement a basic general level of security controls on systems using baseline documents, codes of practice, and industry best practice. A(n) _________ is a weakness in an asset or group of assets […]

__________ controls access based on comparing security labels with security clearances. A. MAC B. DAC C. RBAC D. MBAC The wireless environment lends itself to a ______ attack because it is so easy for the attacker to direct multiple wireless […]

________ can include computer viruses, Trojan horse programs, worms, exploit scripts, and toolkits. A. Artifacts B. Vulnerabilities C. CSIRT D. Constituencies A __________ is directed at the user file at the host where passwords, token passcodes, or biometric templates are […]

The process of transforming input data that involves replacing alternate, equivalent encodings by one common value is called _________. ______ virtualization systems are typically seen in servers, with the goal of improving the execution efficiency of the hardware. Answer: Native […]

For general-purpose block-oriented transmission you would typically use _______ mode. A. CBC B. CTR C. CFB D. OFB A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources. A. […]

A ______ triggers a bug in the system’s network handling software causing it to crash and the system can no longer communicate over the network until this software is reloaded. A. echo B. reflection C. poison packet D. flash flood […]

Many security administrators view strong security as an impediment to efficient and user-friendly operation of an information system. The source of the attack is explicitly identified in the classic ping flood attack. Answer: T Many forms of infection can be […]

_________ is a specification for cryptographically signing e-mail messages, permitting a signing domain to claim responsibility for a message in the mail stream. Software is an example of real property. Answer: F An important aspect of a distributed firewall configuration […]

Noise along a power supply line, motors, fans, heavy equipment, microwave relay antennas, and other computers are all sources of _________. The __________ user ID is exempt from the usual file access control constraints and has system wide access. Answer: […]

A __________ attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. A(n) _________ may be granted to anyone who invents or discovers any new and useful process, machine, […]

Stream ciphers are far more common than block ciphers. A good technique for choosing a password is to use the first letter of each word of a phrase. Answer: T The three most important symmetric block ciphers are: 3DES, AES, […]

A servicemark is the same as a trademark except that it identifies and distinguishes the source of a service rather than a product. Operational controls range from simple to complex measures that work together to secure critical and sensitive data, […]