Security Test 1

question

The Morris Worm is
answer

the most common name for the first large-scale attack on the Internet that occurred in November of 1988. REF 1
question

The Morris worm was significant because
answer

this was the first large-scale attack on the Internet. REF 1-2
question

Computer viruses are the
answer

most common threat to information security in an organization. REF 7
question

The term “script kiddies” refers to
answer

a hacker of low-end technical ability. REF 8
question

An unstructured threat is an attack that is
answer

uncoordinated, nonspecific, and lasts a short amount of time. REF 8
question

A structured threat is an attack that uses
answer

coordination, insiders, and lasts for a long period of time. REF9
question

Information warfare is warfare conducted
answer

against information and information processing equipment. REF 9
question

The term “hacktivist” refers to a hacker who
answer

is motivated by a political agenda. REF 11
question

A port scan identifies ports that are
answer

open and services that are running. REF 12
question

A ping sweep sends
answer

ICMP echo requests to the target machine. REF 12
question

Kevin Mitnick used
answer

social engineering, sniffers, and cloned cell phones to gain unauthorized access to networks belonging to Motorola, Novell, Fujitsu, and Sun Microsystems. REF 2
question

Solar Sunrise is an attack that
answer

was made to look like an attack from Iraq, but was actually made by two teenagers from California who got training in Israel. REF 3
question

The Slammer Worm/Virus is
answer

malware that exploited Microsoft SQL Server and spread across the world in just 10 minutes. REF 5
question

An elite hacker is a hacker with
answer

a high level of technical ability. REF 8
question

If the system is infected with a time bomb, it means that
answer

It has a piece of malicious code that will be triggered at a certain time. REF 2-3
question

When information is modified by individuals not authorized to change it you have
answer

suffered a loss of integrity. REF 14
question

When information is disclosed to individuals not authorized to see it, you have suffered a
answer

loss of confidentiality. REF 14
question

As the level of sophistication of attacks has increased
answer

the level of knowledge necessary to exploit vulnerabilities has decreased. REF 10-11
question

According to the Computer Crime and Security Survey, the four types of attacks that increased from 2007 to 2008 were
answer

unauthorized access, theft/loss of proprietary information, misuse of web applications, and DNS attacks. REF 11
question

In April 2009, Homeland Security Secretary Janet Napolitano told reporters
answer

China and Russia made attempts to break into the US electric power grid. REF 5
question

The first step an administrator can take to reduce possible attacks is to
answer

ensure all patches for the operating system and applications are installed. REF 13
question

The message “Hacked by Chinese,” was left by the
answer

Code Red Worm. REF 4
question

When users are unable to access information or the systems processing information, you may have suffered a loss of
answer

availability. REF 14
question

Each of the infected systems became part of what is known as a
answer

bot network, which could be used to cause a DoS attack on a target or to forward spam e-mail to millions of users, as a result of the Conficker. REF 6
question

Information assurance places the focus on
answer

the security processes and the actual data. REF 21
question

The term which refers to the attempt to gain unauthorized access to systems and computers used by a telephone company to operate its telephone network is a
answer

phreaker. REF 21
question

Jane is in the finance department. Although she should not be able to open files or folders from the marketing department, she can and does. This is a problem of
answer

confidentiality. REF 22 (CIA)
question

Jane is in the finance department. Although she should not be able to modify files or folders from the marketing department, she can, and does. This is a problem of
answer

integrity. REF 22 (CIA)
question

Bob inadvertently disconnects the cable from the company file server. This creates a problem of
answer

availability. REF 22 (CIA)
question

Joe sends a scathing e-mail to his boss regarding increased work hours. Joe tries to deny sending the e-mail, but is unable to due to the use of digital signatures. This is an example of
answer

nonrepudiation. REF 22
question

Ensuring that and individual is who they claim to be is the function of
answer

authentication. REF 22
question

The incident response team reviewed the security logs and discovered that the network had been breached, due to a misconfigured firewall. This is a failure of
answer

the Prevention element of the operational model of computer security. REF 22-23
question

The operational model of security is
answer

Protection = Prevention + (Detection + Response). REF 22
question

A newly purchased server with a defect catches fire and all data on the device is lost. A backup was never performed. This is a failure of the
answer

Response element of the operational model of computer security. REF 22-23
question

The IDS fails to alert on an intruder’s ping sweep and port scan. This is a failure of the
answer

Detection element of the operational model of computer security. REF 22-23
question

Ensuring that users have access only to the files they need to complete their tasks is an example of the
answer

Least Privilege principle. REF 24
question

Requiring one employee to place an order and another employee to authorize the sale is an example of the
answer

Separation of duties principle. REF 25
question

A list of web sites that can be visited is created. Only sites that are on the list are allowed to be accessed. This is an example of the
answer

Implicit deny principle. REF 25
question

Reducing the number of services to the least number necessary for it to properly perform its functions is an example of the
answer

“Keep it simple” principle. REF 30
question

A database server is put on the network by the for a project manager. No one is told it is there except for the project manager, so that he can work on it without worrying that other individuals will try to get to it. This is an example of
answer

“Security through obscurity”. REF 29
question

The network engineer suggests purchasing two firewalls from different companies so that a vulnerability affecting one type of firewall will not leave the entire network vulnerable. This is an example of
answer

“Diversity of defense”. REF 28-29
question

The database administrator falls ill and is not able to come to work for three weeks. No one else in the company knows how to administer the database server. This is a result of not following the
answer

Job rotation principle. REF 26
question

The hacker was successful in breaching the firewall, the packet filtering router, and the internal firewall, but was quickly detected and unable to get past the workstation personal firewall. This is an example of the
answer

Layered security principle. REF 26-27
question

A person who tries to gradually obtain information necessary to compromise a network—by first appealing for help, and then, if necessary, by a more aggressive approach—is a
answer

social engineer. REF 33-34
question

John, who is in the development group, has admin passwords to both the development group files and the production group files. This might be a violation of the
answer

“Need to Know” policy. REF 39
question

A company doing business online conducted all financial transactions over the Internet without any encryption. As a result, customer information such as credit card numbers, expiration dates, and the security codes found on the back of the credit cards was stolen. This is a violation of the
answer

“Due diligence” policy. REF 38
question

Jane spends quite a bit of time on Facebook, and other social networking sites during work hours. This has resulted in reduced productivity. This is likely a violation of the
answer

“Acceptable use” policy. REF 36-37
question

Rumors spread around the office that Mrs. Smith was stealing office supplies as well as talking badly about the senior management. This rumor eventually reached her boss, who then fired her. This is likely a violation of the
answer

“Due process ” policy. REF 40-42
question

Statements made by management that lays out the organization’s position on an issue are called
answer

policies. REF 51
question

Your boss needs instructions explaining the steps of how to send encrypted email properly for all employees. You will need to create the
answer

procedure recommendations as it relates to a policy is a function of Guidelines.
question

The company CIO wants you and your team to check the security of the network by simulating an attack by malicious individuals. He is asking you to conduct a
answer

penetration test. REF 52
question

The three types of authentication used for access control are something you
answer

have, something you know, something you are. REF 55
question

The outermost layer of physical security should contain the
answer

most publicly visible activities. REF 56
question

A critical piece of equipment that provides power to systems even during a black out is called
answer

an uninterruptible power supply. REF 57
question

A fire suppression system that is safe for equipment, but dangerous for humans is
answer

Halon. REF 58
question

A fire suppression system that is safe for humans, but will destroy equipment is
answer

Sprinkler-based systems. REF 58
question

Bluetooth is a wireless technology that is used for
answer

short-range communications. REF58
question

IEEE 802.11 is a set of standards suited for
answer

local area networks. REF 59
question

802.11 wireless networks in relation to wired networks are
answer

easy to set up but less secure. REF 59
question

When creating a password, users tend to use
answer

names of family, pets, or teams. REF 72-73
question

Social engineers attempt to exploit the natural tendencies of people. They do this by first
answer

trying to evoke sympathy; if this fails, then by fear of confrontation. REF 67
question

An attacker watches people as they enter a building requiring a key card. He waits until he see someone who appears to be in a rush and has their hands full. He then intercepts the person, makes quick small talk, offers to help them hold what’s in their hands while he swipes in, and follows behind. This is an example of
answer

Piggybacking. REF 73
question

A person parks his car by an ATM, sets up a small camera discreetly pointed at ATM keypad, and then pretends to be going through bank papers in his car. This would be an example of
answer

Shoulder surfing. REF 70
question

Attackers need a certain amount of information before launching their attack. One common place to find information is to go through the trash of the target to find information that could be useful to the attacker. This process of going through a target’s trash is known in the community as
answer

Dumpster diving. REF 74
question

Installing unauthorized hardware such as a communication software and modem may cause
answer

a security breach and allow an intruder to have access to an organization’s system by opening up a backdoor. REF 75
question

Users on your network receive an e-mail warning them of a dangerous computer virus. It instructs the user to delete files it claims were put there by the virus, but they are actually critical system files. This is an example of a
answer

hoax. REF 71
question

The art of secret writing that enables an individual to hide the contents of a message from all but the intended recipient is called
answer

Cryptography. REF 82
question

A corporate spy copies proprietary information into a text file and then hides the text file in an image file. The image file is then posted on the company’s web site for others who know where to look to extract the information. This is the example of the use of
answer

Steganography. REF 103
question

Agents intercept a message that is encrypted. They use various techniques to try and decipher the plain text message. This is an example of
answer

Cryptanalysis. REF 83
question

The cipher that replaces each letter of the alphabet with a different letter (not in sequence) is a
answer

Substitution cipher. REF 84-85
question

Encrypting a message by simply rearranging the order of the letters is a function of the
answer

Transposition cipher. REF 82
question

An attacker is able to decrypt a message by finding a key that was not securely stored and should have been revoked. This is the result of
answer

Poor key management. REF 86
question

A special mathematical function that performs one-way encryption is called
answer

Hashing function. REF 87
question

Hashing algorithms can be compromised by
answer

a collision attack. REF 88
question

The encryption method based on the idea of using a shared key for encryption and decryption of data is
answer

symmetric encryption. REF 92
question

The encryption method base on the idea of two keys, one that is public and one that is private is
answer

asymmetric encryption. REF 99
question

Keeping a copy of an encryption key with a trusted third party is known as
answer

key escrow. REF 107
question

Digital signatures encryption verifies that a document was
answer

sent by the person it says it is from. REF 108

Get instant access to
all materials

Become a Member