CS 92601 | Course Paper

Unlock access to all the studying documents.

View Full Document

Many security administrators view strong security as an impediment to efficient and

user-friendly operation of an information system.

The source of the attack is explicitly identified in the classic ping flood attack.

Many forms of infection can be blocked by denying normal users the right to modify

programs on the system.

In S/MIME each conventional key is used a total of three times.

The firewall may be a single computer system or a set of two or more systems that

cooperate to perform the firewall function.

Passwords installed by default are secure and do not need to be changed.

The legal and ethical aspects of computer security encompass a broad range of topics.

The implementation phase comprises not only the direct implementation of the controls,

but also the associated training and general security awareness programs for the

organization.

In the context of security our concern is with the vulnerabilities of system resources.

A cyberslam is an application attack that consumes significant resources, limiting the

server’s ability to respond to valid requests from

other users.

The IDS component responsible for collecting data is the user interface.

Every bot has a distinct IP address.

To implement a physical security program an organization must conduct a risk

assessment to determine the amount of resources to devote to physical security and the

allocation of those resources against the various threats.

The more critical a component or service, the higher the level of availability required.

Backup and archive processes are often linked and managed together.

Given sufficiently privileged access to the network handling code on a computer

system, it is difficult to create packets with a forged source

address.

Packet sniffers are mostly used to retrieve sensitive information like usernames and

passwords.

Signature-based approaches attempt to define normal, or expected, behavior, whereas

anomaly approaches attempt to define proper behavior.

Cryptanalytic attacks try every possible key on a piece of ciphertext until an intelligible

translation into plaintext is obtained.

Keyware captures keystrokes on a compromised system.

Data integrity assures that information and programs are changed only in a specified

and authorized manner.

User authentication is the fundamental building block and the primary line of defense.

A common location for a NIDS sensor is just inside the external firewall.

Flooding attacks take a variety of forms based on which network protocol is being used

to implement the attack.

The BLP model effectively breaks down when (untrusted) low classified executable

data are allowed to be executed by a high clearance (trusted) subject.

A virus that attaches to an executable program can do anything that the program is

permitted to do.

Many computer security vulnerabilities result from poor programming practices.

The National Bureau of Standards is now the National Institute of Standards and

Technology.

Intruders typically use steps from a common attack methodology.

Network-based intrusion detection makes use of signature detection and anomaly

detection.

For stream-oriented transmission over noisy channel you would typically use _______

mode.

A. ECB

B. CTR

C. OFB

D. CBC

A(n) __________ is a structured collection of data stored for use by one or more

applications.

A. attribute

B. database

C. tuple

D. inference

______ are resources that should be used as part of the system security planning

process.

A. Texts

B. Online resources

C. Specific system hardening guides

D. All of the above

A _________ monitors the characteristics of a single host and the events occurring

within that host for suspicious activity.

A. host-based IDS

B. security intrusion

C. network-based IDS

D. intrusion detection

__________ will integrate with the operating system of a host computer and monitor

program behavior in real time for malicious actions.

A. Fingerprint-based scanners

B. Behavior-blocking software

C. Generic decryption technology

D. Heuristic scanners

__________ is an organization that receives the encrypted data from a data owner and

makes them available for distribution to clients.

A. User

B. Client

C. Data owner

D. Server

An assault on system security that derives from an intelligent act that is a deliberate

attempt to evade security services and violate the security policy of a system is a(n)

__________.

A. risk

B. attack

C. asset

D. vulnerability

_________ is choosing to accept a risk level greater than normal for business reasons.

A. Risk avoidance

B. Reducing likelihood

C. Risk transfer

D. Risk acceptance

ESP supports two modes of use: transport and _________.

A. padding

B. tunnel

C. payload

D. sequence

The term “computer virus” is attributed to __________.

A. Herman Hollerith

B. Fred Cohen

C. Charles Babbage

D. Albert Einstein

Relative humidity should be maintained between ________ to avoid the threats from

both low and high humidity.

A. 20% and 80%

B. 40% and 60%

C. 50% and 50%

D. 30% and 70%

_______ is important as part of the directory service that it supports and is also a basic

building block used in other standards.

A. PKI

B. X.509

C. Kerberos

D. FIM

System conditions requiring immediate attention is a(n) _______ severity.

A. alert

B. err

C. notice

D. emert

SHA-1 produces a hash value of __________ bits.

A. 256

B. 160

C. 384

D. 180

Applications, especially applications with a certain level of privilege, present security

problems that may not be captured by system-level or user-level auditing data.

A(n) ________ event is an alert that is generated when the gossip traffic enables a

platform to conclude that an attack is under way.

A. PEP

B. DDI

C. IDEP

D. IDME

A(n) ________ is inserted into a network segment so that the traffic that it is monitoring

must pass through the sensor.

A. passive sensor

B. analysis sensor

C. LAN sensor

D. inline sensor

The _______ consists of two dates: the first and last on which the certificate is valid.

A. version

B. period of validity

C. extension

D. unique identifier

Using forged source addresses is known as _________.

A. source address spoofing

B. a three-way address

C. random dropping

D. directed broadcast

The ______ process retains copies of data over extended periods of time in order to

meet legal and operational requirements.

A. archive

B. virtualization

C. patching

D. backup

The _______ category is a transitional stage between awareness and training.

A. roles and responsibilities relative to IT systems

B. security basics and literacy

C. education and experience

D. security awareness

__________ data are data that may be derived from corporate data but that cannot be

used to discover the corporation’s identity.

A. Reference

B. Trust

C. Sanitized

D. MAC

__________ provide a means of adapting RBAC to the specifics of administrative and

security policies in an organization.

A. Constraints

B. Mutually Exclusive Roles

C. Cardinality

D. Prerequisites

The ______ attacks the ability of a network server to respond to TCP connection

requests by overflowing the tables used to manage such connections.

A. DNS amplification attack

B. SYN spoofing attack

C. basic flooding attack

D. poison packet attack

A program that is covertly inserted into a system with the intent of compromising the

integrity or confidentiality of the victim’s data is __________.

A. Adobe

B. Animoto

C. malware

D. Prezi

________ security provides perimeter security, access control, smoke and fire detection,

fire suppression, some environmental protection, and usually surveillance systems,

alarms, and guards.

A. Premises

B. Infrastructure

C. Logical

D. Physical

A restricted area within close proximity of a security interest has a classification of

______.

A. exclusion

B. controlled

C. limited

D. unrestricted

Eavesdropping and wiretapping fall into the ________ category.

A. theft

B. vandalism

C. misuse

D. unauthorized physical access

A _______ policy states that the company may access, monitor, intercept, block access,

inspect, copy, disclose, use, destroy, or recover using computer forensics any data

covered by this policy.

A. standard of conduct

B. unlawful activity prohibited

C. company rights

D. business use only

The _________ Model was developed for commercial applications in which conflicts of

interest can arise.

A. Biba

B. Clark-Wilson Integrity

C. Bell-Lapadula

D. Chinese Wall

A stack buffer overflow is also referred to as ___________ .

A. stack framing

B. stack smashing

C. stack shocking

D. stack running

“Incorrect Calculation of Buffer Size” is in the __________ software error category.

A. Porous Defenses

B. Allocation of Resources

C. Risky Resource Management

D. Insecure Interaction Between Components

Because serial numbers are unique within a CA, the serial number is sufficient to

identify the certificate.

Fixed server roles operate at the level of an individual database.

The basic audit objective is to establish accountability for system entities that initiate or

participate in security-relevant events and actions.

The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of

computing discrete logarithms.

Any action that threatens one or more of the classic security services of confidentiality,

integrity, availability, accountability, authenticity, and reliability in a system constitutes

a(n) ________.

Developed by IBM and refined by Symantec, the __________ provides a malware

detection system that will automatically capture, analyze, add detection and shielding,

or remove new malware and pass information about it to client systems so the malware

can be detected before it is allowed to run elsewhere.

“Failure to Preserve SQL Query Structure” is in the __________ CWE/SANS software

error category.

The right to seek civil recourse against anyone infringing his or her property is granted

to the ________.

A ____________ attack involves persuading a user and an access point to believe that

they are talking to each other when in fact the communication is going through an

intermediate attacking device.

_________ is the process of attempting to discover the plaintext or key.

An ADMD is an Internet e-mail provider.

The most powerful, and most common, approach to countering the threats to network

security is ________.

Replay, masquerade, modification of messages, and denial of service are example of

_________ attacks.

External devices such as firewalls cannot provide access control services.

With ___________ administration the owner (creator) of a table may grant and revoke

access rights to the table.

A ________ cipher processes the input one block of elements at a time, producing an

output block for each input block.

The assignment of responsibilities relating to the management of IT security and the

organizational infrastructure is not addressed in a corporate security policy.