Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Most large software systems do not have security weaknesses.
A very common configuration fault seen with Web and file transfer servers is for all the
files supplied by the service to be owned by the same "user" account that the server
executes as.
A logic bomb is the event or condition that determines when the payload is activated or
delivered.
The concerns for wireless security, in terms of threats, and countermeasures, are
different to those found in a wired environment, such as an Ethernet LAN or a wired
wide-area network.
In addition to propagating, a worm usually carries some form of payload.
A denial-of-service attack is an attempt to compromise availability by hindering or
blocking completely the provision of some service.
MIME is an extension to the old RFC 822 specification of an Internet mail format.
A Trojan horse is an apparently useful program containing hidden code that, when
invoked, performs some harmful function.
The primary purpose of an IDS is to detect intrusions, log suspicious events, and send
alerts.
The default configuration for many operating systems usually maximizes security.
Access control is the central element of computer security.
Having all of the security functions and audit responsibilities reside in the same person
is a wise decision on the part of the organization.
Computer security is essentially a battle of wits between a perpetrator who tries to find
holes and the administrator who tries to close them.
Availability assures that systems works promptly and service is not denied to authorized
users.
A SIP flood attack exploits the fact that a single INVITE request triggers considerable
resource consumption.
Manual analysis of logs is a reliable means of detecting adverse events.
Symmetric encryption is used primarily to provide confidentiality.
Ideally new systems should be constructed on an unprotected network in order to
prevent installation restrictions.
X.800 architecture was developed as an international standard and focuses on security
in the context of networks and communications.
Computer technology has involved the creation of new types of entities for which no
agreed ethical rules have previously been formed.
Buffer overflow attacks are one of the most common attacks seen.
To ensure that a suitable level of security is maintained, management must follow up
the implementation with an evaluation of the effectiveness of the security controls.
The best defense against being an unwitting participant in a DDoS attack is to prevent
your systems from being compromised.
The attacker needs access to a high-volume network connection for a SYN spoof attack.
Metamorphic code is software that can be shipped unchanged to a heterogeneous
collection of platforms and execute with identical semantics.
SYN-ACK and ACK packets are transported using IP, which is an unreliable network
protocol.
Slowloris is a form of ICMP flooding.
Running a packet sniffer on a workstation to capture usernames and passwords is an
example of intrusion.
Symmetric encryption is also referred to as secret-key or single-key encryption.
The addition of multilevel security to a database system does not increase the
complexity of the access control function.
Reflector and amplifier attacks use compromised systems running the attacker's
programs.
The BLP model includes a set of rules based on abstract operations that change the state
of the system.
Shellcode must be able to run no matter where in memory it is located.
The approach taken by Kerberos is using authentication software tied to a secure
authentication server.
Problems with providing strong computer security involve only the design phase.
The role of physical security is affected by the operating location of the information
system, which can be characterized as ______ .
A. static
B. portable
C. mobile
D. all of the above
Performing regular backups of data on a system is a critical control that assists with
maintaining the integrity of the system and user data.
The basic tool that permits widespread use of S/MIME is ________.
A. the domain key
B. the public-key certificate
C. the MIME security payload
D. radix-64
_______ is a benefit of security awareness, training, and education programs to
organizations.
A. Improving employee behavior
B. Increasing the ability to hold employees accountable for their actions
C. Mitigating liability of the organization for an employee's behavior
D. All of the above
Security auditing can:
A. provide data that can be used to define anomalous behavior
B. maintain a record useful in computer forensics
C. generate data that can be used in after-the-fact analysis of an attack
D. all of the above
________ is explicitly required for all employees.
A. Security awareness
B. Education and experience
C. Security basics and literacy
D. Roles and responsibilities relative to IT systems
________ requires that a user prove his or her identity for each service invoked and,
optionally, requires servers to prove their identity to clients.
A. FIM
B. Kerberos
C. X.509
D. PKI
S/MIME content-types support four new functions: enveloped data, __________,
clear-signed data, and signed and enveloped data.
_____ defines a number of content formats, which standardize representations for the
support of multimedia e-mail.
A. MEM
B. MIME
C. MSC
D. DKIM
The objective of the ________ control category is to counteract interruptions to
business activities and to protect critical business processes from the effects of major
failures of information systems or disasters and to ensure their timely resumption.
A. asset management
B. business continuity management
C. information security incident management
D. physical and environmental security
IT security management functions include:
A. determining organizational IT security objectives, strategies, and policies
B. detecting and reacting to incidents
C. specifying appropriate safeguards
D. all of the above
The results of the risk analysis should be documented in a _________.
A. journal
B. consequence
C. risk register
D. none of the above
A wireless access point is a _______.
A. cell tower
B. Wi-Fi hot spot
C. wireless access point to a LAN or WAN
D. all of the above
_________ are a collection of string values inherited by each process from its parent
that can affect the way a running process behaves.
A. Deadlocks
B. Privileges
C. Environment variables
D. Race conditions
CERT stands for ___________.
A. Computer Error Response Team
B. Compliance Error Repair Technology
C. Computer Emergency Response Team
D. Compliance Emergency Response Technology
A principal element of an identity management system is _______.
A. workflow automation
B. delegated administration
C. authentication
D. all of the above
Presenting or generating authentication information that corroborates the binding
between the entity and the identifier is the ___________.
A. identification step
B. authentication step
C. verification step
D. corroboration step
The _______ is a hardware module that is at the heart of a hardware/software approach
to trusted computing.
A. BLP
B. TC
C. CC
D. TPM
A _________ is a security event that constitutes a security incident in which an intruder
gains access to a system without having authorization to do so.
A. intrusion detection
B. IDS
C. criminal enterprise
D. security intrusion
A buffer _________ is a condition at an interface under which more input can be placed
into a buffer or data holding area than the capacity allocated, overwriting other
information.
A. overflow
B. overrun
C. overwrite
D. all of the above
A _________ protects against an attack in which one party generates a message for
another party to sign.
A. data authenticator
B. strong hash function
C. weak hash function
D. digital signature
________ controls focus on the response to a security breach, by warning of violations
or attempted violations of security policies.
A. Technical
B. Preventative
C. Detection and recovery
D. Management
________ threats are specifically designed to overcome prevention measures and seek
the most vulnerable point of attack.
A. Human-caused
B. Technical
C. EMI
D. Environmental
The _________ scheme has reigned supreme as the most widely accepted and
implemented approach to public-key encryption.
A. SHA-1
B. HMAC
C. MD5
D. RSA
The ________ is a module on a centralized system that collects audit trail records from
other systems and creates a combined audit trail.
A. audit dispatcher
B. audit analyzer
C. audit trail collector
D. audit provider
Modifying the system's TCP/IP network code to selectively drop an entry for an
incomplete connection from the TCP connections table when it overflows, allowing a
new connection attempt to proceed is _______.
A. poison packet
B. slashdot
C. backscatter traffic
D. random drop
The most important changes needed to improve system security are to ______.
A. disable remotely accessible services that are not required
B. ensure that applications and services that are needed are appropriately configured
C. disable services and applications that are not required
D. all of the above
The specification of a protocol, along with the chosen key length, is known as a ___.
A. distribution set
B. open system
C. cipher suite
D. realm
__________ is verification that the credentials of a user or other system entity are valid.
A. Adequacy
B. Authentication
C. Authorization
D. Audit
The ________ has revised and consolidated a number of national and international
standards into a consensus of best practice.
A. ISO
B. CSI
C. VSB
D. DBI
The _______ is the ID component that analyzes the data collected by the sensor for
signs of unauthorized or undesired activity or for events that might be of interest to the
security administrator.
A. data source
B. sensor
C. operator
D. analyzer
The __________ is when the virus function is performed.
A. dormant phase
B. propagation phase
C. triggering phase
D. execution phase
The ________ control the manner by which a subject may access an object.
A. security classes
B. security classifications
C. security clearances
D. security properties
The purpose of a __________ is to produce a "fingerprint" of a file, message, or other
block of data.
A. secret key
B. digital signature
C. keystream
D. hash function
_________ is a formal process to ensure that critical assets are sufficiently protected in
a cost-effective manner.
A. Configuration management control
B. IT security management
C. Detection and recovery control
D. Security compliance
Initialization begins the process of enrolling in a PKI.
A(n) ________ is any file or object found on a system that might be involved in
probing or attacking systems and networks or that is being used to defeat security
measures.
A(n) _________ assessment is periodically assessing the risk to organizational
operations, organizational assets, and individuals, resulting from the operation of
organizational information systems and the associated processing, storage, or
transmission or organizational information.
In a relational database columns are referred to as _________.
__________ is one of the best known protection mechanisms that is a GCC compiler
extension that inserts additional function entry and exit code.
The three types of patents are: utility patents, design patents, and ________.
To emphasize the importance of security awareness, an organization should have a
security awareness policy document that is provided to all employees.
The _________ model provides a predefined environment for the cloud subscriber that
is shared with other tenants, typically through tagging data with a subscriber identifier.
According to ISO 27002, the person(s) carrying out the audit should be independent of
the activities audited.
Four possible approaches to attacking the RSA algorithm are: brute force, timing
attacks, _________ attacks, and chosen ciphertext attacks.
The __________ step is presenting or generating authentication information that
corroborates the binding between the entity and the identifier.
A firewall can serve as the platform for IPSec.
Computer attacks are considered crimes but do not carry criminal sanctions.
The __________ service is responsible for booting the entire operating system in stages
and assuring that each portion of the OS, as it is loaded, is a version that is approved for
use.
________ physical threats are more difficult to deal with than environmental and
technical threats.
Even though it is a high-level programming language, Java still suffers from buffer
overflows because it permits more data to be saved into a buffer than it has space for.
A ___________ overflow occurs when the targeted buffer is located on the stack,
usually as a local variable in a function's stack frame.
A(n) _________ is a threat that is carried out and, if successful, leads to an undesirable
violation of security, or threat consequence.
_________ is a form of auditing that focuses on the security of an organization's IS
assets.
