Beruflich Dokumente
Kultur Dokumente
Instruction:
Name:
Matric #:
IC#.:
Location: _______________________________
Date:
_______________________________
Time:
_______________________________
1. Which threats are characterized by possibly long periods of preparation (years is not
uncommon), tremendous financial backing, a large and organized group of
attackers, and attempts to subvert insiders or to plant individuals inside a potential
target in advance of a planned attack?
A.)
Unstructured threats
B.)
Structured threats
C.)
D.)
2. Which of the following is an attempt to find and attack a site that has hardware or
software that is vulnerable to a specific exploit?
A.)
B.)
Targeted attack
C.)
D.)
3. Which of the following threats has not grown over the last decade as a result of
increasing numbers of Internet users?
A.)
Viruses
B.)
Hackers
C.)
Denial-of-Service attacks
D.)
4. The rise of which of the following has greatly increased the number of individuals
who probe organizations looking for vulnerabilities to exploit?
A.)
Virus writers
B.)
Script kiddies
C.)
Hackers
D.)
Elite hackers
5. Which of the following is generally viewed as the first Internet worm to have
caused significant damage and to have brought the Internet down?
A.)
Melissa
B.)
C.)
D.)
Code Red
Kevin Mitnick
B.)
Vladamir Levin
C.)
Timothy Lloyd
D.)
David Smith
7. According to the CSI/FBI survey, which of the following is the only statistic to have
shown a decrease in 2003?
A.)
B.)
C.)
D.)
Both B and C
8. Which virus/worm was credited with reaching global proportions in less than ten
minutes?
A.)
Code Red
B.)
C.)
Melissa
D.)
Slammer
Computer intrusions
B.)
Hacking
C.)
Cracking
D.)
Probing
Viruses/worms
B.)
Script kiddies
C.)
Hackers
D.)
Hacktivists
11. Warfare conducted against the information and information processing equipment
used by an adversary is known as:
A.)
Hacking
B.)
Cyber terrorism
C.)
Information warfare
D.)
Network warfare
12. An attacker who feels using animals to make fur coats is unethical and thus defaces
the Web site of a company that sells fur coats is an example of:
A.)
Information warfare
B.)
Hacktivisim
C.)
Cyber crusading
D.)
Elite hacking
Electricity (power)
B.)
C.)
Telecommunications
D.)
Retail stores
Unstructured
B.)
C.)
Structured
D.)
Highly structured
15. Elite hackers don't account for more than what percentage of individuals conducting
intrusive activity on the Internet?
A.)
12 percent
B.)
35 percent
C.)
710 percent
D.)
1520 percent
Smart card
B.)
Tokens
C.)
Username/password
D.)
Retinal scan
B.)
C.)
D.)
18. The security principle used in the Bell-LaPadula security model that states that no
subject can read from an object with a higher security classification is the
A.)
B.)
Ring policy
C.)
D.)
*-property
B.)
C.)
D.)
B.)
C.)
It allows for multiple users to utilize the same account but with different user
IDs.
D.)
It bases access decisions on the role of the user, as opposed to using the
more common user ID/password combination.
21. The Bell-LaPadula security model is an example of a security model that is based
on:
A.)
B.)
C.)
D.)
22. What was described in the chapter as being essential in order to implement
mandatory access controls?
A.)
Smart cards
B.)
Certificates
C.)
D.)
23. In which access control mechanism does the operating system determine the access
control permissions for subjects?
A.)
Mandatory
B.)
Role-based
C.)
Discretionary
D.)
Token-based
B.)
Could ultimately result in all subjects having the integrity level of the least
trusted object on the system
C.)
D.)
Does not adequately prevent users from viewing files they are not entitled to
Ticket
B.)
Token
C.)
Certificate
D.)
Biometrics
26. The alternative proposed by some to replace the term hacker (a reference to
individuals who attempt to gain unauthorized access to computer systems or
networks) is
A.)
Lamer
B.)
Phreaker
C.)
Script kiddie
D.)
Cracker
Availability
B.)
Access
C.)
Integrity
D.)
Role-based authentication
B.)
C.)
D.)
B.)
A set of roles that the user may perform will be assigned to each user, thus
controlling what the user can do and what information they may access.
C.)
The focus is on the confidentiality of the data the system protects and not its
integrity.
D.)
30. The security principle whose goal it is to ensure that information is only modified
by those who have authority to change it is called
A.)
Authenticity
B.)
Availability
C.)
Integrity
D.)
Confidentiality
B.)
C.)
D.)
Passwords that are easy for users to remember are also easy for attackers to
guess.
B.)
The more difficult we make it for attackers to guess our passwords, and the
more frequently we force password changes, the more difficult the
passwords are for authorized users to remember and the more likely they are
to write them down.
C.)
Users will invariably attempt to select passwords that are words they can
remember. This means they may select things closely associated with them,
such as their spouse's or child's name, a beloved sports team, or a favorite
model of car.
D.)
Passwords assigned by administrators are usually better and more secure, but
are often harder for users to remember.
33. The simple tactic of following closely behind a person who has just used their own
access card or PIN to gain physical access to a room or building is called:
A.)
Shoulder surfing
B.)
Tagging-along
C.)
Piggybacking
D.)
Access drafting
34. The process of going through a target's trash in hopes of finding valuable
information that might be used in a penetration attempt is known as:
A.)
Dumpster diving
B.)
Trash trolling
C.)
Garbage gathering
D.)
Refuse rolling
Master-key code
B.)
Secret door
C.)
Backdoor
D.)
Covert channel
B.)
C.)
D.)
37. The reason for not allowing users to install new hardware or software without the
knowledge of security administrators is
A.)
They may not complete the installation correctly and the administrator will
have to do more work, taking them away from more important security
tasks.
B.)
They may inadvertently install more than just the hardware or software; they
may accidentally install a backdoor into the network.
C.)
They may not have paid for it and thus may be opening the organization up
to civil penalties.
D.)
Unauthorized hardware and software are usually for leisure purposes and
will distract employees from the job they were hired to perform.
38. Once an organization's security policies have been established, the single most
effective method of countering potential social engineering attacks is
A.)
B.)
C.)
D.)
39. Security administrators should be concerned about security guards and custodial
crews because:
A.)
B.)
C.)
D.)
These individuals are frequently contracted and are not actually employees
of the company.
40. In what ways are PINs similar to passwords? (Choose all that apply.)
A.)
Users will normally pick ones that are easy to remember, such as dates or
specific patterns.
B.)
Attackers know common PINs and will try to use them or will attempt to
learn more about the user in order to make an educated guess as to what the
PIN might be.
C.)
D.)
10