Testbacksecurity

Chapter 2 Why Security is Needed square/FALSE1. In manakination securitys primary mission is to see that governances and their contents retain their confidentiality at all costs. autonomic nervous systemFPTS12. Information security safeguards the technology assets in use at the organization. autonomic nervous systemTPTS13. A firewall is a mechanism that keeps certain kinds of network traffic out of a private network. ANSTPTS14. An act of theft performed by a political hack falls into the category of theft, but is also often accompanied by defacement actions to delay discovery and thus may also be put within the category of hales of nature. ANSFPTS15. Two watchdog organizations that investigate allegations of software abuse SIIA and NSA. ANSFPTS16. A number of technical mechanismsdigital watermarks and embedded codification, copyright codes, and even the intentional placement of bad sectors on software media yield been used to enforce copyright laws. ANSTPTS17. A worm requires t hat some other program is running before it spate begin functioning. ANSFPTS18. A worm can deposit copies of itself onto all sack up servers that the infected system can reach, so that users who subsequently visit those sites become infected. ANSTPTS19. Attacks conducted by scripts are usually unpredictable. ANSFPTS110. honorable hackers are extremely talented individuals who usually devote lots of time and energy to attempting to break into other peoples information systems. ANSTPTS111. With the removal of copyright protection, software can be easily distributed and installed. ANSTPTS112. Forces of nature, force majeure, or acts of God can present some of the close to dangerous threats, because they are usually occur with very little warning and are beyond the control of people. ANSTPTS113.Much human error or failure can be prevented with training and ongoing awareness activities. ANSTPTS114. Compared to weave site defacement, vandalism within a network is slight catty in i ntent and much public. ANSFPTS115. With electronic information is stolen, the crime is readily apparent. ANSFPTS116. Organizations can use dictionaries to debar passwords during the reset process and thus guard against easy-to-guess passwords. ANSTPTS1 17. DoS efforts cannot be launched against routers. ANSFPTS118. A mail bomb is a form of DoS. ANSTPTS119.A sniffer program shows all the entropy going by on a network segment including passwords, the data wrong filessuch as word-processing documentsand screens full of sensitive data from applications. ANSTPTS120. A timing attack involves the interception of cryptographic elements to determine keys and encryption algorithms. ANSTPTS1MODIFIEDTRUE/FALSE1. Intellectual situation is defined as the ownership of ideas and control over the tangible or virtual representation of those ideas. _________________________ ANSTPTS12. The macro virus infects the key operating system files located in a estimators boot sector. __________________ ______ ANSF, boot PTS13. Once a(n) venture door has infected a computer, it can redistribute itself to all e-mail addresses found on the infected system. _________________________ ANSF virus worm PTS14. A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by proficiencys that look for preconfigured signatures. _________________________ ANSTPTS15. When voltage levels mint (experience a endorsementary increase), the extra voltage can severely damage or destroy equipment. ________________________ ANSF, spike PTS16. The shoulder looking technique is used in public or semipublic settings when individuals gather information they are not authorized to have by looking over another individuals shoulder or viewing the information from a distance. _________________________ ANSF, surfing PTS17. Hackers are people who use and create computer software to gain access to information illegally. _________________________ AN STPTS18. Packet kiddies use automated exploits to engage in distributed denial-of-service attacks. _________________________ANSF, monkeys PTS19. The term phreaker is straight commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication. _________________________ ANSF, cracker PTS110. Cyberterrorists hack systems to conduct terrorist activities via network or mesh pathways. _________________________ ANSTPTS111. The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. _________________________ ANSTPTS112.The application of computing and network resources to try every possible combination of options of a password is called a brute crack attack. _________________________ ANSF, force PTS113. One form of e-mail attack that is also a DoS is called a mail spoof, in which an assailant routes large quantities of e-mail to the target. _________________________ ANSF, bomb PTS114. Sniffers often work on TCP/IP networks, where theyre sometimes called packet sniffers. _________________________ ANSTPTS115. A(n) cookie can ply an attacker to collect information on how to access password-protected sites. ________________________ ANSTPTS1MULTIPLE CHOICE1. Which of the following functions does information security perform for an organization?a. defend the organizations ability to function.b. Enabling the safe operation of applications implemented on the organizations IT systems.c. Protecting the data the organization collects and uses.d. All of the above.ANSDPTS12. ____ is an integrated system of software, encryption methodologies, and legal agreements that can be used to support the entire information infrastructure of an organization.a. SSLb. PKIc. PKCd. SISANSBPTS13. ____ are software programs that haze over their true nature, and reveal their designed behavior only when activated.a. Virusesb. Wormsc. S pamd. Trojan horsesANSDPTS14. Which of the following is an example of a Trojan horse program?a. Netskyb. MyDoomc. Klezd. Happy99. exeANSDPTS15. As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ____.a. false alarmsb. power faultsc. hoaxesd. urban legendsANSCPTS16. Web hosting services are usually arranged with an agreement providing minimum service levels known as a(n) ____.a. SSLb. SLAc. MSLd. MINANSBPTS17. Complete loss of power for a moment is known as a ____.a. sagb. faultc. brownoutd. blackoutANSBPTS18. Acts of ____ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.a. bypassb. naturec. trespassd. securityANSCPTS19. There are generally two science levels among hackers expert and ____.a. noviceb. journeymanc. packet monkeyd. professionalANSAPTS110.One form of online vandalism is ____ operations, which throw in with or separate syste ms to protest the operations, policies, or actions of an organization or government agency.a. hacktivistb. phvistc. hackcyberd. cyberhackANSAPTS111. According to Mark Pollitt, ____ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents.a. infoterrorismb. cyberterrorismc. hackingd. crackingANSBPTS112. ___ is any technology that aids in gathering information active a person or organization without their knowledge.a. A botb. Spywarec. Trojand. WormANSBPTS113. The ____ data file contains the hashed representation of the users password.a. SLAb. SNMPc. FBId. SAMANSDPTS114. In a ____ attack, the attacker sends a large number of connection or information requests to a target.a. denial-of-serviceb. distributed denial-of-servicec. virusd. spamANSAPTS115. A ____ is an attack in which a coordinated stream of requests is launched agains t a target from many locations at the same time.a. denial-of-serviceb. distributed denial-of-servicec. virusd. spamANSBPTS116. ____ are machines that are directed remotely (usually by a transmitted command) by the attacker to enrol in an attack.a. Dronesb. Helpersc. Zombiesd. ServantsANSCPTS117. In the well-known ____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.a. zombie-in-the-middleb. sniff-in-the-middlec. server-in-the-middled. man-in-the-middleANSDPTS118.The ____ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network.a. WWWb. TCPc. FTPd. HTTPANSBPTS119. 4-1-9 fraud is an example of a ____ attack.a. fond engineeringb. virusc. wormd. spamANSAPTS120. Microsoft acknowledged that if you type a res// URL (a Microsoft-devised type of URL) which is longer than ____ characters in Internet Explorer 4. 0, the browser will crash.a. 64b. 128c. 256d. 512ANSCPTS1COMPLETI ON1. A(n) ____________________ is an object, person, or other entity that represents an ongoing danger to an asset.ANSthreat PTS12. Duplication of software-based intellectual property is more commonly known as software ____________________. ANSpiracy PTS13. A computer virus consists of segments of code that perform ____________________ actions. ANSmalicious PTS14. A(n) ____________________ is a malicious program that replicates itself constantly, without requiring another program environment. ANSworm PTS15. A virus or worm can have a payload that installs a(n) ____________________ door or trap door component in a system, which allows the attacker to access the system at will with fussy privileges.ANSback PTS16. A momentary low voltage is called a(n) ____________________. ANSsag PTS17. Some information gathering techniques are quite legal, for example, using a Web browser to perform market research. These legal techniques are called, collectively, competitive ____________________. ANSintelligence PTS18. When information gatherers employ techniques that cross the doorway of what is legal or ethical, they are conducting industrial ____________________. ANSespionage PTS19. The expert hacker sometimes is called ____________________ hacker. ANSelite PTS110.Script ____________________ are hackers of limited skill who use expertly written software to attack a system. ANSkiddies PTS111. A(n) ____________________ hacks the public telephone network to make free calls or disrupt services. ANSphreaker PTS112. ESD means electrostatic ____________________. ANSdischarge PTS113. A(n) ____________________ is an act that takes advantage of a vulnerability to compromise a controlled system. ANSattack PTS114. A(n) ____________________ is an identified weakness in a controlled system, where controls are not present or are no longer effective. ANSvulnerability PTS115. Attempting to reverse-calculate a password is called ____________________. ANScracking PTS116. __________________ __ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host. ANSSpoofing PTS117. ____________________ is unsolicited commercial e-mail. ANSSpam PTS118. In the context of information security, ____________________ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.ANSsocial engineering PTS119. The timing attack explores the contents of a Web browsers ____________________. ANScache PTS120. A(n) ____________________ is an application error that occurs when more data is sent to a program buffer than it is designed to handle.ANS buffer overrun buffer overflow PTS1ESSAY1. List at least six general categories of threat.ANS Compromises to intellectual property piracy, copyright infringementSoftware attacks viruses, worms macros, denial of serviceDeviations in qual ity of service ISP, power, or wan service issues from service providers Espionage or trespass unauthorized access and /or data collectionSabotage or vandalism destruction of system or information Forces of nature Human error or failure Information extortion Missing, inadequate, or incomplete Missing, inadequate, or incomplete controls Theft Technical computer hardware failures or errors Technical software failures or errors Technological obsolescence PTS12. Describe viruses and worms.ANS A computer virus consists of segments of code that perform malicious actions.The code attaches itself to the existing program and takes control of that programs access to the targeted computer. The virus-controlled target program then carries out the viruss plan, by replicating itself into additional targeted systems. A worm is a malicious program that replicates itself constantly, without requiring another program to provide a safe environment for replication. Worms can continue replicating them selves until they completely fill usable resources, such as memory, hard drive space, and network bandwidth. PTS13. Describe the capabilities of a sniffer.ANSA sniffer is a program or device that can monitor data traveling over a network.Sniffers can be used both for legitimate network management functions and for stealing information from a network. Unauthorized sniffers can be extremely dangerous to a networks security, because they are virtually impossible to detect and can be inserted well-nigh anywhere. Sniffers often work on TCP/IP networks, where theyre sometimes called packet sniffers. A sniffer program shows all the data going by, including passwords, the data inside files and screens full of sensitive data from applications. PTS1