COMP 60668 | Course Paper

Unlock access to all the studying documents.

View Full Document

_________ is the original message or data that is fed into the algorithm as input.

A. Plaintext

B. Encryption algorithm

C. Decryption algorithm

D. Ciphertext

_________ is a program flaw that occurs when program input data can accidentally or

deliberately influence the flow of execution of the program.

A. PHP attack

B. Format string injection attack

C. XSS attack

D. Injection attack

________ control controls access to a service according to which user is attempting to

access it.

A. User

B. Direction

C. Service

D. Behavior

A _________ is a virtual table.

A. tuple

B. query

C. view

D. DBMS

Security concerns that result from the use of virtualized systems include ______.

A. guest OS isolation

B. guest OS monitoring by the hypervisor

C. virtualized environment security

D. all of the above

A ___________ is a person or organization that maintains a business relationship with

cloud providers.

A. cloud consumer

B. cloud auditor

C. cloud carrier

D. cloud broker

_________ is an organization that produces data to be made available for controlled

release, either within the organization or to external users.

A. Client

B. Data owner

C. User

D. Server

_________ control determines the types of Internet services that can be accessed,

inbound or outbound.

A. Behavior

B. Direction

C. Service

D. User

Recognition by fingerprint, retina, and face are examples of __________.

A. face recognition

B. static biometrics

C. dynamic biometrics

D. token authentication

An example of __________ is an attempt by an unauthorized user to gain access to a

system by posing as an authorized user.

A. masquerade

B. repudiation

C. interception

D. inference

__________ defines user authentication as “the process of verifying an identity claimed

by or for a system entity”.

A. RFC 4949

B. RFC 2493

C. RFC 2298

D. RFC 2328

__________ looks for deviation from standards set forth in RFCs.

A. Statistical anomaly

B. Protocol anomaly

C. Pattern matching

D. Traffic anomaly

The implementation process is typically monitored by the organizational ______.

A. security officer

B. general counsel

C. technology officer

D. human resources

The final permission bit is the _________ bit.

A. superuser

B. kernel

C. set user

D. sticky

A ________ is a pattern composed of a sequence of characters that describe allowable

input variants.

A. canonicalization

B. race condition

C. regular expression

D. shell script

Memory cards store and process data.

In 2005, NIST announced the intention to phase out approval of _______ and move to a

reliance on the other SHA versions by 2010.

A. SHA-1

B. SHA-512

C. SHA-256

D. SHA-2

__________ implements a security policy that specifies who or what may have access

to each specific system resource and the type of access that is permitted in each

instance.

A. Audit control

B. Resource control

C. System control

D. Access control

An IT security ________ helps to reduce risks.

A. control

B. safeguard

C. countermeasure

D. all of the above

_______ includes destruction of equipment and data.

A. Misuse

B. Vandalism

C. Theft

D. Unauthorized physical access

If the analyst is able to get the source system to insert into the system a message chosen

by the analyst, then a ________ attack is possible.

A. known-plaintext

B. chosen-plaintext

C. chosen ciphertext

D. chosen text

The final form of the 802.11i standard is referred to as ________.

A. WEP

B. RSN

C. Wi-Fi

D. WPA

Maintaining and improving the information security risk management process in

response to incidents is part of the _________ step.

A. act

B. plan

C. check

D. do

The _________ approach involves conducting a risk analysis for the organization’s IT

systems that exploits the knowledge and expertise of the individuals performing the

analysis.

A. baseline

B. combined

C. detailed

D. informal

IPsec can assure that _________.

A. a router advertisement comes from an authorized router

B. a routing update is not forged

C. a redirect message comes from the router to which the initial packet was sent

D. all of the above

A loss of _________ is the unauthorized disclosure of information.

A. confidentiality

C. integrity

B. authenticity

D. availability

A ________ provides distribution channels, such as an online shop or a Web retailer.

A. content provider

B. distributor

C. consumer

D. clearinghouse

A __________ attack involves an adversary repeating a previously captured user

response.

A. client

B. Trojan horse

C. replay

D. eavesdropping

The function of the ________ layer is to control access to the transmission medium and

to provide an orderly and efficient use of that capacity.

A. CRC

B. MPDU

C. MAC

D. MSDU

__________ attacks are vulnerabilities involving the inclusion of script code in the

HTML content of a Web page displayed by a user’s browser.

A. PHP file inclusion

B. Mail injection

C. Code injection

D. Cross-site scripting

__________ is a procedure that allows communicating parties to verify that received or

stored messages are authentic.

A. Cryptanalysis

B. Decryption

C. Message authentication

D. Collision resistance

To counter XSS attacks a defensive programmer needs to explicitly identify any

assumptions as to the form of input and to verify that any input data conform to those

assumptions before any use of the data.

The ________ is the government agency that monitors the evaluation process.

A. sponsor

B. certifier

C. evaluator

D. developer

The purpose of the __________ algorithm is to enable two users to exchange a secret

key securely that can then be used for subsequent encryption of messages.

Awareness is used to explain the rules of behavior for using an agency’s information

systems and information and establishes a level of expectation on the acceptable use of

the information and information systems.

Key distribution can be achieved for two parties A and B by a third party selecting the

key and physically delivering it to A and B.

The IT security management process ends with the implementation of controls and the

training of personnel.

If both sender and receiver use the same key the system is referred to as asymmetric.

Programmers often make assumptions about the type of inputs a program will receive.

Since filtering needs to be done as close to the source as possible by routers or

gateways knowing the valid address ranges of incoming packets, an _______ is best

placed to ensure that valid source addresses are used in all packets from its customers.

Two types of countermeasures are appropriate to deal with eavesdropping: signal-hiding

techniques and ____________.

Organizational security policies identify what needs to be done.

Keylogging is a form of host attack.

The successful use of law enforcement depends much more on technical skills than on

people skills.

An authentication process consists of the _________ step and the verification step.

An example of a patent from the computer security realm is the RSA public-key

cryptosystem.

Basic access control systems typically define three classes of subject: owner,

__________ and world.

The key exchange protocol is vulnerable to a man-in-the-middle attack because it does

not authenticate the participants.

Perhaps the most widely used public-key algorithms are _________ and

Diffie-Hellman.

Network and host __________ monitor and analyze network and host activity and

usually compare this information with a collection of attack signatures to identify

potential security incidents.

In addition to granting and revoking access rights to a table, in a ___________

administration the owner of the table may grant and revoke authorization rights to other

users, allowing them to grant and revoke access rights to the table.

Program input data may be broadly classified as textual or ______.

During the __________ phase the virus is activated to perform the function for which it

was intended.