CYSE 101 FINAL QUESTIONS WITH ANSWERS

CYSE 101 FINAL QUESTIONS WITH ANSWERS Cybersecurity countermeasures are: the tools and techniques we use to reduce risk One vulnerability in air traffic control system case was unauthenticated messages What does non-repudiation mean? suffuncent evidence exists such taht a user cannot deny an action What is the Parkerian hexad compared to the CIA triad Parkenian has 6 elements including the 3 from the CIA but is not as widely known Why does access control based on the Media Access Control (MAC) address of the systems on our networek not represent storng security MAC addresses can be easily spoofed or changed What is the difference between authentication and accountability Authentication proves who you are and accountability records what you did In the Maroochy Shire case, the actual threat was: A disgruntled former employee What is the difference between Mandatory Access Control (MAC) and Discretionary Access Control (DAC) In DAC, the owner of the resource determines access; in MAC, the owner of the resource does not determine access In the Yahoo breach, attackers stole: User information The Dark Overlord case discussed by our guest speaker involved: physical threats and a financial demand What is the difference between vulnerability assessment and penetration testing? Penetration testing is more in depth than vulnerability assessment A simple vulnerability assessment probe: exhaustively exploits all possible vulnerabilites What was stolen in the OPM breach? Fingerprint, personal information, security clearance application data The cuckoo's egg story had to do with A cyber attack If a Unix file has permissions 654 who can read and execute Group Computer log entries: May contain user and remote system information the file /etc/shadow on a Unix system contains user names and hashed passwords What do we call the rate at which we fail to authenticate legitimate users in a biometric system? False Rejection Rate (FRR) The traceroute command tells you: The network path between two systems What is the key point of Kerckhoffs second principle (i.e., the one principle most applicable to modern cryptographic algorithms)? it is OK if the enemy knows the cryptographic system The Mirai bot net case: Used IoT devices for DDoS attack What is the difference between authorization and access control Authorization specifies what a user can do, and access control enforces what a user can do The primary vulnerability in the Lodz tram hack was: Unauthenticated infrared signals How many possible passwords can be formed using lower case letters (a-z) and numbers (0-9) if a length of 8 is used (^ is the exponent operator) 36^8 Salting a password Makes it harder to guess by brute force What does the concept of defense in depth mean? Protect your data and systems with tools and techniques from different layers What do we call the process in which the client authenticated top the server and the server authenticates to the client Mutual authentication What type of cipher is a Caesar cipher Subsitution In the fake finger video from class what was the printed circuit board used for? To etch the finger print One counter measure for the Polycom HDX case was: Check and control network traffic What is the difference between verification and authentication of an identity? verification is a weaker confirmation of identity then authentication What are the main difference between symmetric and asymmetric key cryptography? Symmetric key cryptography uses a single key for encryption and decryption; asymmetric key cryptography uses two keys, one for encryption and one for decryption How do we know at what point we can consider our environment to be secure? Never; perfect security does not exist What tool mentioned in the text might we use to scan for devices on a network, to include fingerprinting the operating system and detecting versions of services on open ports? nmap What is the primary purpose of a network firewall? control the traffic allowed in and out of a network Why does network segmentation generally improve security? malicious traffic cannot freely traverse the internal network What is the difference between a stateful packet filtering firewall and a basic packet filtering firewall? A stateful packet filtering firewall tracks sessions between systems What is the primary purpose of a Network Intrusion Detection System? detect possible attack traffic Wht reasons are thjere to use a honeypot? attract the attention of attackers in order to study them and their tools, detect, monitor, and sometimes tamper with the activities of an attacker, alert us to an attacker's presence For what might we use the tool Kismet? to detect wireless devices Which of the following is not a protocol for wireless encryption? kismet WPA2 WPA WEP kismet What is the purpose of a network DMZ? Provide external access to systems that need to be exposed to external networks such as the Internet in order to function What is a key difference between signature and anomaly detection in IDSs? Signature detection uses fingerprints or distinct patterns of attacks to detect intrusions; anomaly detection uses deviation from baseline activity to detect instructions How does the principle of least privilege apply to operating system hardening? prevents attack actions that require administrator or root privilege What is a cyber attack surface? the total of the number of available avenues through which our system might be attacked Which of the following is not part of operating system hardening? Making alterations to common accounts Making use of logging and auditing functions Applying the principle of least privilege Applying software updates in a timely manner Changing the main network firewall ruleset Removing or turning off unessential services Removing unnecessary software Changing the main network firewall ruleset Why might we want a (software) firewall (FW) on our host if one already exists on the network? host FWs know more about the local system What does executable space protection do for us and how? prevents buffer overflow attacks from working by blocking code execution on the memory stack Are nmap results always accurate, or is it sometimes necessary to verify nmap output with another tool? you should verify nmap results with another tool or data source What does applying a vendor OS update (patch) usually do? fixes vulnerabilities in the OS code Exploit frameworks make it... easier for amateurs to launch cyber attacks If an antivirus tool is looking for specific bytes in a file (e.g., hex 50 72 6F etc.) to label it malicious, what type of AV detection is this? signature What is the difference between a port scanner and a vulnerability assessment tool? port scanners discover listening ports; vulnerability assessment tools report known vulnerabilities on listening ports Name the two main categories of Web security. Client-side attacks and server-side attacks How does an XSRF attack works? a link or script on one web page is executed in the context of another open web page or web application What does the tool Nikto do? Scans a web server for common vulnerabilities Which of the following is an example of a race condition? Two bank transactions (withdrawals) run concurrently and the balances are not properly accumulated (recorded) Does an SQL injection attack compromise content in the database or content in the Web application? database How can we prevent buffer overflows in our applications? implement proper bounds checking Why is it important from a security perspective to remove extraneous files from a Web server? They may provide information or vulnerabilities useful to an attacker Why is input validation important from a security perspective? to prevent certain types of attacks What does a fuzzing tool do? Provide multiple data and inputs to discover vulnerabilities How might we use a sniffer to increase the security of our applications? to watch the network traffic being exchanged with a particular application or protocol Does an organization's location or the national origin or location of data they are transmitting or storing affect the organization's use of encryption or how they treat employee information? yes Which of the following is not a provision of the Federal Privacy Act of 1974? it places restrictions on how agencies can share an individual s data with other people and agencies it requires agencies to follow certain principles, called fair information practices, when gathering and handling personal data it lets individuals sue the government for violating its provisions it requires government agencies to show an individual any records kept on him or her it provides individuals the "right to be removed from the Internet" it provides individuals the "right to be removed from the Internet" At a high level, what does the Federal Privacy Act of 1974 do? Safeguards privacy through creating four rights in personal data What does California's SB 1386 deal with? handling unauthorized exposure of data relating to California residents What did the PCI DSS establish? security standards as a condition of processing credit card transactions What does the European Union s (EU) Data Protection Directive (Directive 95/46/EC) deal with? PII According to the text, which of the following is not a security professional's obligation relating to information protection and unauthorized disclosure? release test data to see where it shows up prevent information from unauthorized release be able to catalog and categorize what information was taken if there is a leak release test data to see where it shows up What does PII stand for? Personally Identifiable Information Why might extradition be a delicate issue when prosecuting computer crimes? lack of a consistent set of laws regarding extradition