donhodges.comdonhodges.com/gcc/196/homework1.docx · web viewit made security personnel aware of...

CS/IS 196 Homework #1

Instructions: Answer all questions and put the answers on the excel spreadsheet which is available on the web site. Print out the answer sheet or email it to me before the due deadline.

Be sure to put your name on the answer sheet.

Chapter 1

Introduction and Security Trends

1. Which Internet worm, released in 1988, is considered to be one of the first real Internet crime cases?

A. The Code Red Worm

B. The Morris Worm

C. The Slammer Worm

D. The Jester Worm

2. Which Internet criminal is famous for conducting his attacks using a number of different tools and techniques, including social engineering, sniffers, and cloned cellular telephones?

A. Robert Morris

B. Kevin Mitnick

C. Timothy Lloyd

D. David Smith

3. What target did the teenage hacker who went by the name “Jester” attack in March 1997?

A. He hacked Sony, stealing over 70 million user accounts.

B. He broke into the U.S. electric power grid, mapped it out, and planted destructive programs that could be activated at a later date.

C. He attacked Estonia with a massive denial-of-service (DoS) cyberattack.

D. He cut off telephone services to the FAA control tower as well as the emergency services at the Worcester Airport and the community of Rutland, Massachusetts.

4. How did the Code Red worm spread?

A. It exploited a buffer-overflow vulnerability in computers running Microsoft SQL Server or SQL Server Desktop Engine.

B. It collected key-strokes, screenshots, and network traffic from open ports.

C. It made use of a buffer-overflow condition in Microsoft’s IIS web servers that had been known for a month.

D. It entered through the victim’s Outlook address book software and then replicated itself by sending infected emails to the first 50 contacts.

5. What was the primary lesson learned from the Slammer worm?

A. It made security personnel aware of attacks that had been going on for years without being noticed.

B. It drove home the point that the Internet could be adversely impacted in a matter of minutes.

C. It brought the attention of state-sponsored malware to light.

D. It made security personnel aware of data breaches that had been dominating the security landscape.

6. How did the Slammer worm infect computer systems?

A. It entered through the victim’s Outlook address book software and then replicated itself by sending infected emails to the first 50 contacts.

B. It collected keystrokes, screenshots, and network traffic from open ports.

C. It exploited a buffer-overflow vulnerability in computers running Microsoft SQL Server or SQL Server Desktop Engine.

D. It “slams” shut a computer by not allowing any user to log in.

7. Which Internet worm created infected systems that were part of what is known as a bot network (or botnet) and could be used to cause a DoS attack on a target or to forward spam e-mail to millions of users?

A. Slammer

B. Code Red

C. “ILOVEYOU”

D. Conficker

8. What name was given to the advanced persistent threat (APT) style spy network responsible for bugging the Dalai Lama’s office?

A. Melissa

B. GhostNet

C. Conficker

D. Code Red

9. Which attack is an example of an advanced persistent threat (APT) first reported by Google, but also targeting Adobe, Yahoo, Juniper Networks, Rackspace, Symantec, and several major U.S. financial and industrial firms?

A. Operation Aurora

B. Operation Bot Roast

C. Conficker

D. Stuxnet

10. Which attacks represent examples of state-sponsored malware?

A. Melissa, Shamoon, and Operation Night Dragon

B. “Jester” and Melissa

C. Stuxnet, Duqu, and Flame

D. Slammer, Code Red, and Melissa

11. Which malware uses command and control servers across the globe to collect elements such as keystrokes and system information from machines and deliver them to unknown parties?

A. Duqu

B. Shamoon

C. Melissa

D. Regin

12. Which suspected nation-state malware platform poses interest because of its stealth, its complexity, and its ability to hide its command and control network from investigators?

A. Energetic Bear

B. The Dragonfly group

C. Regin

D. LulzSec

13. In 2014, on how many different threat actors, including criminals, hactivists, state-sponsored groups, and nation states, did CrowdStrike report?

A. 19

B. 29

C. 39

D. 49

14. Which term describes a category of attacks that generally are conducted over short periods of time (lasting at most a few months), involve a smaller number of individuals, have little financial backing, and are accomplished by insiders or outsiders who do not seek collusion with insiders?

A. Unstructured threat category

B. Structured threat category

C. Highly structured threat category

D. Critical infrastructure category

15. Which statement applies to viruses?

A. They typically are highly visible once released.

B. They are the best tool to use in highly structured attacks.

C. They are the best tool to use in attacks where secrecy is vital.

D. They are targeted at a specific organization.

16. Who is considered to be the ultimate insider, with his name being synonymous with the insider threat issue?

A. Robert Morris

B. Edward Snowden

C. Kevin Mitnick

D. Vladimir Levin

17. Into which threat category does information warfare fall?

A. Structured

B. Highly structured

C. Critical

D. Open-source

18. What name was given an intellectual property attack executed against oil, gas, and petrochemical companies in the United States?

A. Operation Night Dragon

B. Shamoon

C. Jester

D. Stuxnet

19. Which term refers to an attack conducted against a site with software that is vulnerable to a specific exploit?

A. Time bombs

B. Advanced persistent threats

C. Specific target attack

D. Target of opportunity

20. What is the first step an administrator can take to reduce possible attacks?

A. Ensure all patches for the operating system and applications are installed.

B. Install a firewall.

C. Install anti-spyware software.

D. Configure an intrusion detection system.

--- END CHAPTER 1 ---

Chapter 2

General Security Concepts

1. Which equation describes the operational model of security?

A. Prevention = Protection + (Detection + Response)

B. Prevention = Protection + (Detection x Response)

C. Protection = Prevention + (Detection + Response)

D. Protection = Prevention + (Detection x Response)

2. What are the three operational tenets found in secure deployments?

A. Least privilege, separation of privilege and defense in depth

B. Session management, host management, network management

C. Host management, network management, and configuration management

D. Session management, exception management, and configuration management

3. Which term refers to the invocation of conditions that fall outside the normal sequence of operation?

A. Exceptions

B. Least privilege

C. economy of mechanism

D. Fail-safe defaults

4. Which term refers to the design and operation of elements to ensure the proper functional environment of a system?

A. Layered security

B. Configuration management

C. Diversity of defense

D. Session management

5. What is one of the most fundamental principles in security?

A. Open design

B. Complete mediation

C. Least privilege

D. Economy of mechanism

6. Which security principle states that access should be based on more than one item?

A. Separation of privilege

B. Complete mediation

C. Fail-safe defaults


7. Which term is used when separation of privilege is applied to people?

A. Security through obscurity

B. Diversity of defense

C. Nonrepudiation

D. Separation of duties

8. Which security principle states that if you have not specifically been allowed access, then it should be denied?

A. Complete mediation

B. Implicit deny

C. Least privilege

D. Security through obscurity

9. Which security principle is described as always using simple solutions when available?

A. Least common mechanism

B. Fail-safe defaults

C. Economy of mechanism

D. Open design

10. Which security principle refers to the concept that each and every request should be verified?

A. Least privilege

B. Separation of duties


D. Complete mediation

11. Which security concept uses the approach of protecting something by hiding it?

A. Least common mechanism

B. Security through obscurity


D. Open design

12. Which term describes the process where individuals analyze the binaries for programs to discover embedded passwords or cryptographic keys?



C. Sandboxing

D. Reverse-engineering

13. Which term describes a means of separating the operation of an application from the rest of the operating system?



C. Sandboxing

D. Reverse-engineering

14. Which security principle is characterized by the use of multiple, different defense mechanisms with a goal of improving the defensive response to an attack?

A. Sandboxing

B. Defense in depth

C. Reverse-engineering

D. Complete mediation

15. Which term refers to making different layers of security dissimilar so that even if attackers know how to get through a system that comprises one layer, they may not know how to get through a different type of layer that employs a different system for security?

A. Sandboxing

B. Reverse-engineering

C. Diversity of defense


16. What is the most common authentication mechanism?

A. To provide something you do

B. To provide something you know

C. To provide something you have

D. To provide something about you

17. What type of authentication mechanism is a magnetic strip card containing a user’s identifying information?

A. Something you do

B. Something you know

C. Something you have

D. Something about you

18. What type of authentication mechanism is a fingerprint?

A. Something you do

B. Something you know

C. Something you have

D. Something about you

19. What is the most common authentication mechanism?

A. Signature

B. Password

C. Fingerprint

D. Magnetic card strip

20. The entity that implements a chosen security policy and enforces those characteristics deemed most important by the system designers is known as the

A. Security model

B. Group policy

C. CIA model

D. NIST Cyber Security Framework

21. Which confidentiality model is defined by controlling read and write access based on conflict of interest rules?

A. Bell-LaPadula security model

B. Biba security model

C. Brewer-Nash security model

D. Ring policy security model

22. Which security model developed in the late 1970s addresses integrity?

A. Biba

B. Bell-LaPadula

C. Simple Security

D. Ring

23. Which security model uses transactions as the basis for its rules?

A. Biba

B. Bell-LaPadula

C. Simple Security

D. Clark-Wilson

24. What are the policies of the Biba model?

A. Ring (no read down) and Low-Water-Mark (no write up)

B. *-Property (no write down) and Simple Security Rule (no read up)

C. *-Property (no write up) and Simple Security Rule (no read down)

D. Ring (no read up) and Low-Water-Mark (no write down)

25. In the Clark-Wilson security model, what are the two levels of integrity?

A. Host and network

B. Integrity verification processes (IVPs) and transformation processes (TPs)

C. Ring and Low-Water-Mark

D. Constrained data items (CDIs) and unconstrained data items (UDIs)


Chapter 3

Operational/Organizational Security

1. What are the four steps that make up the policy life cycle?

A. Plan, implement, monitor, and evaluate

B. Define, detail, execute, and monitor

C. Identify, isolate, destroy, and document

D. Define, implement, manufacture, and monitor

2. Which term describes a method to check the security of a system by simulating an attack by a malicious individual?

A. Vulnerability assessment

B. Penetration test

C. Due diligence

D. Due care

3. Which term describes a high-level statement produced by senior management that outlines both what security means to the organization and the organization’s goals for security?

A. Acceptable use policy (AUP)

B. Security policy

C. Security guidelines

D. Product life cycle

4. Which type of classification includes categories such as High, Medium, Low, Confidential, Private, and Public?

A. Human resources classification

B. Acceptable use classification

C. Change management classification

D. Information classification

5. Which term generally refers to the standard of care a reasonable person is expected to exercise in all situations?

A. Due care

B. Due diligence

C. Acceptable use

D. Incident response

6. Which term generally refers to the standard of care a business is expected to exercise in preparation for a business transaction?

A. Due care

B. Due diligence

C. Acceptable use

D. Incident response

7. What five phases should be covered in the incident response policy?

A. Preparation, detection, containment and eradication, recovery, and follow-up actions

B. Plan, implement, monitor, evaluate, document, and train

C. Identification, isolation, destruction, documentation, and training

D. Preparation, detection, isolation, destruction, and documentation

8. What is the best defense against phishing and other social engineering attacks?

A. A memorandum of understanding (MOU)

B. An educated and aware body of employees

C. An intrusion detection system (IDS)

D. A Faraday cage

9. Which term refers to contractual agreements between entities that describe specified levels of service that the servicing entity agrees to guarantee for the customer?

A. Business partnership agreement (BPA)

B. Interconnection security agreement (ISA)

C. Service level agreement (SLA)

D. Memorandum of understanding (MOU)

10. Which term describes a legal agreement between partners establishing the terms, conditions, and expectations of the relationship between the partners?





11. Which term describes a legal document used to describe a bilateral agreement between parties?





12. Which term describes a specialized agreement between organizations that have interconnected IT systems, the purpose of which is to document the security requirements associated with the interconnection?





13. Which term refers to the security perimeter, with its several layers of security, along with additional security mechanisms that may be implemented on a system (such as user IDs/passwords)?

A. Defense-in-depth

B. Peer-to-peer communication

C. Public switched telephone network (PSTN)

D. Client-server communication

14. Which term eliminates the traditional land lines in an organization and replaces them with special telephones that connect to the IP data network?

A. Voice over IP (VoIP)

B. Peer-to-peer communication

C. Client-server communication

D. Public switched telephone network (PSTN)

15. Which term refers to the mechanisms used to ensure that physical access to computer systems and networks is restricted to authorized users?

A. Intrusion detection system (IDS)

B. Due diligence

C. Physical security

D. TEMPEST

16. What is the most common physical access control device that has been around in some form for centuries?

A. Video surveillance

B. Lock

C. Fingerprinting

D. Simple access control log

17. Which statement describes an advantage of using biometrics for physical access control?

A. The individual always has the biometric in their possession.

B. Biometrics are 100 percent effective.

C. Hand geometry requires a fairly small device.

D. Biometrics is a less sophisticated access control approach.

18. What are the three common techniques for verifying a person’s identity and access privileges?

A. Passwords, tokens, and key cards

B. Something you know, something you have, and something about you

C. Encryption, deception, and retention

D. Encryption, hashes, and signatures

19. For what type of communications is Bluetooth technology used?

A. Underwater communications

B. Long-range communications

C. Short-range communications

D. Space communications

20. Which environment is best suited for the IEEE 802.11 set of standards?

A. Wide area networks

B. Local area networks

C. Personal area networks

D. Cellular networks.

21. Which term describes communication that is designed so that devices can talk directly with each other without having to go through a central device?

A. Client-server communication

B. Pass-thru communication

C. Peer-to-peer communication

D. Direct media communication

22. Which cell phone network component consists of antennas, receivers, transmitters, and amplifiers?

A. The phones themselves

B. The hardware and software that allows communication

C. The wires carrying the signal

D. The base stations

23. What condition is described by the van Eck phenomenon and studied under TEMPEST?

A. Electromagnetic pulses destroying sensitive computer equipment

B. Magnetic fields that interfere with signals crossing Local Area Network (LAN) cables

C. Electromagnetic eavesdropping

D. Piggybacking on electromagnetic communications

24. Which statement describes one of the simplest and least costly ways to protect against emanations being picked up by an attacker?

A. Purchase shielded equipment.

B. Place enough distance between the target and the attacker.

C. Use a Faraday cage.

D. Encrypt the emanations.

25. Which term describes a shielded enclosure (such as a room) used to hold equipment in order to protect it from eavesdropping on electronic emanations?

A. Public switched telephone network (PSTN)

B. Base station

C. Man trap

D. Faraday cage


Chapter 4

The Role of People in Security

1. Which statement describes why social engineering is successful?

A. People tend to forgo personal egos to better an organization.

B. People have a basic desire to withhold information for personal gain.

C. People have a basic desire to be helpful.

D. People with a higher status may be coerced into providing information to those of lower status.

2. Which term describes a type of phishing where individuals who are high up in an organization such as the corporate officers are targeted?

A. Whaling

B. Pharming

C. DNS poisoning

D. Vishing

3. Which statement describes how shoulder surfing is accomplished?

A. An attacker attempts to find little bits of information in a target trash can.

B. An attacker directly observes the target entering sensitive information on a form, keypad, or keyboard.

C. An attacker follows closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.

D. An attacker masquerades as a trusted entity in an e-mail or instant message sent to a large

group of often random users.

4. Which term is used when an attacker attempts to get credit card numbers using telephone and voice technologies?

A. Vishing

B. Telephishing

C. Phreaking

D. Voicing

5. Which statement accurately describes how pharming is accomplished?

A. The attacker attempts to engage the target in conversation and tries to evoke sympathy so that the target feels sorry for the individual and is more prone to provide information.

B. The attacker acts as a custodian and while watering the organization’s plants, he places cameras to record keystrokes.

C. The attacker gathers prominent bits of information from the organization’s recycling/trash.

D. The user is directed to a fake web site as a result of modification of local host files, which are used to convert URLs to the appropriate IP address.

6. Which term describes an attack that changes URLs in a server’s domain name table?

A. Whaling

B. Vishing

C. DNS poisoning

D. Swimming

7. Which statement explains why vishing is successful?

A. Vishing is successful because people desire to be helpful.

B. Vishing is successful because indi¬viduals normally seek to avoid confrontation and trouble.

C. Vishing is successful because of the trust that individuals place in the telephone system.

D. Vishing is successful because people tend to trash information that might be used in a penetration attempt.

8. Which statement identifies the best defense to prevent information from being obtained in a shoulder surfing attack?

A. Small shields should be installed to block the view of a user’s entry into a keypad.

B. The keypad system should be designed with “scrambled” numbers to help make shoulder surfing more difficult.

C. Cameras should be installed over the keypad to record the area and the person entering the information.

D. Users should be aware of their surroundings and not allow individuals to get into a position from which they can observe what the user is entering.

9. What common password character combinations do users tend to use when creating passwords?

A. All capital letters

B. Passwords that are too long

C. Names of family, pets, or teams

D. Numbers only

10. Which statement describes how reverse social engineering is accomplished?

A. An attacker attempts to find little bits of information that could be useful for an attack in a

target trash can.

B. An attacker tries to convince the target to initiate contact and then gets the target to give up confidential information.

C. An attacker uninstalls software on an unsuspecting user’s computer.

D. An attacker initiates a conversation with the target to obtain confidential information.

11. A user receives an e-mail warning of a dangerous computer virus and instructing the user to delete files it claims were put there by the virus. However, the files are actually critical system files. Which term describes this scenario?

A. Social engineering

B. Reverse social engineering

C. A hoax

D. Phishing

12. Which strategy identifies one of the most common, least effective, and most dangerous security practices?

A. Choosing poor passwords

B. Using encrypted signatures

C. Being too customer-focused

D. Hiding your employee badge

13. Which password is strongest?

A. P@$$w0rd

B. G0*49ers

C. C#as%t*1ng

D. April301980

14. Which password is weakest?

A. I@w3us1@!

B. P@$$w0rd

C. C#as%t*1ng

D. H#e31L9pM3

15. Which statement describes an example of a poor security practice?

A. An organization hires employees that challenge personnel without proper ID.

B. An organization allows their users to load software with the knowledge and assistance of administrators.

C. An organization allows flower and pizza deliveries to a guard’s desk only.

D. An employee creates a good password and then uses it for all accounts.

16. Which statement describes how piggybacking is accomplished?

A. An attacker modifies local host files, which are used to convert URLs to the appropriate IP address.

B. An attacker attempts to find little bits of information in a target trash can.

C. An attacker follows closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.

D. An attacker masquerades as a trusted entity in an e-mail or instant message sent to a large group of often random users.

17. Which statement describes how dumpster diving is accomplished?

A. An attacker directly observes the target entering sensitive information on a form, keypad, or keyboard.

B. An attacker changes URLs in a server’s domain name table.

C. An attacker watches what a user discards into the Windows recycle bin on the user’s computer.

D. An attacker attempts to find little bits of information that could be useful for an attack in a target trash can.

18. What is a sophisticated countermeasure to piggybacking?

A. A man trap

B. A rogue access point

C. A concrete barrier

D. A camera

19. Which statement describes how an attacker can open up a backdoor?

A. A user can install an unsecured wireless access point so that they can access the organization’s network from many different areas.

B. An attacker can follow closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.

C. An attacker leave the door to a room or building ajar.

D. An attacker follows closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.

20. Which statement describes the security risk of installing games on an organization’s system?

A. The games may not be compatible with the operating system version.

B. The software may contain a piece of malicious code capable of opening a backdoor.

C. The users may play during work hours instead of during breaks.

D. The games may take up too much memory on the computer and slow down processing making it difficult to work.

21. Which statement identifies a good first step for companies to take to fight potential social engineering attacks?

A. Buy the latest virus protection software and install on the systems.

B. Establish policies and procedures dictating the roles and responsibilities all users, as well as security administrators.

C. Monitor all phone calls and check logs on a daily basis.

D. Conduct background checks on all contractors, consultants, delivery persons, and partners that may have access to the facilities.

22. A user installs unauthorized communication software on a modem allowing her to connect to her machine at work from home via that modem. What outcome may result from this action?

A. A rogue access point may be created.

B. A DNS spoofing attack may occur.

C. A vishing attack may occur.

D. A man trap may occur.

23. What is a paradox of social engineering attacks?

A. An attack can compromise an organization’s corporate secrets yet identify the organization’s greatest assets.

B. People are not only the biggest problem and security risk but also the best tool in defending

against an attack.

C. A social engineering security breach may actually highlight how unhelpful an organization’s employees can be.

D. Attacks happen frequently, yet little corporate data is stolen.

24. What is a good way to reduce the chance of a successful social engineering attack?

A. Lock all doors to the organization’s building.

B. Implement a strong security education and awareness training program.

C. Use security guards at the building entry point.

D. Use biometric security controls.

25. What activity in most effective for encouraging an awareness of issues such as social engineering and good security habits in employees?

A. Wearing ID badges

B. Using biometric scanners

C. Backing up data

D. Providing training


donhodges.comdonhodges.com/gcc/196/homework1.docx · web viewit made security personnel aware of...

Documents