CS 18914 | Course Paper

Unlock access to all the studying documents.

View Full Document

________ can include computer viruses, Trojan horse programs, worms, exploit scripts,

and toolkits.

A. Artifacts

B. Vulnerabilities

C. CSIRT

D. Constituencies

A __________ is directed at the user file at the host where passwords, token passcodes,

or biometric templates are stored.

A. eavesdropping attack

B. client attack

C. denial-of-service attack

D. host attack

________ is a method for minimizing exposure of individual information while

enabling continuous analysis of potentially interconnected data.

A. Immutable audit

B. Selective revelation

C. Associative memory

D. Anonymization

Personal effects, moveable property and goods, such as cars, bank accounts, wages,

securities, a small business, furniture, insurance policies, jewelry, patents, and pets are

all examples of _________.

A. intellectual property

B. real property

C. personal property

D. cyber property

_________ identifies the level of auditing, enumerates the types of auditable events,

and identifies the minimum set of audit-related information provided.

A. Event selection

B. Data generation

C. Automatic response

D. Audit analysis

The security classification for a restricted area containing a security interest is _____.

A. controlled

B. exclusion

C. unrestricted

D. limited

________ is a function that removes specific identifying information from query

results, such as last name and telephone number, but creates some sort of unique

identifier so that analysts can detect connections between queries.

A. Anonymization

B. Data transformation

C. Immutable audit

D. Selective revelation

The basic building block of a __________ is a table of data, consisting of rows and

columns, similar to a spreadsheet.

A. relational database

B. query set

C. DBMS

D. perturbation

The first step in deploying new systems is _________.

A. security testing

B. installing patches

C. planning

D. secure critical content

_______ is movement of data in a business process.

A. Provisioning

B. Workflow automation

C. Revocation

D. Initialization

The objective of the ________ control category is to avoid breaches of any law,

statutory, regulatory, or contractual obligations, and of any security requirements.

A. access

B. asset management

C. compliance

D. business continuity management

An IT security plan should include details of _________.

A. risks

B. recommended controls

C. responsible personnel

D. all of the above

________ need training on the development of risk management goals, means of

measurement, and the need to lead by example in the area of security awareness.

A. Executives

B. Analysts

C. Managers

D. Trainers

_________ is a tool used to automatically identify potentially vulnerable programs.

A. Slamming

B. Sledding

C. Fuzzing

D. All of the above

With _________ the linking to shared library routines is deferred until load time so that

if changes are made any program that references the library is unaffected.

A. statically linked shared libraries

B. dynamically linked shared libraries

C. system linked shared libraries

D. all of the above

_________ control determines the direction in which particular service requests may be

initiated and allowed to flow through the firewall.

A. Behavior

B. User

C. Direction

D. Service

For general-purpose stream-oriented transmission you would typically use _______

mode.

A. CTR

B. CFB

C. ECB

D. CBC

__________ scans for attack signatures in the context of a traffic stream rather than

individual packets.

A. Pattern matching

B. Protocol anomaly

C. Traffic anomaly

D. Stateful matching

A wireless client can be _______.

A. a cell phone

B. a Wi-Fi enabled laptop

C. a Bluetooth device

D. all of the above

Severe messages, such as immediate system shutdown, is a(n) _____ severity.

A. alert

B. emerg

C. crit

D. warning

The most widely used encryption scheme is based on the _________ adopted in 1977

by the National Bureau of Standards.

A. AES

B. 3DES

C. CES

D. DES

A flaw or weakness in a system’s design, implementation, or operation and management

that could be exploited to violate the system’s security policy is a(n) __________.

A. countermeasure

B. adversary

C. vulnerability

D. risk

An end user who operates on database objects via a particular application but does not

own any of the database objects is the __________.

A. application owner

B. end user other than application owner

C. foreign key

D. administrator

_______ facilities include electrical power, communication services, and environmental

controls such as heat and humidity.

A. Supporting

B. Information

C. Physical

D. All of the above

_______ controls focus on security policies, planning, guidelines, and standards that

influence the selection of operational and technical controls to reduce the risk of loss

and to protect the organization’s mission.

A. Management

B. Technical

C. Preventative

D. Supportive

__________ assures that individuals control or influence what information related to

them may be collected and stored and by whom and to whom that information may be

disclosed.

A. Availability

C. System Integrity

B. Privacy

D. Data Integrity

The unit of data exchanged between two peer MAC entities using the services of the

physical layer is a(n) ____________.

A. extended service set

B. MPDU

C. MSDU

D. station

A(n) __________ is any entity that has station functionality and provides access to the

distribution system via the wireless medium for associated stations.

A. ESS

B. access point

C. distribution system

D. MPDU

Combined one byte at a time with the plaintext stream using the XOR operation, a

__________ is the output of the pseudorandom bit generator.

A. keystream

B. digital signature

C. secure hash

D. message authentication code

_______ controls are pervasive, generic, underlying technical IT security capabilities

that are interrelated with, and used by, many other controls.

A. Preventative

B. Supportive

C. Operational

D. Detection and recovery

At the top level of the group key hierarchy is the ___________.

A foreign key value can appear multiple times in a table.

Cryptographic hash functions generally execute faster in software than conventional

encryption algorithms such as DES.

The association service enables transfer of data between a station on an IEEE 802.11

LAN and a station on an integrated IEEE 802.x LAN.

A ________ occurs when multiple processes and threads compete to gain uncontrolled

access to some resource.

A number of widely used standard C _________ compound the problem of buffer

overflow by not providing any means of limiting the amount of data transferred to the

space available in the buffer.

A prime disadvantage of an application-level gateway is the additional processing

overhead on each connection.

High humidity does not pose a threat to electrical and electronic equipment as long as

the computer’s temperature stays within the optimal range.

An _______ condition occurs when the IS equipment receives less voltage than is

required for normal operation.

The relative lack of success in bringing cybercriminals to justice has led to an increase

in their numbers, boldness, and the global scale of their operations.

The firewall can protect against attacks that bypass the firewall.

Distributed firewalls protect against internal attacks and provide protection tailored to

specific machines and applications.

The default algorithms used for encrypting S/MIME messages are the triple DES and a

public-key scheme known as _______.

The _________ is inserted between the premises network and the Internet to establish a

controlled link and to erect an outer security wall or perimeter to protect the premises

network from Internet-based attacks.

Public-key cryptography is asymmetric.

A __________ is an individual to whom a debit card is issued.