Testbacksecurity

Chapter 2 Why Security is NeededTRUE/FALSE1. Information securitys primary mission is to ensure that governing bodys and their contents retain their confidentiality at either costs. autonomic nervous constitutionFPTS12. Information security safeguards the technology assets in uptake at the organization. autonomic nervous systemTPTS13. A firewall is a mechanism that keeps accredited kinds of network traffic out of a private network. autonomic nervous systemTPTS14. An act of theft accomplished by a hacker falls into the kin of theft, but is in like manner often accompanied by defacement actions to embarrass discovery and thus may also be placed at heart the category of forces of nature. autonomic nervous systemFPTS15. Two watchdog organizations that investigate allegations of package ab occupyment SIIA and NSA. autonomic nervous systemFPTS16. A number of technical mechanismsdigital watermarks and embedded code, copyright codes, and even the intentional placement of bad sec tors on parcel media bewilder been used to enforce copyright laws. ANSTPTS17. A move requires that an opposite class is running before it wad begin functioning. ANSFPTS18. A worm butt joint adhere copies of itself onto all Web servers that the infected system good deal reach, so that users who afterward visit those sites become infected. ANSTPTS19. Attacks conducted by scripts argon ordinarily unpredictable. ANSFPTS110. Expert hackers be extremely talented mortals who usually devote lots of time and energy to attempting to break into other rafts knowledge systems. ANSTPTS111. With the removal of copyright protection, softw atomic number 18 program can be easily distributed and installed. ANSTPTS112. Forces of nature, force majeure, or acts of God can pay some of the most dangerous threats, because they be usually occur with very little warning and are beyond the control of people. ANSTPTS113.Much human error or visitation can be prevented with training and ongoing awareness activities. ANSTPTS114. Compared to Web site defacement, vandalism within a network is little malicious in intent and more public. ANSFPTS115. With electronic information is stolen, the crime is readily apparent. ANSFPTS116. Organizations can use dictionaries to disallow passwords during the reset process and thus guard against easy-to-guess passwords. ANSTPTS1 17. DoS blows cannot be launched against routers. ANSFPTS118. A mail go is a form of DoS. ANSTPTS119.A sniffer program shows all the entropy going by on a network segment including passwords, the data inside depositssuch as word-processing documentsand screens full of sensitive data from applications. ANSTPTS120. A timing attack involves the interception of cryptographic elements to determine pro brings and encoding algorithms. ANSTPTS1MODIFIEDTRUE/FALSE1. Intellectual position is defined as the ownership of ideas and control over the tangible or virtual representation of those ideas. __________________ _______ ANSTPTS12. The macro virus infects the key operating system files located in a computers boot sector. ________________________ ANSF, boot PTS13. Once a(n) back approach has infected a computer, it can redistribute itself to all e-mail addresses found on the infected system. _________________________ ANSF virus worm PTS14. A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by proficiencys that look for preconfigured signatures. _________________________ ANSTPTS15. When emf levels surge (experience a momentary increase), the extra potential drop can in earnest damage or destroy equipment. ________________________ ANSF, spike PTS16. The bring up looking technique is used in public or public settings when individuals gather learning they are not authorized to have by looking over another individuals shoulder or viewing the information from a distance. _________________________ ANSF, surfing PTS17 . Hackers are people who use and create computer software to gain coming to information illegally. _________________________ ANSTPTS18. Packet kiddies use automated exploits to engage in distributed denial-of-service attacks. _________________________ANSF, monkeys PTS19. The term phreaker is now ordinarily associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication. _________________________ ANSF, cracker PTS110. Cyberterrorists hack systems to conduct terrorist activities via network or earnings pathways. _________________________ ANSTPTS111. The malicious code attack includes the execution of viruses, worms, trojan horses, and active Web scripts with the intent to destroy or steal information. _________________________ ANSTPTS112.The application of computing and network re reference works to try every assertable combination of options of a password is called a brute crack attack. _________________________ ANSF, force PTS113. One form of e-mail attack that is also a DoS is called a mail spoof, in which an assailant routes spacious quantities of e-mail to the target. _________________________ ANSF, bomb PTS114. Sniffers often work on TCP/IP networks, where theyre sometimes called sheaf sniffers. _________________________ ANSTPTS115. A(n) cookie can allow an aggressor to collect information on how to access password-protected sites. ________________________ ANSTPTS1MULTIPLE CHOICE1. Which of the succeeding(a) functions does information security perform for an organization?a. Protecting the organizations efficiency to function.b. Enabling the safe operation of applications implemented on the organizations IT systems.c. Protecting the data the organization collects and uses.d. All of the above.ANSDPTS12. ____ is an integrated system of software, encryption methodologies, and legal agreements that can be used to support the ideal information infrastructure of an organization.a. SSLb. PKI c. PKCd. SISANSBPTS13. ____ are software programs that hide their trustworthy nature, and reveal their designed behavior only when activated.a. Virusesb. Wormsc. spamd. Trojan horsesANSDPTS14. Which of the following is an example of a Trojan horse program?a. Netskyb. MyDoomc. Klezd. Happy99. exeANSDPTS15. As frustrating as viruses and worms are, perhaps more time and money is washed-out on resolving virus ____.a. false alarmsb. powerfulness faultsc. hoaxesd. urban legendsANSCPTS16. Web hosting services are usually arranged with an agreement providing minimum service levels known as a(n) ____.a. SSLb. SLAc. MSLd. MINANSBPTS17. Complete loss of power for a moment is known as a ____.a. sagb. faultc. brownoutd. blackoutANSBPTS18. Acts of ____ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.a. bypassb. naturec. trespassd. securityANSCPTS19. There are generally two skill levels amon g hackers expert and ____.a. noviceb. journeymanc. packet monkeyd. professionalANSAPTS110.One form of online vandalism is ____ operations, which interfere with or disrupt systems to knowledge the operations, policies, or actions of an organization or government agency.a. hacktivistb. phvistc. hackcyberd. cyberhackANSAPTS111. According to mug Pollitt, ____ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents.a. infoterrorismb. cyberterrorismc. hackingd. crackingANSBPTS112. ___ is each technology that aids in gathering information about a person or organization without their knowledge.a. A botb. Spywarec. Trojand. WormANSBPTS113. The ____ data file contains the hashed representation of the users password.a. SLAb. SNMPc. FBId. SAMANSDPTS114. In a ____ attack, the attacker sends a large number of connection or information r equests to a target.a. denial-of-serviceb. distributed denial-of-servicec. virusd. spamANSAPTS115. A ____ is an attack in which a coordinated pepper of requests is launched against a target from many locations at the same time.a. denial-of-serviceb. distributed denial-of-servicec. virusd. spamANSBPTS116. ____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack.a. Dronesb. Helpersc. Zombiesd. ServantsANSCPTS117. In the well-known ____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.a. zombie-in-the-middleb. sniff-in-the-middlec. server-in-the-middled. man-in-the-middleANSDPTS118.The ____ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network.a. WWWb. TCPc. FTPd. HTTPANSBPTS119. 4-1-9 fraud is an example of a ____ attack.a. neighborly engineeringb. virusc. wormd. spamANSAPTS120. Microsoft acknowledge d that if you type a res// universal resource locator (a Microsoft-devised type of URL) which is longer than ____ characters in Internet Explorer 4. 0, the browser depart crash.a. 64b. 128c. 256d. 512ANSCPTS1COMPLETION1. A(n) ____________________ is an object, person, or other entity that represents an ongoing danger to an asset.ANSthreat PTS12. Duplication of software-based intellectual property is more commonly known as software ____________________. ANSpiracy PTS13. A computer virus consists of segments of code that perform ____________________ actions. ANSmalicious PTS14. A(n) ____________________ is a malicious program that replicates itself constantly, without requiring another program environment. ANSworm PTS15. A virus or worm can have a payload that installs a(n) ____________________ door or trap door contribution in a system, which allows the attacker to access the system at lead with special privileges.ANSback PTS16. A momentary low voltage is called a(n) _____________ _______. ANSsag PTS17. Some information gathering techniques are quite legal, for example, using a Web browser to perform market research. These legal techniques are called, collectively, competitive ____________________. ANSintelligence PTS18. When information gatherers employ techniques that cross the threshold of what is legal or ethical, they are conducting industrial ____________________. ANSespionage PTS19. The expert hacker sometimes is called ____________________ hacker. ANSelite group PTS110.Script ____________________ are hackers of limited skill who use expertly scripted software to attack a system. ANSkiddies PTS111. A(n) ____________________ hacks the public promise network to make free calls or disrupt services. ANSphreaker PTS112. ESD means electrostatic ____________________. ANSdischarge PTS113. A(n) ____________________ is an act that takes usefulness of a vulnerability to compromise a controlled system. ANSattack PTS114. A(n) ____________________ is an identifie d weakness in a controlled system, where controls are not present or are no longer effective. ANSvulnerability PTS115. Attempting to reverse-calculate a password is called ____________________. ANScracking PTS116. ____________________ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host. ANSSpoofing PTS117. ____________________ is unsolicited commercial e-mail. ANSSpam PTS118. In the context of information security, ____________________ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.ANSsocial engineering PTS119. The timing attack explores the contents of a Web browsers ____________________. ANS lay away PTS120. A(n) ____________________ is an application error that occurs when more data is sent to a program pilot than it is designed to handle.ANS bu ffer overrun buffer overflow PTS1ESSAY1. List at least sextette general categories of threat.ANS Compromises to intellectual property piracy, copyright infringement software package attacks viruses, worms macros, denial of serviceDeviations in quality of service ISP, power, or crazy service issues from service providers Espionage or trespass unauthorized access and /or data collectionSabotage or vandalism destruction of system or information Forces of nature Human error or ill fortune Information extortion Missing, inadequate, or incomplete Missing, inadequate, or incomplete controls Theft practiced big(p)ware failures or errors Technical software failures or errors Technological obsolescence PTS12. Describe viruses and worms.ANS A computer virus consists of segments of code that perform malicious actions.The code attaches itself to the existing program and takes control of that programs access to the targeted computer. The virus-controlled target program then carries out the viruss plan, by replicating itself into additional targeted systems. A worm is a malicious program that replicates itself constantly, without requiring another program to provide a safe environment for replication. Worms can continue replicating themselves until they completely fill available resources, such as memory, hard drive space, and network bandwidth. PTS13. Describe the capabilities of a sniffer.ANSA sniffer is a program or device that can monitor data traveling over a network.Sniffers can be used both(prenominal) for legitimate network management functions and for stealing information from a network. unlicensed sniffers can be extremely dangerous to a networks security, because they are virtually impossible to detect and can be inserted to the highest degree anywhere. Sniffers often work on TCP/IP networks, where theyre sometimes called packet sniffers. A sniffer program shows all the data going by, including passwords, the data inside files and screens full of sens itive data from applications. PTS1