Term
| The policies of the Bell-LaPadula model are |
|
Definition
| *-Property (no write down) and Simple Security Rule (no read up) |
|
|
Term
| The term "script kiddies" refers to |
|
Definition
| A hacker of low-end technical ability |
|
|
Term
|
Definition
| A hacker with a high level of technical ability |
|
|
Term
| Users on your network receive an e-mail warning them of a dangerous computer virus. It instructs the user to delete files it claims were put there by the virus, but they are actually critical system files. This is an example of |
|
Definition
|
|
Term
| Locks, sign-in logs, and security guards are examples of |
|
Definition
|
|
Term
| Locks, sign-in logs, and security guards are examples of |
|
Definition
|
|
Term
| What is an unstructured threat? |
|
Definition
| An attack that is uncoordinated, nonspecific, and lasts a short amount of time |
|
|
Term
| What is a structured threat? |
|
Definition
| An attack that uses coordination, insiders, and lasts for a long period of time |
|
|
Term
|
Definition
| An attack that was made to look like an attack from Iraq, but was actually made by two teenagers from California who got training in Israel |
|
|
Term
| All of the following are techniques used by a social engineer EXCEPT |
|
Definition
| An attacker runs a brute force attack on a password. |
|
|
Term
| Which of the following is NOT an example of a poor security practice? |
|
Definition
| An employee does not allow a person he is talking to, to enter a secured area behind him before showing proper credentials. |
|
|
Term
| Which of the following is a security model that uses transactions as the basis for its rules? |
|
Definition
|
|
Term
| What is the most common threat to information security in an organization? |
|
Definition
|
|
Term
| The company CIO wants you and your team to check the security of the network by simulating an attack by malicious individuals. He is asking you to |
|
Definition
| Conduct a penetration test |
|
|
Term
| The outermost layer of physical security should |
|
Definition
| Contain the most publicly visible activities |
|
|
Term
| The most sensitive equipment should be located |
|
Definition
| Deep inside the organization |
|
|
Term
| The IDS fails to alert on an intruder's ping sweep and port scan. This is a failure of which element of the operational model of computer security? |
|
Definition
|
|
Term
| Attackers need a certain amount of information before launching their attack. One common place to find information is to go through the trash of the target to find information that could be useful to the attacker. This process of going through a target's trash is known in the community as |
|
Definition
|
|
Term
| Which of the following is not a common wireless communications method? |
|
Definition
|
|
Term
| What is the problem described by the van Eck phenomenon and studied under TEMPEST? |
|
Definition
| Electromagnetic eavesdropping |
|
|
Term
| The first step an administrator can take to reduce possible attacks is to |
|
Definition
| Ensure all patches for the operating system and applications are installed |
|
|
Term
| What is a good first step for companies to take to fight potential social engineering attacks? |
|
Definition
| Establish policies and procedures dictating the roles and responsibilities all users, as well as security administrators |
|
|
Term
| Bob works in a small office with a network of computers. Bob, along with all the other employees, is responsible for securing his own computer on the network. This is an example of network security |
|
Definition
|
|
Term
| Computer security and information assurance are the same thing |
|
Definition
|
|
Term
| The steps an attacker takes in attempting to penetrate a targeted network are extremely different from the ones that a security consultant performing a penetration test would take. |
|
Definition
|
|
Term
| There are three general reasons a particular computer system is attacked: It is specifically targeted by the attacker, it is a target of opportunity, or it is a target that was specified to be attacked by a larger criminal organization. |
|
Definition
|
|
Term
| Operating systems and applications all implement rights and permissions the same way. |
|
Definition
|
|
Term
| Social engineers attempt to exploit the natural tendencies of people. They do this by |
|
Definition
| First trying to evoke sympathy; if this fails, then by fear of confrontation |
|
|
Term
| Social engineers attempt to exploit the natural tendencies of people. They do this by |
|
Definition
| First trying to evoke sympathy; if this fails, then by fear of confrontation |
|
|
Term
| A fire suppression system that is safe for equipment, but dangerous for humans is |
|
Definition
|
|
Term
|
Definition
| He used social engineering, sniffers, and cloned cell phones to gain unauthorized access to networks belonging to Motorola, Novell, Fujitsu, and Sun Microsystems |
|
|
Term
| Background checks, drug testing, retirement, and termination are elements found in which type of policy? |
|
Definition
|
|
Term
|
Definition
| Identifies ports that are open and services that are running |
|
|
Term
| If the system is infected with a time bomb, it means that |
|
Definition
| It has a piece of malicious code that will be triggered at a certain time |
|
|
Term
| The database administrator falls ill and is not able to come to work for three weeks. No one else in the company knows how to administer the database server. This is a result of not following which principle? |
|
Definition
|
|
Term
| Reducing the number of services to the least number necessary for it to properly perform its functions is an example of which principle? |
|
Definition
|
|
Term
| When information is disclosed to individuals not authorized to see it, you have suffered a |
|
Definition
|
|
Term
| Ensuring that users have access only to the files they need to complete their tasks is an example of which principle? |
|
Definition
|
|
Term
| When users are unable to access information or the systems processing information, you may have suffered a |
|
Definition
|
|
Term
| A successful attack on a network may adversely impact security in all the following ways EXCEPT |
|
Definition
|
|
Term
| What was the Slammer Worm/Virus? |
|
Definition
| Malware that exploited Microsoft SQL Server and spread across the world in just 10 minutes |
|
|
Term
| When creating a password, users tend to use |
|
Definition
| Names of family, pets, or teams |
|
|
Term
| Which of the following is the weakest password |
|
Definition
|
|
Term
| IEEE 802.11 is a set of standards suited for |
|
Definition
|
|
Term
| The incident response team reviewed the security logs and discovered that the network had been breached, due to a misconfigured firewall. This is a failure of which element of the operational model of computer security? |
|
Definition
|
|
Term
| The policies of the Biba model are? |
|
Definition
| Ring (no read down) and Low-Water-Mark (no write up |
|
|
Term
| A database server is put on the network by the for a project manager. No one is told it is there except for the project manager, so that he can work on it without worrying that other individuals will try to get to it. This is an example of which principle? |
|
Definition
| Security through obscurity |
|
|
Term
| A person parks his car by an ATM, sets up a small camera discreetly pointed at ATM keypad, and then pretends to be going through bank papers in his car. This would be an example of |
|
Definition
|
|
Term
| The three types of authentication used for access control are |
|
Definition
| Something you have, something you know, something you are |
|
|
Term
| A fire suppression system that is safe for humans, but will destroy equipment is |
|
Definition
|
|
Term
| Making the effort to compromise a system more costly than the value of accomplishing it is the goal of security |
|
Definition
|
|
Term
| Fifty years ago, few people had access to a computer system or network, so securing them was a relatively easy matter. |
|
Definition
|
|
Term
| As the level of sophistication of attacks has increased, |
|
Definition
| The level of knowledge necessary to exploit vulnerabilities has decreased |
|
|
Term
| Why is the Morris worm significant? |
|
Definition
| This was the first large-scale attack on the Internet |
|
|
Term
| The first step an administrator can take to minimize possible attacks is to ensure that all patches for the operating system and applications are installed |
|
Definition
|
|
Term
| According to the Computer Crime and Security Survey, the four types of attacks that increased from 2007 to 2008 were |
|
Definition
| Unauthorized access, theft/loss of proprietary information, misuse of web applications, and DNS attacks |
|
|
Term
| When an attacker attempts to get credit card numbers using telephone and voice technologies, it's called |
|
Definition
|
|
Term
|
Definition
| Warfare conducted against information and information processing equipment |
|
|
Term
| Bob inadvertently disconnects the cable from the company file server. This creates a problem of ________. |
|
Definition
|
|
Term
| Jane is in the finance department. Although she should not be able to open files or folders from the marketing department, she can and does. This a problem of ___________. |
|
Definition
|
|
Term
| Three means of establishing auditability: something you know, something you have, or something you are. |
|
Definition
|
|
Term
| The Code Red Worm spread to 350,000 computers in just over a week. |
|
Definition
|
|
Term
| The A in CIA refers to the term auditability. |
|
Definition
|
|
Term
| Bob works in a small office with a network of computers. Bob, along with all the other employees, is responsible for securing his own computer on the network. This is an example of network security. |
|
Definition
|
|
Term
| Operating systems and applications all implement rights and permissions the same way. |
|
Definition
|
|
Term
| The biggest change that has occurred in security over the last 30 years has been the change in the computing environment from small, tightly contained mainframes to a highly widespread network of much larger systems. |
|
Definition
|
|
Term
| Leaving sensitive information in a car is appropriate if the doors are locked and the files are not in plain view. |
|
Definition
|
|
Term
| Halon is effective at putting out fires and safe for humans but can damage equipment. |
|
Definition
|
|
Term
| Standards are recommendations relating to a policy. |
|
Definition
|
|
Term
| A good security practice is to choose one good password and use it for all of your various accounts. |
|
Definition
|
|
Term
| Hoaxes, while a potential nuisance, can not cause any real harm to your data. |
|
Definition
|
|
Term
| Spear phishing is when an attacker attempts to redirect a user to a bogus web site that appears similar to the web site the user had intended to access. |
|
Definition
|
|
Term
| TEMPEST is a program developed by the US department of defense to protect equipment from the ill effects of weather and other natural disasters. |
|
Definition
|
|
Term
| UPS is short for keeping UP Services. |
|
Definition
|
|
Term
| Jane is in the finance department. Although she should not be able to modify files or folders from the marketing department, she can, and does. This a problem of ___________. |
|
Definition
|
|
Term
| Joe sends a scathing e-mail to his boss regarding increased work hours. Joe tries to deny sending the e-mail, but is unable to due to the use of digital signatures. This is an example of ________. |
|
Definition
|
|
Term
| During the day, it takes an employee twice as long to retrieve files from the server that is under attack. The attack has resulted in a degradation of availability. |
|
Definition
|
|
Term
| Access controls, firewalls, and encryption are technologies used for prevention |
|
Definition
|
|
Term
| All applications, scripts, and batch files run in the same security context of the user who is logged in at the time. |
|
Definition
|
|
Term
| Backups, incident response teams, and computer forensics are response technologies |
|
Definition
|
|
Term
| The first step an administrator can take to minimize possible attacks is to ensure that all patches for the operating system and applications are installed |
|
Definition
|
|
Term
| Auditability refers to whether a control can be verified as functioning or not. |
|
Definition
|
|
Term
| Phishing is the most common form of social engineering attack related to computer security. |
|
Definition
|
|
Term
| Shoulder surfing is when a person looks over the shoulder of another person while typing pins or passwords. |
|
Definition
|
|
Term
| Voice recognition, iris scans, and facial geometry can be used for biometric access controls. |
|
Definition
|
|
Term
| Shoulder surfing is when a person looks over the shoulder of another person while typing pins or passwords. |
|
Definition
|
|
Term
| Procedures are high-level, broad statements of what the organization wants to accomplish. |
|
Definition
|
|
Term
| A critical piece of equipment that provides power to systems even during a black out is called a(n) _______________. |
|
Definition
| uninterruptible power supply |
|
|
Term
|
Definition
| A for loop provides a convenient way to create a(n) ____ loop. |
|
|
Term
| prefix increment operator |
|
Definition
| When you want to increase a variable’s value by exactly 1, use the ____. |
|
|
Term
|
Definition
| A loop controlled by the user is a type of ____ loop. |
|
|
Term
|
Definition
How many times will outputLabel be called?
for(customer = 1; customer <= 20; ++customer)
for(color = 1; color <= 3; ++color) {
outputLabel();
}
} |
|
|
Term
|
Definition
| Use a(n) ____ loop to execute a body of statements continually as long as the Boolean expression that controls entry into the loop continues to be true. |
|
|
Term
|
Definition
| A(n) ____ is a structure that allows repeated execution of a block of statements. |
|
|
Term
|
Definition
| In Java, the ____ assigns a value to the variable on the left. |
|
|
Term
| the loop control variable is false |
|
Definition
| In a do...while loop, the loop will continue to execute until ____. |
|
|
Term
|
Definition
| ____ is the process of ensuring that a value falls within a specified range. |
|
|
Term
|
Definition
| You use a unary minus sign preceding a value to make the value ____. |
|
|
