CYSE 101 FINAL| 103 questions| with complete solutions
Cybersecurity countermeasures are: Correct Answer: the tools and techniques we use to reduce
risk
One vulnerability in air traffic control system case was Correct Answer: unauthenticated
messages
What does non-repudiation mean? Correct Answer: suffuncent evidence exists such taht a user
cannot deny an action
What is the Parkerian hexad compared to the CIA triad Correct Answer: Parkenian has 6
elements including the 3 from the CIA but is not as widely known
Why does access control based on the Media Access Control (MAC) address of the systems on
our networek not represent storng security Correct Answer: MAC addresses can be easily
spoofed or changed
What is the difference between authentication and accountability Correct Answer:
Authentication proves who you are and accountability records what you did
In the Maroochy Shire case, the actual threat was: Correct Answer: A disgruntled former
employee
What is the difference between Mandatory Access Control (MAC) and Discretionary Access
Control (DAC) Correct Answer: In DAC, the owner of the resource determines access; in MAC,
the owner of the resource does not determine access
In the Yahoo breach, attackers stole: Correct Answer: User information
The Dark Overlord case discussed by our guest speaker involved: Correct Answer: physical
threats and a financial demand
What is the difference between vulnerability assessment and penetration testing? Correct
Answer: Penetration testing is more in depth than vulnerability assessment
A simple vulnerability assessment probe: Correct Answer: exhaustively exploits all possible
vulnerabilites
What was stolen in the OPM breach? Correct Answer: Fingerprint, personal information,
security clearance application data
The cuckoo's egg story had to do with Correct Answer: A cyber attack
If a Unix file has permissions 654 who can read and execute Correct Answer: Group
, Computer log entries: Correct Answer: May contain user and remote system information
the file /etc/shadow on a Unix system contains Correct Answer: user names and hashed
passwords
What do we call the rate at which we fail to authenticate legitimate users in a biometric system?
Correct Answer: False Rejection Rate (FRR)
The traceroute command tells you: Correct Answer: The network path between two systems
What is the key point of Kerckhoffs second principle (i.e., the one principle most applicable to
modern cryptographic algorithms)? Correct Answer: it is OK if the enemy knows the
cryptographic system
The Mirai bot net case: Correct Answer: Used IoT devices for DDoS attack
What is the difference between authorization and access control Correct Answer: Authorization
specifies what a user can do, and access control enforces what a user can do
The primary vulnerability in the Lodz tram hack was: Correct Answer: Unauthenticated infrared
signals
How many possible passwords can be formed using lower case letters (a-z) and numbers (0-9) if
a length of 8 is used (^ is the exponent operator) Correct Answer: 36^8
Salting a password Correct Answer: Makes it harder to guess by brute force
What does the concept of defense in depth mean? Correct Answer: Protect your data and
systems with tools and techniques from different layers
What do we call the process in which the client authenticated top the server and the server
authenticates to the client Correct Answer: Mutual authentication
What type of cipher is a Caesar cipher Correct Answer: Subsitution
In the fake finger video from class what was the printed circuit board used for? Correct Answer:
To etch the finger print
One counter measure for the Polycom HDX case was: Correct Answer: Check and control
network traffic
What is the difference between verification and authentication of an identity? Correct Answer:
verification is a weaker confirmation of identity then authentication
Cybersecurity countermeasures are: Correct Answer: the tools and techniques we use to reduce
risk
One vulnerability in air traffic control system case was Correct Answer: unauthenticated
messages
What does non-repudiation mean? Correct Answer: suffuncent evidence exists such taht a user
cannot deny an action
What is the Parkerian hexad compared to the CIA triad Correct Answer: Parkenian has 6
elements including the 3 from the CIA but is not as widely known
Why does access control based on the Media Access Control (MAC) address of the systems on
our networek not represent storng security Correct Answer: MAC addresses can be easily
spoofed or changed
What is the difference between authentication and accountability Correct Answer:
Authentication proves who you are and accountability records what you did
In the Maroochy Shire case, the actual threat was: Correct Answer: A disgruntled former
employee
What is the difference between Mandatory Access Control (MAC) and Discretionary Access
Control (DAC) Correct Answer: In DAC, the owner of the resource determines access; in MAC,
the owner of the resource does not determine access
In the Yahoo breach, attackers stole: Correct Answer: User information
The Dark Overlord case discussed by our guest speaker involved: Correct Answer: physical
threats and a financial demand
What is the difference between vulnerability assessment and penetration testing? Correct
Answer: Penetration testing is more in depth than vulnerability assessment
A simple vulnerability assessment probe: Correct Answer: exhaustively exploits all possible
vulnerabilites
What was stolen in the OPM breach? Correct Answer: Fingerprint, personal information,
security clearance application data
The cuckoo's egg story had to do with Correct Answer: A cyber attack
If a Unix file has permissions 654 who can read and execute Correct Answer: Group
, Computer log entries: Correct Answer: May contain user and remote system information
the file /etc/shadow on a Unix system contains Correct Answer: user names and hashed
passwords
What do we call the rate at which we fail to authenticate legitimate users in a biometric system?
Correct Answer: False Rejection Rate (FRR)
The traceroute command tells you: Correct Answer: The network path between two systems
What is the key point of Kerckhoffs second principle (i.e., the one principle most applicable to
modern cryptographic algorithms)? Correct Answer: it is OK if the enemy knows the
cryptographic system
The Mirai bot net case: Correct Answer: Used IoT devices for DDoS attack
What is the difference between authorization and access control Correct Answer: Authorization
specifies what a user can do, and access control enforces what a user can do
The primary vulnerability in the Lodz tram hack was: Correct Answer: Unauthenticated infrared
signals
How many possible passwords can be formed using lower case letters (a-z) and numbers (0-9) if
a length of 8 is used (^ is the exponent operator) Correct Answer: 36^8
Salting a password Correct Answer: Makes it harder to guess by brute force
What does the concept of defense in depth mean? Correct Answer: Protect your data and
systems with tools and techniques from different layers
What do we call the process in which the client authenticated top the server and the server
authenticates to the client Correct Answer: Mutual authentication
What type of cipher is a Caesar cipher Correct Answer: Subsitution
In the fake finger video from class what was the printed circuit board used for? Correct Answer:
To etch the finger print
One counter measure for the Polycom HDX case was: Correct Answer: Check and control
network traffic
What is the difference between verification and authentication of an identity? Correct Answer:
verification is a weaker confirmation of identity then authentication
