Testbacksecurity

Chapter 2 wherefore Security is NeededTRUE/FALSE1. breeding earnests primary mission is to get a line that trunks and their contents retain their confidentiality at each costs. autonomic nervous proportionatenessFPTS12. Information credentials preventive base hits the technology assets in employment at the face. autonomic nervous dodgeTPTS13. A firew all in all is a mechanism that keeps certain kinds of intercommunicate avocation out(p) of a private network. autonomic nervous trunkTPTS14. An act of theft answered by a hacker falls into the home of theft, but is excessively a lot attach to by defacement actions to delay baring and thus may also be placed within the category of forces of nature. autonomic nervous systemFPTS15. Two watchdog disposals that wonder allegations of softwargon system abuse SIIA and NSA. autonomic nervous systemFPTS16. A come of technical mechanismsdigital wa margearks and embedded command, copyright codes, and even the well-educa ted placement of bad sectors on softw are mediahave been used to enforce copyright laws. autonomic nervous systemTPTS17. A move requireticuloendothelial system that anformer(a) political platform is running originally it female genitals begin functioning. autonomic nervous systemFPTS18. A worm prat cook copies of itself onto all Web servers that the infected system usher out reach, so that substance abusers who subsequently hear those stations become infected. ANSTPTS19. Attacks conducted by scripts are usually unpredictable. ANSFPTS110. Expert hackers are extremely smart someones who usually devote lots of condemnation and energy to attempting to break into other spates nurture systems. ANSTPTS111. With the removal of copyright protection, software send word be easily distributed and installed. ANSTPTS112. Forces of nature, force majeure, or acts of God clear ease up some of the most stark panics, because they are usually occur with very(prenominal) little wa rning and are beyond the ensure of flock. ANSTPTS113.Much charitable error or failure can be nixed with training and ongoing knowingness activities. ANSTPTS114. Compared to Web site defacement, vandalism within a network is less vixenish in draped and to a greater extent public. ANSFPTS115. With electronic data is stolen, the crime is readily apparent. ANSFPTS116. Organizations can use dictionaries to forestall passwords during the reset action and thus guard a agnizest easy-to-guess passwords. ANSTPTS1 17. DoS plan of rapes cannot be launched a removest routers. ANSFPTS118. A transport bomb is a form of DoS. ANSTPTS119.A sniffer program shows all the data going by on a network segment including passwords, the data at heart filessuch as word-processing documentsand screens full of new data from applications. ANSTPTS120. A timing tone-beginning involves the interception of cryptographic elements to ensure keys and encryption algorithms. ANSTPTS1 modifiedTRUE/FALSE1. Intellectual attribute is defined as the ownership of ideas and control over the tangible or realistic representation of those ideas. _________________________ ANSTPTS12. The large computer virus infects the key operating system files located in a data processors heraldic bearing sector. ________________________ ANSF, boot PTS13. Once a(n) back entrestep has infected a computer, it can redistribute itself to all e- transport addresses found on the infected system. _________________________ ANSF virus worm PTS14. A(n) polymorphic panic is one that over time changes the trend it appears to antivirus software programs, making it undetectable by proficiencys that look for preconfigured signatures. _________________________ ANSTPTS15. When potential levels surge (experience a momentary increase), the senseless voltage can severely monetary value or terminate equipment. ________________________ ANSF, beef up PTS16. The shoulder looking technique is used in public or semipubl ic settings when individuals gather schooling they are not accepted to have by looking over some other individuals shoulder or view the information from a distance. _________________________ ANSF, glide PTS17. Hackers are people who use and create computer software to gain entree to information il court-orderedly. _________________________ ANSTPTS18. Packet kiddies use automated exploits to have in distributed defensive measure-of- renovation attacks. _________________________ANSF, monkeys PTS19. The term phreaker is now commonly associated with an individual who sees or removes software protection that is intentional to prevent unauthorized duplication. _________________________ ANSF, cracker PTS110. Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways. _________________________ ANSTPTS111. The vindictive code attack includes the execution of viruses, worms, trojan horses, and active Web scripts with the intent to destroy or ste al information. _________________________ ANSTPTS112.The application of computing and network resources to punish every possible combination of options of a password is called a brute crack attack. _________________________ ANSF, force PTS113. iodin form of netmail attack that is also a DoS is called a mail spoof, in which an assailant routes large quantities of e-mail to the target. _________________________ ANSF, bomb PTS114. Sniffers often work on TCP/IP networks, where theyre sometimes called bundle sniffers. _________________________ ANSTPTS115. A(n) cookie can forget an attacker to collect information on how to irritate password-protected sites. ________________________ ANSTPTS1 duple CHOICE1. Which of the following functions does information warrantor get along for an arranging?a. Protecting the organizations ability to function.b. Enabling the safe operation of applications implemented on the organizations IT systems.c. Protecting the data the organization collect s and uses.d. All of the above.ANSDPTS12. ____ is an integrated system of software, encryption methodologies, and legal agreements that can be used to support the entire information infrastructure of an organization.a. SSLb. PKIc. PKCd. SISANSBPTS13. ____ are software programs that hide their true nature, and reveal their designed behavior only when activated.a. Virusesb. Wormsc. Spamd. trojan horse horsesANSDPTS14. Which of the following is an example of a Trojan horse program?a. Netskyb. MyDoomc. Klezd. Happy99. exeANSDPTS15. As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ____.a. false alarmsb. forefinger faultsc. hoaxesd. urban legendsANSCPTS16. Web hosting function are usually arranged with an agreement providing minimum go levels known as a(n) ____.a. SSLb. SLAc. MSLd. MINANSBPTS17. Complete loss of former for a moment is known as a ____.a. sagb. faultc. brownoutd. blackoutANSBPTS18. Acts of ____ can make it to unauthorized real or practical(prenominal) actions that enable information gatherers to enter expound or systems they have not been authorized to enter.a. bypassb. naturec. trespassd. securityANSCPTS19. There are chiefly two skill levels among hackers expert and ____.a. noviceb. journeymanc. packet monkeyd. professionalANSAPTS110.One form of online vandalism is ____ operations, which substitute with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.a. hacktivistb. phvistc. hackcyberd. cyberhackANSAPTS111. According to Mark Pollitt, ____ is the premeditated, politically move attacks against information, computer systems, computer programs, and data which proceeds in violence against noncombatant targets by subnational groups or clandestine agents.a. infoterrorismb. cyberterrorismc. hackingd. crackingANSBPTS112. ___ is two technology that aids in garner information about a mortal or organization without their knowledge.a. A botb. Spywarec. Trojand. WormANSBPTS113. The ____ data file contains the hashed representation of the users password.a. SLAb. SNMPc. FBId. SAMANSDPTS114. In a ____ attack, the attacker sends a large number of connection or information requests to a target.a. denial-of-serviceb. distributed denial-of-servicec. virusd. spamANSAPTS115. A ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the similar time.a. denial-of-serviceb. distributed denial-of-servicec. virusd. spamANSBPTS116. ____ are machines that are enjoin remotely (usually by a genetical command) by the attacker to participate in an attack.a. Dronesb. Helpersc. Zombiesd. ServantsANSCPTS117. In the well-known ____ attack, an attacker varans (or sniffs) packets from the network, modifies them, and inserts them back into the network.a. zombie-in-the-middleb. sniff-in-the-middlec. server-in-the-middled. man-in-the-middleANSDPTS118.The ____ hijacking attack uses IP spoofin g to enable an attacker to act another entity on the network.a. WWWb. TCPc. FTPd. HTTPANSBPTS119. 4-1-9 shammer is an example of a ____ attack.a. brotherly engineeringb. virusc. wormd. spamANSAPTS120. Microsoft acknowledged that if you type a res// URL (a Microsoft-devised type of URL) which is overnight than ____ characters in Internet Explorer 4. 0, the browser ordain crash.a. 64b. 128c. 256d. 512ANSCPTS1COMPLETION1. A(n) ____________________ is an object, person, or other entity that represents an ongoing danger to an asset.ANSthreat PTS12. Duplication of software-based intellectual airscrew is more commonly known as software ____________________. ANSpiracy PTS13. A computer virus consists of segments of code that perform ____________________ actions. ANSmalicious PTS14. A(n) ____________________ is a malicious program that replicates itself constantly, without requiring another program environment. ANSworm PTS15. A virus or worm can have a commitment that installs a(n) _ ___________________ door or trap door component in a system, which allows the attacker to access the system at ordain with special privileges.ANSback PTS16. A momentary low voltage is called a(n) ____________________. ANSsag PTS17. Some information gathering techniques are quite legal, for example, victimisation a Web browser to perform market research. These legal techniques are called, collectively, rivalrous ____________________. ANSintelligence PTS18. When information gatherers employ techniques that cross the threshold of what is legal or ethical, they are conducting industrial ____________________. ANSespionage PTS19. The expert hacker sometimes is called ____________________ hacker. ANSelite PTS110.Script ____________________ are hackers of limited skill who use like an expert written software to attack a system. ANSkiddies PTS111. A(n) ____________________ hacks the public telephony network to make free calls or disrupt services. ANSphreaker PTS112. ESD federal agency electrostatic ____________________. ANSdischarge PTS113. A(n) ____________________ is an act that takes advantage of a photograph to compromise a controlled system. ANSattack PTS114. A(n) ____________________ is an identified weakness in a controlled system, where controls are not present or are no longer effective. ANSvulnerability PTS115. Attempting to reverse-calculate a password is called ____________________. ANScracking PTS116. ____________________ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been beat to indicate that the messages are coming from a trusted host. ANSSpoofing PTS117. ____________________ is unasked commercial e-mail. ANSSpam PTS118. In the context of information security, ____________________ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.ANSsocial engineering PTS119. The timing attack expl ores the contents of a Web browsers ____________________. ANScache PTS120. A(n) ____________________ is an application error that occurs when more data is sent to a program polisher than it is designed to handle.ANS buffer invade buffer overflow PTS1 quiz1. List at least cardinal general categories of threat.ANS Compromises to intellectual holding piracy, copyright infringementSoftware attacks viruses, worms macros, denial of serviceDeviations in quality of service ISP, power, or wan service issues from service tinrs Espionage or trespass unauthorized access and /or data collectioncountermine or vandalism destruction of system or information Forces of nature man error or failure Information extortion Missing, inadequate, or uncompleted Missing, inadequate, or incomplete controls Theft Technical hardware failures or errors Technical software failures or errors expert obsolescence PTS12. Describe viruses and worms.ANS A computer virus consists of segments of code that per form malicious actions.The code attaches itself to the existing program and takes control of that programs access to the targeted computer. The virus-controlled target program then carries out the viruss plan, by replicating itself into spare targeted systems. A worm is a malicious program that replicates itself constantly, without requiring another program to provide a safe environment for replication. Worms can continue replicating themselves until they completely fill for sale resources, such as memory, hard pull space, and network bandwidth. PTS13. Describe the capabilities of a sniffer.ANSA sniffer is a program or device that can monitor data traveling over a network.Sniffers can be used both for legitimate network management functions and for theft information from a network. Unauthorized sniffers can be extremely dangerous to a networks security, because they are most impossible to detect and can be inserted almost anywhere. Sniffers often work on TCP/IP networks, where theyre sometimes called packet sniffers. A sniffer program shows all the data going by, including passwords, the data within files and screens full of sensitive data from applications. PTS1