473) Developed by IBM and refined by Symantec, the __________ provides a malware detection system that will automatically capture, analyze, add detection and shielding, or remove new malware and pass information about it to client systems so the malware can be detected before it is allowed to run elsewhere > Intrusion Prevention System (IPS) > Firewall > Encryption tool v digital immune system > Rootkit 342) In a a __________ attack the slave zombies construct packets requiring a response that contains the target's IP address as the source IP address in the packet's IP header. These packets are sent to uninfected machines that respond with packets directed at the target machine Select one: v reflector DDoS > blended > internal resource > direct DDoS 302) ____________detection involves the collection of data relating to the behavior of legitimate users over a period of time. Statistical tests are applied to observed behavior to determine with a high level of confidence whether that behavior is not legitimate user behavior > Signature-based v Statistical anomaly > Heuristic > Machine learning 469) A __________ is when a user views a Web page controlled by the attacker that contains a code that exploits the browser bug and downloads and installs malware on the system without the user's knowledge or consent > Phishing attack v drive-by-download > Cross-site scripting (XSS) > Denial of Service (DoS) attack > Social engineering attack 311) The ________ is an audit collection module operating as a background process on a monitored system whose purpose is to collect data on security related events on the host and transmit these to the central manager Select one: > central manager module v host agent module > intruder alert module > LAN monitor agent module 826) A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken Select one: > protocol > attavk v countermeasure > adversary 441) _________ attacks can occur in a binary buffer copy when the programmer has included code to check the number of bytes being transferred, but due to a coding error, allows just one more byte to be copied than there is space available > SQL injection v off-by-one > Cross-site scripting (XSS) > Integer overflow 1145) the __________ approach is unsuitable for a connectionless type of application because it requires the overhead of a handshake before any connectionless transmission, effectively negating the chief characteristic of a connectionless transaction. > timestamp > backward reply v challenge-response > replay 416) A buffer _________ is a condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information > underflow/underrun/underwrite v overflow/overrun/overwrite > bypass/overwrite/override > breach/infiltration/compromise 417) A consequence of a buffer overflow error is __________ > loss of data connectivity and communication v corruption of data used by the program, unexpected transfer of control int he program, and possible memory access violation > system shutdown and restart > network congestion and slow performance 286) The _________ is the predefined formally documented statement that defines what activities are allowed to take place on an organization's network or on particular hosts to support the organization's requirements > incident response plan > access control list v security policy > encryption protocol 88) Because of the opportunities for parallel execution in __________ mode, processors that support parallel features, such as aggressive pipelining, multiple instruction dispatch per clock cycle, a large number of registers, and SIMD instructions can be effectively utilized > CBC v CTR > CFB > ECB 439) __________ is one of the best known protection mechanisms that is a GCC compiler extension that inserts additional function entry and exit code > Address Space Layout Randomization (ASLR) > Data Execution Prevention (DEP) > Control Flow Integrity (CFI) v stackguard > Stack smashing protection 474) __________ technology is an anti-virus approach that enables the anti-virus program to easily detect even the most complex polymorphic viruses and other malware, while maintaining fast scanning speeds > Encryption key v Generic decryption > Firewall > Intrusion Detection System (IDS) 344) Unlike heuristics or fingerprint based scanners,the _________ integrates with the operating system of a host computer and monitors program behavior in real time for malicious actions Select one: > mobile code > digital immune system > generic decryption v behavior blocking software 5) The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner v True > False 422) __________ can prevent buffer overflow attacks, typically of global data, which attempt to overwrite adjacent regions in the processes address space, such as the global offset table > secure coding practices v guard pages > encrypted tunnels > intrusion detection systems (IDS) 129) Assuming that Alice and Bob have each other?s public key. In order to establish a shared session key, Alice just needs to generate a random k, encrypt k using Bob?s public key, and send the encrypted k to Bob and then Bob will know he has a key shared with Alice > True v False 314) A ________ is used to measure the current value of some entity. Examples include the number of logical connections assigned to a user application and the number of outgoing messages queued for a user process Select one: v Gauge > Resource utilization > Counter > Interval timer 414) Traditionally the function of __________ was to transfer control to a user commandline interpreter, which gave access to any program available on the system with the privileges of the attacked program > Firewall v Shellcode > Antivirus software > Virtual private network (VPN) 284) The _________ (RFC 4766) document defines requirements for the Intrusion Detection Message Exchange Format (IDMEF) v Intrusion Detection Message Exchange Requirements > Network Security Protocol Standards > Firewall Configuration Best Practices > Data Encryption Algorithms 430) A __________ can occur as a result of a programming error when a process attempts to store data beyond the limits of a fixed-size buffer and consequently overwrites adjacent memory locations v buffer overflow > Null pointer dereference > Division by zero > Integer overflow 110) An encryption scheme is _________ if the cost of breaking the cipher exceeds the value of the encrypted information and/or the time required to break the cipher exceeds the useful lifetime of the information > vulnerable v computationally secure > unbreakable > reversible 277) __________ is a security service that monitors and analyzes system events for the purpose of finding, and providing real-time warning of attempts to access system resources in an unauthorized manner > Anti-virus software > Data encryption v Intrusion Detection > Firewall 404) The function of ________ was to transfer control to a user commandline interpreter,which gave access to any program available on the system with the privileges of the attacked program > Cryptographic hash function v Shellcode > Key exchange algorithm > Digital signature 444) In the classic __________ overflow, the attacker overwrites a buffer located in the local variable area of a stack frame and then overwrites the saved frame pointer and return address > Heap buffer overflow > Integer overflow > Format string vulnerability v stack buffer 113) "The input to the encryption algorithm is the XOR of the next 64 bits of plaintext and the preceding 64 bits of ciphertext" is a description of the ________ mode of operation > Stream Cipher (SC) > Counter (CTR) v Cipher Block Chaining (CBC) > Electronic Codebook (ECB) 512) Modifying the system's TCP/IP network code to selectively drop an entry for an incomplete connection from the TCP connections table when it overflows, allowing a new connection attempt to proceed is _______ > poison packet > slashdot > backscatter traffic v random drop 1120) the __________ mechanism assures that a received packet was in fact transmitted by the party identified as the source in the packet header and assures that the Packet has not been altered in transit. > confidentiality v authentication > security > key management 81) The output of the encryption function is fed back to the shift register in Output Feedback mode, whereas in ___________ the ciphertext unit is fed back to the shift register > Electronic Codebook mode > Cipher Block Chaining mode > Counter mode v Cipher Feedback mode 111) The _________ was issued as a federal information-processing standard and is intended to replace DES and 3DES with an algorithm that is more secure and efficient > Data Encryption Standard (DES) > Rivest Cipher 4 (RC4) > Blowfish v Advanced Encryption Standard (AES) 1170) The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords. > reactive password checking > computer-generated password > proactive password checking v user education 709) The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords > reactive password checking > proactive password checking > computer-generated password v user education 305) The simplest statistical test is to measure the _________ of a parameter over some historical period which would give a reflection of the average behavior and its variability Select one: v mean and standard deviation > Markoprocess > multivariate > time series 281) ________ detection techniques detect intrusion by observing events in the system and applying a set of rules that lead to a decision regarding whether a given pattern of activity is or is not suspicious v Signature > Statistical > Heuristic > Machine learning 429) Traditionally the function of __________ was to transfer control to a user command-line interpreter, which gave access to any program available on the system with the privileges of the attacked program > Ransomware > Spyware v shellcode > Rootkit > Keylogger 90) Both __________ produce output that is independent of both the plaintext and the ciphertext. This makes them natural candidates for stream ciphers that encrypt plaintext by XOR one full block at a time > CBC and ECB v OFB and CTR > ECB and OFB > CTR and CBC 322) The _________ prevents duplicate passwords from being visible in the password file. Even if two users choose the same password, those passwords will be assigned at different times Select one: > honeypot v salt > rule based intrusion detection > audit record 407) __________ can prevent buffer overflow attacks, typically of global data, which attempt to overwrite adjacent regions in the processes address space, such as the global offset table > Intrusion Prevention System (IPS) > Honeytokens v Guard pages > Captcha 54) A __________ uses macro or scripting code, typically embedded in a document and triggered when the document is viewed or edited, to run and replicate itself into other such documents > boot sector infector > file infector v macro virus > multipartite virus 509) In both direct flooding attacks and ______ the use of spoofed source addresses results in response packets being scattered across the Internet and thus detectable v SYN spoofing attacks > indirect flooding attacks > ICMP attacks > system address spoofing 316) A _________ is a legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges Select one: v Misfeasor > Emissary > Clandestine User > Masquerader 582) The __________ cloud infrastructure is a composition of two or more clouds that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability v hybrid > community > private > public 262) A ________ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity > host-based IDS > security intrusion v network-based IDS > intrusion detection 461) A __________ uses multiple methods of infection or propagation to maximize the speed of contagion and the severity of the attack > Man-in-the-middle attack > Social engineering attack v blended attack > Phishing attack > Denial of Service (DoS) attack 823) __________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed Select one: v Privacy > System Integrity > Avvailability > Data Integrity 279) Copying a database containing credit card numbers, viewing sensitive data without authorization, and guessing and cracking passwords are examples of _________ > firewall configuration v intrusion > network segmentation > vulnerability scanning 383) The function of ___________ was to transfer control to a user command-line interpreter, which gave access to any program available on the system with the privileges of the attacked program > stacking v shellcode > no-execute > memory management 60) __________ will integrate with the operating system of a host computer and monitor program behavior in real time for malicious actions > Fingerprint-based scanners v Behavior-blocking software > Generic decryption technology > Heuristic scanners 243) A _____ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity > Host-based IDS > Intrusion Prevention System > Firewal v Network-based IDS 273) The _______ is the ID component that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator > data source > sensor > operator v analyzer 834) ________ assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system Select one: > Data Integrity > Confidentiality > Availability v System Integrity 1140) ________ is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and that the source is authentic. > Identification v Message authentication > Verification > User authentication 502) The ______ attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections > DNS amplification attack v SYN spoofing attack > basic flooding attack > poison packet attack 16) __________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance > Audit control > Resource control > System control v Access control 1140) A (n)__________ uses a microcontroller, is not programmable once the program logic for the device has been burned into ROM, and has no interaction with a user. v deeply embedded system > constrained device > lattice device > embedded system 460) A _________ is a set of programs installed on a system to maintain covert access to that system with administrator (root) privileges while hiding evidence of its presence > Encryption tool > Spyware v rootkit > Firewall > Antivirus software 368) A buffer ____________ is a condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information > overwrite > overflow > overrun v all of these options 434) An essential component of many buffer overflow attacks is the transfer of execution to code supplied by the attacker and often saved in the buffer being overflowed. This code is known as _________ > Exploit v shellcode > Payload > Malware 326) _________ detection focuses on characterizing the past behavior of individual users or related groups of users and then detecting significant deviations Select one: > Threshold v Profile-based anomaly > Statistical anomaly > Action condition 89) __________ mode is suitable for parallel operation. Because there is no chaining, multiple blocks can be encrypted or decrypted simultaneously. Unlike CTR mode, this mode includes a nonce as well as a counter v XTS-AES > S-AES > 3DES > OFB 264) __________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder > Profile based detection v Signature detection > Threshold detection > Anomaly detection 241) The _____ is the IDS component that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator > Agent > Collector v Analyzer > Logger 345) _________ is a mass mailing e-mail worm that installs a backdoor in infected computers thereby enabling hackers to gain remote access to data such as passwords and credit card numbers Select one: > Sobig.f v Mydoom > Slammer > Code Red 339) _____technology enables the antivirus program to easily detect even the most complex polymorphic viruses while maintaining fast scanning speeds > File signature matching v Generic Decryption > Behavioral analysis > Heuristic scanning 347) _________ antivirus programs are memory resident programs that identify a virus by its actions rather than its structure in an infected program Select one: > First generation > Fourth generation > Second generation v Third generation 419) The function of ________ was to transfer control to a user command-line interpreter, which gave access to any program available on the system with the privileges of the attacked program > ransomware v shellcode > rootkit > keylogger 472) Countermeasures for malware are generally known as _________ mechanisms because they were first developed to specifically target virus infections > Firewall > Encryption tool > Rootkit v anti-virus > Intrusion Detection System (IDS) 433) "Smashing the Stack for Fun and Profit" was a step by step introduction to exploiting stack-based buffer overflow vulnerabilities that was published in Phrack magazine by _________ v Aleph One > L0phtcrack > Acid Burn > The Mentor 825) A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is a(n) __________ Select one: v vulnerability > countermeasure > risk > adversary 331) The _________ worm exploits a security hole in the Microsoft Internet Information Server to penetrate and spread to other hosts. It also disables the system file checker in Windows Select one: > Mydoom > Warezov > Slammer v Code Red 432) A ___________ overflow occurs when the targeted buffer is located on the stack, usually as a local variable in a function's stack frame > Heap buffer overflow > Global buffer overflow v stack buffer > Data section buffer overflow 84) The __________ method is ideal for a short amount of data and is the appropriate mode to use if you want to transmit a DES or AES key securely > cipher feedback mode > counter mode v electronic codebook mode > output feedback mode 303) A ________ is an individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection Select one: v Clandestine User > Mole > Masquerader > Misfeasor 300) What are possible locations for NIDS sensors? > inside the external firewall > between the external firewall and the Internet > before internal servers and database resources > before the workstation networks v All of the above 580) An end user who operates on database objects via a particular application but does not own any of the database objects is the __________ > application owner v end user other than application owner > foreign key > administrator 710) A __________ strategy is one in which the system periodically runs its own password cracker to find guessable passwords > user education > proactive password checking v reactive password checking > computer-generated password 154) ________ is a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key > Private key > Key exchange protocol v Key distribution technique > Public key 260) A _________ is a security event that constitutes a security incident in which an intruder gains access to a system without having authorization to do so > intrusion detection > IDS > criminal enterprise v security intrusion 824) An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) __________ > risk > vulnerability > asset v attack 1297)________ includes data processing and storage equipment,transmission and networking facilities,and offline storage media. > Supporting facilities > Physical facilities v Information system hardware > Infrastructure facilities 500) A ______ triggers a bug in the system's network handling software causing it to crash and the system can no longer communicate over the network until this software is reloaded > echo > reflection v poison packet > flash flood 86) "Each block of plaintext is XORed with an encrypted counter. The counter is incremented for each subsequent block", is a description of ___________ mode > Cipher Block Chaining v Counter > Cipher Feedback > Electronic Codebook 715) A __________ is when an adversary attempts to achieve user authentication without access to the remote host or to the intervening communications path v client attack > eavesdropping attack > host attack > Trojan horse attack 338) A _________ is a secret entry point into a program that allows someone who is aware of it to gain access without going through the usual security access procedures Select one: > multipartite v backdoor > hatch > Trojan horse 1142) _________ is a program flaw that occurs when program input data can accidentally or deliberately influence the flow of execution of the program. > PHP attack > Format string injection attack > XSS attack v Injection attack 105) Cryptographic systems are generically classified by _________ > the type of operations used for transforming plaintext to ciphertext > the number of keys used > the way in which the plaintext is processed v all of the above 706) Presenting or generating authentication information that corroborates the binding between the entity and the identifier is the ___________ > identification step v verification step > authentication step > corroboration step 317) A _________ is an individual who is not authorized to use the computer and who penetrates a system's access controls to exploit a legitimate user's account Select one: > Clandestine User v Masquerader > Sniffer > Misfeasor 646) __________ houses cross-connects and active equipment for distributing cable to the equipment distribution area > Main distribution area > Equipment distribution area v Horizontal distribution area > Zone distribution area 280) _________ anomaly detection focuses on characterizing the past behavior of individual users or related groups of users and then detecting significant deviations v Profile-based > Statistical > Behavioral > Signature-based 238) _____ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder > Traffic Analysis > Payload Inspection v Signature Detection > Anomaly Detection 784) IPsec can assure that _________ > a router advertisement comes from an authorized router > a routing update is not forged > a redirect message comes from the router to which the initial packet was sent v all of the above 83) The __________ algorithm will work against any block encryption cipher and does not depend on any particular property of DES > counter mode attack > ciphertext stealing v meet-in-the-middle attack > cipher block chaining 288) The __________ is the human with overall responsibility for setting the security policy of the organization, and, thus, for decisions about deploying and configuring the IDS > hacker v administrator > analyst > auditor 06) If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to __________ v use longer keys > use shorter keys > use more keys > use less keys 1087) A common technique for masking contents of messages or other information traffic so that opponents can not extract the information from the message is __________ . > integrity v encryption > analysis > masquerade 010) A __________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key v digital signature > keystream > one way hash function > secret key 101) __________ is a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key > Session key > Subkey v Key distribution technique > Ciphertext key 014) Combined one byte at a time with the plaintext stream using the XOR operation, a __________ is the output of the pseudorandom bit generator v keystream > digital signature > secure hash > message authentication code 385) To exploit any type of buffer overflow, the attacker needs to identify a buffer overflow vulnerability in some program that can be triggered using externally sourced data under the attacker's control v True > False 829) A ________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals Select one: > moderate v high > normal > low 268) The purpose of the ________ module is to collect data on security related events on the host and transmit these to the central manager > central manager agent > LAN monitor agent v host agent > architecture agent 1115) If the analyst is able to get the source system to insert into the system a message chosen by the analyst,then a ________ attack is possible. > known-plaintext v chosen-plaintext > chosen ciphertext > chosen text 158) ________ are analogous to a burglar guessing a safe combination by observing how long it takes to turn the dial from number to number > Collision attacks > Preimage attacks v Timing attacks > Side-channel attacks 1083) the algorithm will produce a different output depending on the specific secret key being used at the time.the exact substitutions and transformations performed by the algorithm depend on the key. v True > False 376) _________ can prevent buffer overflow attacks, typically of global data, which attempt to overwrite adjacent regions in the processes address space, such as the global offset table > MMUs > Heaps v Guard Pages 1091) The _______ category is a transitional stage between awareness and training. > roles and responsibilities relative to IT systems v security basics and literacy > education and experience > security awareness 585) T/F: To create a relationship between two tables, the attributes that define the primary key in one table must appear as attributes in another table, where they are referred to as a foreign key v True > False 223) 5.0 Points Since the responsibility for IT security is shared across the organization, there is a risk of inconsistent implementation of security and a loss of central monitoring and control v True > False 261) A _________ monitors the characteristics of a single host and the events occurring within that host for suspicious activity v host-based IDS > security intrusion > network-based IDS > intrusion detection 259) _________ are either individuals or members of a larger group of outsider attackers who are motivated by social or political causes > State-sponsored organizations v Activists > Cyber criminals > Others 153) Which of the following would allow an attack that to know the (plaintext of) current message must be the same as one previously transmitted because their ciphtertexts are the same? > CBC > CTR > OFB v ECB 464) Sometimes known as a "logic bomb", the __________ is the event or condition that determines when the payload is activated or delivered > Firewall > Router > Antivirus software > Encryption key v trigger 013) The purpose of the DSS algorithm is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages > True v False 716) A __________ is directed at the user file at the host where passwords, token passcodes, or biometric templates are stored > eavesdropping attack > denial-of-service attack > client attack v host attack 468) __________ code refers to programs that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics > Obfuscated > Scripting > Legacy v Mobile > Open-source 276) The _________ to an IDS enables a user to view output from the system or control the behavior of the system > command-line interface > graphical user interface > administrator console v user interface 465) The four phases of a typical virus are: dormant phase, triggering phase, execution phase and __________ phase > Initialization phase > Recovery phase v propagation > Termination phase > Mutation phase 265) _________ involves the collection of data relating to the behavior of legitimate users over a period of time > Profile based detection > Signature detection > Threshold detection v Anomaly detection 013) A __________ is to try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained > mode of operation > hash function > cryptanalysis v brute-force attack 012) A __________ is directed at the user file at the host where passwords, token passcodes, or biometric templates are store > eavesdropping attack > denial-of-service attack > client attack v host attack 642) A(n) __________ is a user who has administrative responsibility for part or all of the database v administrator > database relations manager > application owner > end user other than application owner 96) There are _____ modes of operation defined by NIST that are intended to cover virtually all the possible applications of encryption for which a block cipher could be used > three v five > seven > nine 30) The __________ component deals with the management and control of the ways entities are granted access to resources > resource management v access management > privilege management > policy management 325) _________ involves counting the number of occurrences of a specific event type over an interval of time Select one: v Threshold detection > Rule-based detection > Resource usage > Profile-based system 282) _________ simulate human brain operation with neurons and synapse between them that classify observed data > Antivirus software > Intrusion prevention systems v Neural networks > Genetic algorithms 239) A _____ monitors the characteristics of a single host and the events occurring within that host for suspicious activity > Network-based IDS > Intrusion Prevention System > Firewall v Host-based IDS 832) A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources Select one: > active attack > inside attack > outside attack v passive attack 507) ______ attempts to monopolize all of the available request handling threads on the Web server by sending HTTP requests that never complete > HTTP > Reflection attacks > SYN flooding v Slowloris 443) Gaps, or __________ , are flagged in the MMU as illegal addresses, and any attempt to access them results in the process being aborted > Stack frames > Heap blocks v guard pages > Code sections 1107) If the PRF does not generate effectively random 128-bit output values it may be possible for an adversary to narrow the possibilities and successfully use a brute force attack. v True > False 633) Network security is extremely important in a facility in which such a large collection of assets is concentrated in a single place and accessible by external network connections v True > False 07) __________ is a procedure that allows communicating parties to verify that received or stored messages are authentic > Cryptanalysis > Decryption v Message authentication > Collision resistance 85) _________ mode is similar to Cipher Feedback, except that the input to the encryption algorithm is the preceding DES output > Counter > Cipher Block Chaining v Output Feedback > Cipher Feedback 463) Sometimes referred to as the "infection vector", the __________ is the means by which a virus spreads or propagates > Exploit > Encryption algorithm v infection mechanism > Payload > Backdoor 1122) the key exchange protocol is vulnerable to a __________ attack because it does not authenticate the participants. > one-way function > time complexity > chosen ciphertext v man-in-the-middle 718) An institution that issues debit cards to cardholders and is responsible for the cardholder's account and authorizing transactions is the _________ > cardholder > auditor v issuer > processor 378) A consequence of a buffer overflow error is: > possibly memory access violation > corruption of data used by the program > unexpected transfer of control in the program v all of these options 310) An operation such as login, read, perform, I/O or execute that is performed by the subject on or with an object is the _________ audit record field v Action > Subject > Resource-usage > Object 1077) the XtS-AES standard describes a method of decryption for data stored in sector-based devices where the threat model includes possible access to stored data by the adversary. > True v False 462) A computer __________ is a piece of software that can "infect" other programs or any type of executable content and tries to replicate itself > Trojan horse > Adware v virus > Worm > Spyware 511) It is possible to specifically defend against the ______ by using a modified version of the TCP connection handling code > three-way handshake > UDP flood v SYN spoofing attack > flash crowd 015) A _________ protects against an attack in which one party generates a message for another party to sign > data authenticator v strong hash function > weak hash function > digital signature 644) __________ is the process of performing authorized queries and deducing unauthorized information from the legitimate responses received > Perturbation v Inference > Compromise > Partitioning 283) A ________ IDS monitors traffic at selected points on a network or interconnected set of networks > host-based (HIDS) > cloud-based (CIDS) > application-based (AIDS) v net-work based (NIDS) 27) __________ provide a means of adapting RBAC to the specifics of administrative and security policies in an organization v Constraints > Mutually Exclusive Roles > Cardinality > Prerequisites 160) The principal attraction of ________ compared to RSA is that it appears to offer equal security for a far smaller bit size, thereby reducing processing overhead > AES v ECC > Blowfish > RC4 393) At the basic machine level, all of the data manipulated by machine instructions executed by the computer processor are stored in either the processors registers or in memory v True > False 1124) For determining the security of various elliptic curve ciphers it is of some interest to know the number of points in a finite abelian group defined over an elliptic curve. v True > False 366) In 2004 the ________ exploited a buffer overflow in Microsoft Windows 2000/XP Local Security Authority Subsystem Service > Code Red Worm > Slammer Worm > Morris Internet Worm v Sasser Worm 694) User authentication is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and that the source is authentic > True v False 421) __________ aim to prevent or detect buffer overflows by instrumenting programs when they are compiled > threat modeling v compile-time defenses > runtime patching > post-incident analysis 308) Metrics that are useful for profile-based intrusion detection are: counter, gauge, resource utilization, and _______ > network bandwidth > packet loss rate > system uptime v interval timer 1440) __________ is a data collection technology that uses electronic tags attached to items to allow the items to be identified and tracked by a remote system. v RFID > NtRU > EPC > CRYPtOREC 827) An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user Select one: > repudiation v masquerade > inference > interception 822) __________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts Select one: v Traffic padding > Traffic integrity > Traffic control > Traffic routing 242) _____ involves the collection of data relating to the behavior of legitimate users over a period of time > Signature Detection > Statistical Analysis > Log Monitoring v Anomaly Detection 375) Even through it is a high-level programming language, Java still suffers from buffer overflows because it permits more data to be saved into a buffer than it has space for > True v False 775) ______ is the recommended technique for wireless network security > Using encryption > Using anti-virus and anti-spyware software > Turning off identifier broadcasting v All of the above 269) A(n) ________ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor > passive sensor > analysis sensor > LAN sensor v inline sensor 57) __________ is malware that encrypts the user's data and demands payment in order to access the key needed to recover the information > Trojan horse v Ransomware > Crimeware > Polymorphic 510) In a _______ attack the attacker creates a series of DNS requests containing the spoofed source address for the target system > SYN flood v DNS amplification > poison packet > UDP flood 830) A __________ is any action that compromises the security of information owned by an organization Select one: v security attack > security mechanism > security policy > security service 466) During the __________ phase the virus is activated to perform the function for which it was intended > Encryption phase > Stealth phase > Payload phase v triggering > Replication phase 394) Even though it is a highlevel programming language, Java still suffers from buffer overflows because it permits more data to be saved into a buffer than it has space for > True v False 46) A program that is covertly inserted into a system with the intent of compromising the integrity or confidentiality of the victim's data is __________ > Adobe > Animoto v Malware > Prezi 106) A symmetric encryption scheme has five ingredients: plaintext, encryption algorithm, ciphertext, decryption algorithm and _________ > password > hash v secret key > digital signature 648) _________ is an organization that produces data to be made available for controlled release, either within the organization or to external users > Client v Data owner > User > Server 114) Unlike ECB and CBC modes, ________ mode requires only the implementation of the encryption algorithm and not the decryption algorithm > block v counter (CTR) > stream > substitution 714) To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol > eavesdropping > Trojan horse v challenge-response > denial-of-service 1104) Plaintext is recovered from the ciphertext using the paired key and _____________ . > a digital signature > a recovery encryption v a decryption algorithm > an encryption algorithm 115) The most powerful, and most common, approach to countering the threats to network security is ________ > authentication > firewall implementation > intrusion detection v encryption 442) The _________ is typically located above the program code and global data and grows up in memory (while the sack grows down toward it) > Data section > Cache v heap > Register file 369) _________ aim to prevent or detect buffer overflows by instrumenting programs when they are compiled > Run-time defenses v Compile-time defenses > Shellcodes > All of these answers 821) Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences Select one: > unauthorized disclosure > disruption v deception > usurpation 348) _________ are used to attack networked computer systems with a large volume of traffic to carry out a denial-of-service attack Select one: > Bots > Exploits > Keyloggers v flooders 275) A ________ is a hacker with sufficient technical skills to modify and extend attack toolkits to use newly discovered vulnerabilities > script kiddie v journeyman > novice > expert 1101) The appeal of HMAC is that its designers have been able to prove an exact relationship between the strength of the embedded hash function and the strength of HMAC. v True > False 21) A concept that evolved out of requirements for military information security is ______ > reliable input v mandatory access control > open and closed policies > discretionary input 287) 14.________ are decoy systems that are designed to lure a potential attacker away from critical systems > Antivirus software v Honeypots > Firewalls > Intrusion Detection Systems 48) A __________ is code inserted into malware that lies dormant until a predefined condition, which triggers an unauthorized act, is met v logic bomb > trapdoor > worm > Trojan horse 315) To be of practical use an intrusion detection system should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level v True > False 118) For symmetric encryption to work the two parties to an exchange must share the same _____, which must be protected from access by others > username v key > password > certificate 380) The potential for a buffer overflow exists anywhere that data is copied or merged into a buffer, where at least some of the data are read from outside the program v True > False 471) A bot can use a __________ to capture keystrokes on the infected machine to retrieve sensitive information > Antivirus software > Encryption key v keylogger > Firewall > Rootkit 828) The assurance that data received are exactly as sent by an authorized entity is __________ Select one: v data integrity > data confidentiality > authentication > access control 833) The _________ prevents or inhibits the normal use or management of communications facilities Select one: > passive attack v denial of service > masquerade > traffic encryption 1128) Intrusion detection is the process of collecting information about events occurring in a computer system or network and analyzing them for signs of intrusions. v True > False 504) _______ bandwidth attacks attempt to take advantage of the disproportionally large resource consumption at a server v Application-based > System-based > Random > Amplification 499) ______ relates to the capacity of the network links connecting a server to the wider Internet > Application resource v Network bandwidth > System payload > Directed broadcast 440) A _________ value is named after the miner's bird used to detect poisonous air in a mine and warn miners in time for them to escape > Sparrow > Falcon > Hawk v canary > Eagle 384) The buffer overflow type of attack has been known since it was first widely used by the _______ Worm in 1988 > Alpha One > Code Red Worm > Slammer Worm v Morris Internet Worm 423) _________ is a form of overflow attack v heap overflows, return to system call, and replacement stack frame > Cross-site scripting (XSS) > SQL injection > Directory traversal 412) A buffer overflow in Microoft Windows 2000/XP Local Security Authority Subsystem Service was exploited by the _________ > Melissa Worm v Sasser Worm > Nimda Worm > Sobig Worm 240) A(n) _____ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor > Active Sensor > Probe v Inline Sensor > Passive Sensor 868) The Common Criteria for Information Technology and Security Evaluation are ISO standards for specifying security requirements and defining evaluation criteria v True > False 228) The relative lack of success in bringing cybercriminals to justice has led to an increase in their numbers, boldness, and the global scale of their operations v True > False 579) The basic building block of a __________ is a table of data, consisting of rows and columns, similar to a spreadsheet v relational database > query set > DBMS > perturbation 329) A ______ attack is an attempt to prevent legitimate users of a service from using that service > Man-in-the-middle > Phishing v Denial of service (DOS) > Social engineering 506) Bots starting from a given HTTP link and then following all links on the provided Web site in a recursive way is called _______ > trailing v spidering > spoofing > crowding 271) _________ is a document that describes the application level protocol for exchanging data between intrusion detection entities v RFC 4767 > RFC 4766 > RFC 4765 > RFC 4764 581) __________ is an organization that receives the encrypted data from a data owner and makes them available for distribution to clients > User > Client > Data owner v Server 06) Modes of operation are the alternative techniques that have been developed to increase the security of symmetric block encryption for large sequences of data v True > False 343) A _________ virus is a form of virus explicitly designed to hide itself from detection by antivirus software Select one: v stealth > polymorphic > encrypted > metamorphic 157) ________ attacks have several approaches, all equivalent in effort to factoring the product of two primes v Mathematical > Statistical > Brute-force > Social engineering 841) Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them True or False v True > False 897) An attacker can generally determine in advance exactly where the targeted buffer will be located in the stack frame of teh function in which it is defined > True v False 1043) Which stages does a virus have? > Dormant phase > Propagation phase - i.e. attachment to email > Triggering phase > Execution phase v All viruses have these four stages 267) The _________ module analyzes LAN traffic and reports the results to the central manager v LAN monitor agent > host agent > central manager agent > architecture agent 1134) Message authentication protects two parties who exchange messages from any third party, however, it does not protect the two parties against each other. v True > False 645) A ___________ is the portion of the data center that houses data processing equipment v computer room > main distribution area > entrance room > horizontal distribution 377) The ________________ used a buffer overflow exploit in the "fingerd" as one of its attack mechanisms v Morris Internet Worm > Sasser Worm > Code Red Worm > Slammer Worm 470) A __________ is a collection of bots capable of acting in a coordinated manner v botnet > Firewall > Encryption algorithm > Intrusion Detection System (IDS) > Rootkit 11) A user program executes in a kernel mode in which certain areas of memory are protected from the user's use and certain instructions may not be executed > True v False 1116) The BLP model effectively breaks down when (untruste> low classified executable data are allowed to be executed by a high clearance (truste> subject. v True > False 1089) To emphasize the importance of security awareness,an organization should have a security awareness policy document that is provided to all employees. v True > False 76) In the first instance of multiple encryption plaintext is converted to __________ using the encryption algorithm v ciphertext > S-AES mode > Triple DES > block cipher 161) Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified v True > False 92) The exact substitutions and transformations performed by the algorithm depend on the ________ > ciphertext > decryption algorithm v secret key > encryption algorithm 127) A hash function such as SHA-1 was not designed for use as a MAC and cannot be used directly for that purpose because it does not rely on a secret key v True > False 109) A ________ cipher processes the input elements continuously, producing output one element at a time as it goes along > substitution > block v stream > transposition 1078) Once the plaintext is converted to ciphertext using the encryption algorithm the plaintext is then used as input and the algorithm is applied again. > True v False 692) Depending on the details of the overall authentication system, the registration authority issues some sort of electronic credential to the subscriber > True v False 713) Each individual who is to be included in the database of authorized users must first be __________ in the system > verified > authenticated > identified v enrolled 397) An attacker is more interested in transferring control to a location and code of the attackers choosing rather than immediately crashing the program v True > False 307) Password files can be protected in one of two ways: One-way function or ______ > biometric authentication v access control > encryption > two-factor authentication 719) __________ allows an issuer to access regional and national networks that connect point of sale devices and bank teller machines worldwide v EFT > POS > BTM > ATF 012) Digital signatures and key management are the two most important applications of __________ encryption > private-key v public-key > preimage resistant > advanced 647) __________ encompasses intrusion detection, prevention and response v Intrusion management > Security assessments > Database access control > Data loss prevention 820) A threat action in which sensitive data are directly released to an unauthorized entity is __________ Select one: > disruption v exposure > corruption > intrusion 12) Any program that is owned by, and SetUID to, the "superuser" potentially grants unrestricted access to the system to any user executing that program v True > False 08) The purpose of a __________ is to produce a “fingerprint” of a file, message, or other block of data > secret key > digital signature > keystream v hash function 04) On average, __________ of all possible keys must be tried in order to achieve success with a brute-force attack > one-fourth v half > two-thirds > three-fourths 759) A traditional packet filter makes filtering decisions on an individual packet basis and does not take into consideration any higher layer context v True > False 270) A(n) ________ event is an alert that is generated when the gossip traffic enables a platform to conclude that an attack is under way > PEP v DDI > IDEP > IDME 1172) __________ defines user authentication as "the process of verifying an identity claimed by or for a system entity". v RFC 2828 > RFC 2493 > RFC 2298 > RFC 2328 370) In 2003, the _______ exploited a buffer overflow in Microsoft SQL Server 2000 > Slammer worm > Sasser worm > Morris Internet Worm > Code Red Worm v Slammer Worm 1118) Multilevel security is of interest when there is a requirement to maintain a resource in which multiple levels of data sensitivity are defined. v True > False 410) The __________ used a buffer overflow exploit in fingerd as one of its attack mechanisms > Conficker Worm v Morris Internet Worm > Stuxnet Worm > ILOVEYOU Worm 108) A ________ cipher processes the input one block of elements at a time, producing an output block for each input > substitution v block > stream > transposition 212) A cookie can be used to authenticate a user to a web site so that the user does not have to type in his password for each connection to the site v True > False 1163) The countermeasure to tiny fragment attacks is to discard packets with an inside source address if the packet arrives on an external interface. > True v False 140) Which of the following scenario requires a security protocol: > log in to mail.google.com > connecting to work from home using a VPN v All the previous answers 274) The broad classes of intruders are: cyber criminals, state-sponsored organizations, _________ , and others > terrorists > script kiddies v activists > hackers 1095) Performing regular backups of data on a system is a critical control that assists with maintaining the integrity of the system and user data. v True > False 594) T/F: Business continuity consists of security services that allocate access, distribute, monitor, and protect the underlying resource services > True v False 01) __________ defines user authentication as “the process of verifying an identity claimed by or for a system entity” v RFC 4949 > RFC 2298 > RFC 2493 > RFC 2328 427) The buffer is located __________ > in the heap > in the stack > in the data section of the process > in the register > All of the above v 1,2,3 are correct 162) To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level v True > False 132) In Kerberos, each human user has a master key shared with the authentication server, and the key is usually derived from the user's password v True > False 712) __________ systems identify features of the hand, including shape, and lengths and widths of fingers > Signature v Hand geometry > Fingerprint > Palm print 155) Which of the following feature can only be provided by public-key cryptography? > Data integrity > Confidentiality > Digital signatures v None of the above 401) The buffer overflow type of attack has been known since it was first widely used by the __________ Worm in 1988 v Morris > Slammer > Code Red > Heartbleed 707) Recognition by fingerprint, retina, and face are examples of __________ > face recognition > dynamic biometrics v static biometrics authentication > token 306) The three classes of intruders identified by Anderson are: Masquerader, Misfeasor, and____ > Insider threat > Social engineer v clandestine > Cybercriminal 513) When a DoS attack is detected, the first step is to _______ v identify the attack > analyze the response > design blocking filters > shut down the network 373) Buffer overflows can be found in a wide variety of programs, processing a range of different input and with a variety of possible responses v True > False 309) Two types of audit records used are Detection-specific audit records and ____ audit records > system uptime v native > network bandwidth > packet loss rate 102) A ________ is a key used between entities for the purpose of distributing session keys v permanent key > session key > distribution key > all of the above 1074) A __________ is a set in which you can do addition, subtraction, multiplication and division without leaving the set. > record > standard v field > block 202) In a wireless network, traffic is broadcasted into the air, and so it is much easier to sniff wireless traffic compared with wired traffic v True > False 1113) Defensive programming is sometimes referred to as _________. > variable programming v secure programming > interpretive programming > chroot programming 18) _________ is the granting of a right or permission to a system entity to access a system resource v Authorization > Authentication > Control > Monitoring 1119) IPSec can guarantee that all traffic designated by the network administrator is authenticated but cannot guarantee that it is encrypted. > True v False 33) Metamorphic code is software that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics > True v False 381) Memory is requested from the ______ by programs for use in dynamic data structures, such as linked lists of records > ROM v heap > address space > shell 117) With ______ encryption each vulnerable communications link is equipped on both ends with an encryption device > network > end-to-end v link > transport 351) The success of the digital immune system depends on the ability of the virus analysis machine to detect new and innovative virus strains v True > False 91) _________ is the original message or data that is fed into the algorithm as input v Plaintext > Encryption algorithm > Decryption algorithm > Ciphertext 1166) Signature-based approaches attempt to define normal,or expected, behavior,whereas anomaly approaches attempt to define proper behavior. > True v False 143) A brute-force approach involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained v True > False 1138) the __________ generation is usually thought of as the Iot and is marked by the use of billions of embedded devices. > second > third v fourth > fifth 1158) A denial-of-service attack is an attempt to compromise availability by hindering or blocking completely the provision of some service. v True > False 321) Intrusion detection involves detecting unusual patterns of activity or patterns of activity that are known to correlate with intrusions v True > False 577) Encryption can be applied to the entire database, at the record level, at the attribute level, or at the level of the individual field v True > False 266) A (n) __________ is a hacker with minimal technical skill who primarily uses existing attack toolkits > Master v Apprentice > Journeyman > Activist 424) The __________ used a buffer overflow exploit in "fingerd" as one of its attack > Code Red Worm > Stuxnet Worm v Morris Internet Worm > ILOVEYOU Worm 632) Site security of the data center itself includes barriers to entry, coupled with authentication techniques for gaining physical access > True v False 285) 12.The functional components of an _________ are: data source, sensor, analyzer, administration, manager, and operator v IDS > IPS > SIEM > Firewall 139) The purposes of a security protocol include: > Authentication > Key-exchange > Negotiate crypto algorithms and parameters v All the previous answers 1106) there are well-defined tests for determining uniform distribution and independence to validate that a sequence of numbers is random. > True v False 1082) The first widely used occurrence of the buffer overflow attack was the _______. > Code Red Worm v Morris Internet Worm > Sasser Worm > Slammer Worm 29) Subject attributes, object attributes and environment attributes are the three types of attributes in the __________ model > DSD > RBAC v ABAC > SSD 63) A mode of operation is a technique for enhancing the effect of a cryptographic algorithm or adapting the algorithm for an application v True > False 272) The rule _______ tells Snort what to do when it finds a packet that matches the rule criteria > protocol > direction v action > destination port 640) A _________ is defined to be a portion of a row used to uniquely identify a row in a table > foreign key > query v primary key > data perturbation 211) Since Android is open-source, each handset vendor can customize it, and this is good for security (hint: consider security updates) > True v False 010) The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm v True > False 138) The DSS makes use of the _______ and presents a new digital signature technique, the Digital Signature Algorithm (DSA) > AES v SHA-1 > MD5 > RSA 428) _________ is a tool used to automatically identify potentially vulnerable programs > Code obfuscation > Encryption v fuzzing > Penetration testing 80) __________ modes of operation have been standardized by NIST for use with symmetric block ciphers such as DES and AES > Nine > Seven > Three v Five 467) A __________ virus is explicitly designed to hide itself from detection by anti-virus software > Adware > Spyware > Rootkit v stealth > Ransomware 116) With _________ encryption the encryption process is carried out at the two end systems > point-to-point > intermediary > centralized v end-to-end 119) All encryption algorithms are based on two general principles: substitution and _________ > compression > expansion v transposition > permutation 01) The original message or data that is fed into the algorithm is __________ > encryption algorithm > secret key > decryption algorithm v plaintext 100) ______ mode is typically used for a general-purpose block-oriented transmission and is useful for high-speed requirements > ECB > OFB > CFB v CTR 323) System administrators can stop all attacks and hackers from penetrating their systems by installing software patches periodically > True v False 217) In XSRF, the malicious site can send malicious script to execute in the user?s browser by embedding the script in a hidden iframe > True v False 634) Security specifically tailored to databases is an increasingly important component of an overall organizational security strategy v True > False 836) Computer security is protection of the integrity, availability, and confidentiality of information system resources True or False v True > False 1137) A major characteristic of a good security program is how quickly the Iot system can be recovered after an incident has occurred. v True > False 1121) Additional padding may be added to provide partial traffic-flow confidentiality by concealing the actual length of the payload. v True > False 03) Cryptanalytic attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtaine > True v False 69) A typical application of Output Feedback mode is stream oriented transmission over noisy channel, such as satellite communication v True > False 650) __________ specifies the minimum requirements for telecommunications infrastructure of data centers v TIA-492 > RFC-4949 > NIST-7883 > RSA-298 147) Using PKCS (public-key cryptography standard), when RSA encrypts the same message twice, different ciphertexts will be produced v True > False 943) Four stages of viruses > Dormant phase > Propagation phase - i.e. attachment to email > Triggering phase > Execution phase v All of the above 437) __________ defenses aim to detect and abort attacks in existing programs > Code signing v run-time > Compile-time defenses > Patch management 1162) The firewall may be a single computer system or a set of two or more systems that cooperate to perform the firewall function. v True > False 82) The simplest form of multiple encryption has __________ encryption stages and __________ keys > three, two > four, two > two, three v two, two 304) Statistical approaches attempt to define proper behavior and rule-based approaches attempt to define normal or expected behavior > True v False 17) __________ is verification that the credentials of a user or other system entity are valid > Adequacy v Authentication > Authorization > Audit 711) The most common means of human-to-human identification are __________ v facial characteristics > signatures > retinal patterns > fingerprints 1155) In relational database parlance,the basic building block is a __________,which is a flat table. > attribute > tuple > primary key v relation 1159) Using forged source addresses is known as _________. v source address spoofing > a three-way address > random dropping > directed broadcast 1432) "Each block of 64 plaintext bits is encoded independently using the same key" is a description of the CBC mode of operation. > True v False 126) Cryptographic hash functions generally execute faster in software than conventional encryption algorithms such as DES and AES v True > False 95) The most widely used encryption scheme is based on the _________ adopted in 1977 by the National Bureau of Standards > AES > 3DES > CES v DES 939) If we find that a botnet server is located in country X, we can be certain that criminals within country X control the botnet > True v False 169) The strength of a hash function against brute-force attacks depends on the length of the hash code produced by the algorithm v True > False 05) The most important symmetric algorithms, all of which are block ciphers, are the DES, triple DES, and the __________ > SHA > RSA v AES > DSS 229) The purpose of the privacy functions is to provide a user protection against discovery and misuse of identity by other users v True > False 1123) the __________ cryptosystem is used in some form in a number of standards including DSS and S/MIME. > Rabin > Rijnedel > Hillman v ElGamal 1052) TCB Design Principles > Least Privilege > Economy > Open Design > Complete Mediation > Fail-safe defaults > Ease of Use v All of the above 438) The __________ project produces a free, multiplatform 4.4BSD-based UNIX-like operating system > Linux > Windows v OpenBSD > macOS > FreeBSD 58) A __________ attack is a bot attack on a computer system or network that causes a loss of service to users > spam > phishing v DDoS > sniff 328) Stealth is not a term that applies to a virus as such but, rather, refers to a technique used by a virus to evade detection v True > False 411) In 2003 the _________ exploited a buffer overflow in Microsoft SQL Server 2000 > Code Red Worm > Mydoom Worm > Blaster Worm v Slammer Worm 1131) A recipient in possession of the secret key cannot generate an authentication code to verify the integrity of the message. > True v False 831) A loss of _________ is the unauthorized disclosure of information Select one: > integrity > availability v confidentiality > authenticity 335) An encrypted virus is a virus that mutates with every infection, making detection by the signature of the virus impossible > True v False 934) The best defense against being an unwitting participant in a DDos attack is to prevent your systems from being compromised v True > False 112) ______ was designed in 1987 by Ron Rivest and is a variable key-size stream cipher with byte-oriented operations > DES v RC4 > AES > RSA 1090) Security awareness,training,and education programs may be needed to comply with regulations and contractual obligations. v True > False 77) Triple DES makes use of __________ stages of the DES algorithm, using a total of two or three distinct keys > twelve > six > nine v three 436) __________ defenses aim to harden programs to resist attacks in new programs > Machine code > Obfuscated > Self-modifying v compile-time 150) Just like RSA can be used for signature as well as encryption, Digital Signature Standard can also be used for encryption > True v False 55) __________ is the first function in the propagation phase for a network worm > Propagating v Fingerprinting > Keylogging > Spear phishing 717) A __________ attack involves an adversary repeating a previously captured user response > client v replay > Trojan horse > eavesdropping 578) A(n) __________ is a structured collection of data stored for use by one or more applications > attribute v database > tuple > inference 837) Data integrity assures that information and programs are changed only in a specified and authorized manner True or False v True > False 216) XSRF is possible when a user has a connection to a malicious site while a connection to a legitimate site is still alive v True > False 1125) Limited characteristics make it impossible for hash functions to be used to determine whether or not data has changed. > True v False 120) The three most important symmetric block ciphers are: 3DES, AES, and _____ > Serpent v Data Encryption Standard (DES) > Blowfish > RSA 795) The principal objective for developing a PKI is to enable secure, convenient, and efficient acquisition of private keys > True v False 278) An IDS comprises three logical components: analyzers, user interface and _____ v sensors > firewalls > routers > encryption algorithms 1129) One limitation of a firewall is that an improperly secured wireless LAN may be accessed from outside the organization. v True > False 41) A Trojan horse is an apparently useful program containing hidden code that, when invoked, performs some harmful function v True > False 698) Depending on the application, user authentication on a biometric system involves either verification or identification v True > False 382) A stack buffer overflow attack is also referred to as ______ > buffer overrunning > stack framing > heap overflowing v stack smashing 78) Another important mode, XTS-AES, has been standardized by the __________ Security in Storage Working Group > NIST v IEEE > ITIL > ISO 72) It is possible to convert a block cipher into a stream cipher using cipher feedback, output feedback and counter modes v True > False 1105) A major advance in symmetric cryptography occurred with the development of the rotor encryption/decryption machine. v True > False 1108) A widely used technique for pseudorandom number generation is an algorithm known as the linear congruential method. v True > False 26) A __________ is a named job function within the organization that controls this computer system > user v role > permission > session 1126) the Secure Hash Algorithm design closely models, and is based on, the hash function __________ . > MD5 > FIPS 180 > RFC 4634 v MD4 09) __________ is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n > DSS v RSA > SHA > AES 349) Malicious software that needs a host program is referred to as _________ Select one: > blended v parasitic > logic bomb > flooders 701) Identifiers should be assigned carefully because authenticated identities are the basis for other security services v True > False 79) The _________ and _________ block cipher modes of operation are used for authentication > OFB, CTR v CBC, CFB > CFB, OFB > ECB, CBC 865) A subject can exercise only accesses for which it has the necessary authorization and which satisfy the MAC rules v True > False 1111) Data representing behavior that does not trigger an alarm cannot serve as input to intrusion detection analysis. > True v False 1112) Security flaws occur as a consequence of sufficient checking and validation of data and error codes in programs. > True v False 107) _________ is the process of attempting to discover the plaintext or key v Cryptanalysis > Steganography > Cryptography > Hashing 133) In Kerberos, the purpose of using ticket-granting-ticket (TGT) is to minimize the exposure of a user?s master key v True > False 1135) the main work for signature generation depends on the message and is done during the idle time of the processor. > True v False 02) The __________ is the encryption algorithm run in reverse v decryption algorithm > plaintext > ciphertext > encryption algorithm 15) An ABAC model can define authorizations that express conditions on properties of both the resource and the subject v True > False 1169) A bot propagates itself and activates itself,whereas a worm is initially controlled from some central facility. > True v False 560) T/F: SQL Server allows users to create roles that can then be assigned access rights to portions of the database v True > False 320) Unauthorized intrusion into a computer system or network is one of the most serious threats to computer security v True > False 567) T/F: A view cannot provide restricted access to a relational database so it cannot be used for security purposes > True v False 1160) Flooding attacks take a variety of forms based on which network protocol is being used to implement the attack. v True > False 589) T/F: The database management system makes use of the database description tables to manage the physical database v True > False 595) T/F: An IPS incorporates IDS functionality but also includes mechanisms designed to block traffic from intruders v True > False 340) Mobile phone worms communicate through Bluetooth wireless connections or via the _________ Select one: > SQL > TRW > PWC v MMS 367) ____________ is a form of overflow attack > Heap overflows > Replacement stack frame > Return to system call v All of the above 1102) HMAC can be proven secure provided that the embedded hash function has some reasonable cryptographic strengths. v True > False 1149) A loss of _________ is the unauthorized disclosure of information. v confidentiality > authenticity > integrity > availability 149) A key exchange protocol is vulnerable to a man-in-the-middle attack if it does not authenticate the participants v True > False 319) The main advantage of the use of statistical profiles is that a prior knowledge of security flaws is not required v True > False 1100) The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms. v True > False 014) An important element in many computer security services and applications is the use of cryptographic algorithms v True > False 937) the domain name of the command and control server of a botnet are pre-determined for the lifetime of the botnet > True v False 52) The __________ is when the virus function is performed > dormant phase > propagation phase > triggering phase v execution phase 596) T/F: The CSP can provide backup at multiple locations, with reliable failover and disaster recovery facilities v True > False 131) In Kerberos, the authentication server shares a unique secret key with each authorized computer on the network v True > False 1171) In a biometric scheme some physical characteristic of the individual is mapped into a digital representation. v True > False 418) A stack buffer overflow is also referred to as ___________ > data leakage v stack smashing > heap hijacking > code injection 87) The __________ mode operates on full blocks of plaintext and ciphertext, as opposed to an s-bit subset > ECB > CFB > CBC v OFB 214) XSS is possible when a web site does not check user input properly and use the input in an outgoing html page v True > False 1075) the Rijndael developers designed the expansion key algorithm to be resistant to known cryptanalytic attacks. v True > False 898) It is possible to write a compiler tool to check any C program and identify all possible buffer overflow bugs > True v False 838) Availability assures that systems works promptly and service is not denied to authorized users True or False v True > False 207) The App Store review process can guarantee that no malicious iOS app is allowed into the store for download > True v False 1142) A major weakness of the public announcement of public keys is that anyone can forge a public announcement. v True > False 137) Issued as RFC 2104, _______ has been chosen as the mandatory-to-implement MAC for IP Security > SHA-256 v HMAC > MD5 > AES 1084) Restoring the plaintext from the ciphertext is __________ . v deciphering > transposition > steganography > encryption 74) OFB mode requires an initialization vector that must be unique to each execution of the encryption operation v True > False 05) Triple DES takes a plaintext block of 64 bits and a key of 56 bits to produce a ciphertext block of 64 bits > True v False 590) T/F: The cloud carrier is useful when cloud services are too complex for a cloud consumer to easily manage > True v False 08) A message authentication code is a small block of data generated by a secret key and appended to a message v True > False 49) The term "computer virus" is attributed to __________ > Herman Hollerith v Fred Cohen > Charles Babbage > Albert Einstein 167) Two of the most important applications of public-key encryption are digital signatures and key management v True > False 842) Security mechanisms typically do not involve more than one particular algorithm or protocol True or False > True v False 227) The IT security management process ends with the implementation of controls and the training of personnel > True v False 913) each layer of code needs appropriate hardening measures in place to provide appropriate security services v True > False 1117) The Biba models deals with confidentiality and is concerned with unauthorized disclosure of information. > True v False 215) XSS can perform many types of malicious actions because a malicious script is executed at user?s browser v True > False 163) An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device > True v False 1114) It is possible to convert any block cipher into a stream cipher by using the cipher feedback (CF> mode. v True > False 37) Many forms of infection can be blocked by denying normal users the right to modify programs on the system v True > False 28) __________ refers to setting a maximum number with respect to roles v Cardinality > Prerequisite > Exclusive > Hierarchy 152) is the original message or data that is fed into the encryption process as input > Hash > Key v Plaintext > Ciphertext 1092) The approach taken by Kerberos is using authentication software tied to a secure authentication server. v True > False 25) __________ is based on the roles the users assume in a system rather than the user's identity > DAC v RBAC > MAC > URAC 245) Activists are either individuals or members of an organized crime group with a goal of financial reward > True v False 246) Running a packet sniffer on a workstation to capture usernames and passwords is an example of intrusion v True > False 409) A buffer can be located _________ > in the heap > on the stack > in the data section of the process v All of the above 226) It is likely that an organization will not have the resources to implement all the recommended controls v True > False 47) __________ are used to send large volumes of unwanted e-mail > Rootkits v Spammer programs > Downloaders > Auto-rooters 263) The ________ is responsible for determining if an intrusion has occurred v analyzer > host > user interface > sensor 899) The OpenSSL heartbleed vulnerability would have been prevented if OpenSSL had been implemented in Java v True > False 220) Using an input filter to block certain characters is an effective way to prevent SQL injection attacks v True > False 103) The _______ module performs end-to-end encryption and obtains session keys on behalf of users > PKM > RCM v SSM > CCM 1130) the primary benefit of a host-based IDS is that it can detect both external and internal intrusions. v True > False 93) The _________ is the encryption algorithm run in reverse v decryption algorithm > ciphertext > plaintext > secret key 840) The more critical a component or service, the higher the level of availability required True or False v True > False 1099) If a computer's temperature gets too cold the system can undergo thermal shock when it is turned on. v True > False 708) A __________ is a password guessing program > password hash v password cracker > password biometric > password salt 1088) Integrity can apply to a stream of messages, a single message, or selected fields within a message. v True > False 1489) __________ controls access based on comparing security labels with security clearances. v MAC > DAC > RBAC > MBAC 124) The additive constant numbers used in SHA-512 are random-looking and are hardcoded in the algorithm v True > False 508) A characteristic of reflection attacks is the lack of _______ traffic v backscatter > network > three-way > botnet 313) Penetration identification is an approach developed to detect deviation from previous usage patterns > True v False 935) Botnet command and control must be centralized( i.e. all bots communicate with a central server(s)) > True v False 880) A virus that attaches to an executable program can do anything that hte program is permitted to do v True > False 691) Identification is the means of establishing the validity of a claimed identity provided by a user v True > False 198) In IPSec, if A uses DES for traffic from A to B, then B must also use DES for traffic from B to A > True v False 34) A virus that attaches to an executable program can do anything that the program is permitted to do v True > False 779) The most significant source of risk in wireless networks in the underlying communications medium v True > False 36) A logic bomb is the event or condition that determines when the payload is activated or delivered v True > False 53) During the __________ the virus is idle v dormant phase > propagation phase > triggering phase > execution phase 503) TCP uses the _______ to establish a connection > zombie > SYN cookie > directed broadcast v three-way handshake 97) For stream-oriented transmission over noisy channel you would typically use _______ mode > ECB > CTR v OFB > CBC 866) One way to secure against Trojan horse attacks is the use of a secure, trusted operating system v True > False 593) T/F: An IDS is a set of automated tools designed to detect unauthorized access to a host system v True > False 350) The challenge in coping with DDoS attacks is the sheer number of ways in which they can operate v True > False 66) Given the potential vulnerability of DES to a brute-force attack, an alternative has been found v True > False 758) A packet filtering firewall is typically configured to filter packets going in both directions v True > False 1085) the process of converting from plaintext to ciphertext is known as deciphering or decryption. > True v False 99) For general-purpose stream-oriented transmission you would typically use _______ mode > CTR v CFB > ECB > CBC 10) The default set of rights should always follow the rule of least privilege or read-only access v True > False 03) __________ is the scrambled message produced as output > Plaintext v Ciphertext > Secret key > Cryptanalysis 42) Packet sniffers are mostly used to retrieve sensitive information like usernames and passwords v True > False 236) The primary purpose of an IDS is to detect intrusions, log suspicious events, and send alerts v True > False 696) User authentication is the basis for most types of access control and for user accountability v True > False 59) The ideal solution to the threat of malware is __________ > identification > removal > detection v prevention 98) For general-purpose block-oriented transmission you would typically use _______ mode v CBC > CTR > CFB > OFB 695) A good technique for choosing a password is to use the first letter of each word of a phrase v True > False 128) It is a good idea to use sequentially increasing numbers as challenges in security protocols > True v False 210) In Android, an app will never be able to get more permission than what the user has approved v True > False 893) Security mechanisms typically do not involve more than one particular algorithm or protocol > True v False 1127) Big-endian format is the most significant byte of a word in the low-address byte position. v True > False 341) Backdoors become threats when unscrupulous programmers use them to gain unauthorized access v True > False 894) The first step in devising security services and mechanisms is to develop a security policy v True > False 67) A number of Internet based applications have adopted two-key 3DES, including PGP and S/MIME > True v False 386) Buffer overflow exploits are no longer a major source of concern to security practitioners > True v False 936) Both static and dynamic analyses are needed in order to fully understand malware behaviors v True > False 151) In general, public key based encryption is much slower than symmetric key based encryption v True > False 011) Transmitted data stored locally are referred to as __________ > ciphertext > DES v data at rest > ECC 727) Hardware is the most vulnerable to attack and the least susceptible to automated controls v True > False 1109) The foundation of a security auditing facility is the initial capture of the audit data. v True > False 597) T/F: Encryption is a pervasive service that can be provided for data at rest in the cloud v True > False 699) Enrollment creates an association between a user and the user's biometric characteristics v True > False 222) Organizational security objectives identify what IT security outcomes should be achieved v True > False 221) SQL injection is yet another example that illustrates the importance of input validation v True > False 203) Compared with WEP, WPA2 has more flexible authentication and stronger encryption schemes v True > False 165) Network-based intrusion detection makes use of signature detection and anomaly detection v True > False 125) The strong collision resistance property subsumes the weak collision resistance property v True > False 13) Traditional RBAC systems define the access rights of individual users and groups of users > True v False 218) It is easy for the legitimate site to know if a request is really from the (human) user > True v False 200) Most browsers come equipped with SSL and most Web servers have implemented the protocol v True > False 690) User authentication is the fundamental building block and the primary line of defense v True > False 6) Security labels indicate which system entities are eligible to access certain resources > True v False 1096) A malicious driver can potentially bypass many security controls to install malware. v True > False 639) In a relational database rows are referred to as _________ > relations > attributes > views v tuples 312) Password crackers rely on the fact that some people choose easily guessable passwords v True > False 1161) An important aspect of a distributed firewall configuration is security monitoring. v True > False 1133) An important characteristic of the MAC algorithm is that it needs to be reversible. > True v False 1086) A loss of integrity is the unauthorized modification or destruction of information. v True > False 3) An auditing function monitors and keeps a record of user accesses to system resources v True > False 224) Legal and regulatory constraints may require specific approaches to risk assessment v True > False 568) T/F: Two disadvantages to database encryption are key management and inflexibility v True > False 1146) SSO enables a user to access all network resources after a single authentication. v True > False 333) Viruses, logic bombs, and backdoors are examples of independent malicious software > True v False 225) One asset may have multiple threats and a single threat may target multiple assets v True > False 371) A stack overflow can result in some form of a denial of service attack on a system v True > False 14) A constraint is a defined relationship among roles or a condition related to roles v True > False 1167) The __________ is what the virus "does". > infection mechanism > trigger > logic bomb v payload 56) Unsolicited bulk e-mail is referred to as __________ v spam > propagating > phishing > crimeware 575) The two commands that SQL provides for managing access rights are ALLOW and DENY > True v False 71) Cipher Block Chaining is a simple way to satisfy the security deficiencies of ECB v True > False 197) In IPSec, packets can be protected using ESP or AH but not both at the same time > True v False 1110) Although important,security auditing is not a key element in computer security. > True v False 933) A bot is a computer compromised by malware and under the control of a bot master v True > False 379) A buffer overflow error is not likely to lead to eventual program termination. > True v False 700) An individual's signature is not unique enough to use in biometric applications > True v False 505) _______ is a text-based protocol with a syntax similar to that of HTTP > RIP > DIP v SIP > HIP 431) Data is simply an array of _________ > characters > integers > floating-point numbers v bytes 915) The default configuration for many operating systems usually maximizes security > True v False 141) Symmetric encryption is also referred to as secret-key or single-key encryption v True > False 1081) The buffer overflow type of attack is one of the least commonly seen attacks. > True v False 23) A(n) __________ is a resource to which access is controlled v object > owner > world > subject 159) _________ was the first published public-key algorithm > ElGamal > DSA v Diffie-Hellman > RSA 1132) A __________ is an algorithm that requires the use of a secret key. > DAA > SHA > GCM v MAC 914) it is possible for a system to be compromised during the installation process v True > False 1136) the digital signature function does not include the authentication function. > True v False 19) __________ is the traditional method of implementing access control > MAC > RBAC v DAC > MBAC 1157) T F 4.The value of a primary key must be unique for each tuple of its table. v True > False 31) Malicious software aims to trick users into revealing sensitive personal data v True > False 1147) The authentication function determines who is trusted for a given purpose. > True v False 73) Cipher Feedback Mode conforms to the typical construction of a stream cipher > True v False 168) The secret key is one of the inputs to a symmetric-key encryption algorithm v True > False 1080) Buffer overflow attacks result from careless programming in applications. v True > False 70) Cipher Feedback (CFB is used for the secure transmission of single values) > True v False 586) T/F: The value of a primary key must be unique for each tuple of its table v True > False 1103) Much of the theory of public-key cryptosystems is based on number theory. v True > False 22) A __________ is an entity capable of accessing objects > group > object v subject > owner 334) In addition to propagation a worm usually performs some unwanted function v True > False 388) The buffer overflow type of attack is one of the most common attacks seen v True > False 104) Public-key encryption was developed in the late ________ > 1950s v 1970s > 1960s > 1980s 164) A common location for a NIDS sensor is just inside the external firewall v True > False 1165) Those who hack into computers do so for the thrill of it or for status. v True > False 9) An access right describes the way in which a subject may access an object v True > False 4) External devices such as firewalls cannot provide access control services > True v False 1094) The authentication server shares a unique secret key with each server. v True > False 233) The IDS component responsible for collecting data is the user interface > True v False 130) In security protocol, an obvious security risk is that of impersonation v True > False 50) Computer viruses first appeared in the early __________ > 1960s > 1970s v 1980s > 1990s 24) The final permission bit is the _________ bit > superuser > kernel > set user v sticky 1079) the XtS-AES mode is based on the concept of a tweakable block cipher. v True > False 591) T/F: Fixed server roles operate at the level of an individual database > True v False 1154) Public-key algorithms are based on simple operations on bit patterns. > True v False 40) In addition to propagating, a worm usually carries some form of payload v True > False 1144) For end-to-end encryption over a network, manual delivery is awkward. v True > False 1093) X.509 provides a format for use in revoking a key before it expires. v True > False 387) Shellcode must be able to run no matter where in memory it is located v True > False 563) T/F: Encryption becomes the last line of defense in database security v True > False 324) One important element of intrusion prevention is password management v True > False 1164) Snort can perform intrusion prevention but not intrusion detection. > True v False 68) The sender is the only one who needs to know an initialization vector > True v False 693) Many users choose a password that is too short or too easy to guess v True > False 374) Stack buffer overflow attacks were first seen in the Aleph One Worm > True v False 199) In IPSec, the sequence number is used for preventing replay attacks v True > False 372) There are several generic restrictions on the content of shellcode v True > False 583) T/F: A query language provides a uniform interface to the database v True > False 166) Symmetric encryption is used primarily to provide confidentiality v True > False 900) ASLR(if implemented correctly) can prevent return-to-libc attacks v True > False 399) Shellcode is not specific to a particular processor architecture > True v False 1143) Manual delivery of a key is not reasonable for link encryption. > True v False 839) The "A" in the CIA triad stands for "authenticity" True or False > True v False 389) Buffer overflow attacks are one of the most common attacks seen v True > False 206) In iOS, an app can run its own dynamic, run-time generated code > True v False 336) Macro viruses infect documents, not executable portions of code v True > False 732) Like the MAC, a hash function also takes a secret key as input > True v False 235) Intruders typically use steps from a common attack methodology v True > False 587) T/F: A foreign key value can appear multiple times in a table v True > False 209) In Android, all apps have to be reviewed and signed by Google > True v False 121) SHA is perhaps the most widely used family of hash functions v True > False 735) The advantage of a stream cipher is that you can reuse keys > True v False 015) Some form of protocol is needed for public-key distribution v True > False 584) T/F: A single countermeasure is sufficient for SQLi attacks > True v False 205) In iOS, each file is encrypted using a unique, per-file key > True v False 213) Malicious JavaScripts is a major threat to browser security v True > False 142) The ciphertext-only attack is the easiest to defend against v True > False 318) Insider attacks are among the easiest to detect and prevent > True v False 244) An intruder can also be referred to as a hacker or cracker v True > False 1139) the main elements of a RFID system are tags and readers. v True > False 219) SQL injection attacks only lead to information disclosure > True v False 879) External attacks are the only threats to dataase security > True v False 938) Some APT attacks last for years before they are detected v True > False 1) Access control is the central element of computer security v True > False 65) S-AES is the most widely used multiple encryption scheme > True v False 631) A data center generally includes backup power supplies v True > False 1168) Programmers use backdoors to debug and test programs. v True > False 864) ?No write down? is also referred to as the *-property v True > False 1141) the Iot depends heavily on deeply embedded systems. v True > False 135) Kerberos does not support inter-realm authentication > True v False 1151) The "A" in the CIA triad stands for "authenticity". > True v False 136) SHA-1 produces a hash value of _______ bits > 256 > 512 v 160 > 128 39) E-mail is a common method for spreading macro viruses v True > False 35) It is not possible to spread a virus via a USB stick > True v False 1097) Lower layer security does not impact upper layers. > True v False 62) There are no practical cryptanalytic attacks on 3DES v True > False 32) Keyware captures keystrokes on a compromised system > True v False 04) The secret key is input to the encryption algorithm v True > False 253) Anomaly detection is effective against misfeasors > True v False 883) A macro virus infects executable protions of code > True v False 38) A macro virus infects executable portions of code > True v False 1098) The direct flame is the only threat from fire. > True v False 702) A smart card contains an entire microprocessor v True > False 346) Malware is another name for Malicious Software v True > False 641) A _________ is a virtual table > tuple > query v view > DBMS 7) Reliable input is an access control requirement v True > False 835) Threats are attacks carried out True or False > True v False 201) Even web searches have (often) been in HTTPS v True > False 134) The ticket-granting ticket is never expired > True v False 146) Timing attacks are only applicable to RSA > True v False 1076) InvSubBytes is the inverse of ShiftRows. > True v False 208) In iOS, each app runs in its own sandbox v True > False 1153) Public-key cryptography is asymmetric. v True > False 327) Bot programs are activated by a trigger v True > False 1148) A user may belong to multiple groups. v True > False 122) SHA-1 is considered to be very secure > True v False 703) Keylogging is a form of host attack > True v False 697) Memory cards store and process data > True v False 44) Every bot has a distinct IP address v True > False 1150) Threats are attacks carried out. > True v False 144) AES uses a Feistel structure > True v False 787) Search engines support HTTPS > True v False 204) iOS has no vulnerability > True v False