6. Exam
• In general, they were pretty
good
• The average, after curving,
was a 91!!
• If you did not do as well as
you had hoped, PLEASE come
talk to me about EXTRA
CREDIT
7. What are the Five Pillars of
Information Security?
• Protection, Automation, Detection,
Reaction, Prevention
• Detection, Integration, Globalization,
Deletion, Operation
• Implementation, Protection,
Dissemination, Interaction, Prevention
• Prevention, Protection,
Communication, Obfuscation, Reaction
• Documentation, Protection, Reaction,
Detection, Prevention
• Interaction, Prevention, Alteration,
Reaction, Obliteration
• Documentation, Prevention, Reaction,
Interpolation, Detection
8. In the course reading “How to Sell Security”, the author
describes the idea of Prospect Theory. According to the
article and lecture slides, which of the following
responses best summarizes Prospect Theory?
• When presented with the potential opportunity for gain,
people generally prefer to take risks. When presented
with the potential for loss, people are less likely to
embrace risk.
• When presented with the potential opportunity for gain,
people generally behave randomly. When presented with
the potential for loss, people are more likely to embrace
risk.
• When presented with the potential opportunity for gain,
people generally prefer not to take risks. When presented
with the potential for loss, people are more likely to
embrace risk.
• When presented with the potential opportunity for gain,
people generally prefer not to take risks. When presented
with the potential for loss, people are more likely to
behave randomly.
• When presented with the potential opportunity for loss or
gain, people generally behave randomly in both situations.
• When presented with the potential opportunity for loss or
gain, people generally drive to closest casino and bet all
their money at the Roulette Wheel.
• None of the above
9. Technical Controls are:
• Strong and consistent, treating
everyone equally
• Usually outdated and unreliable
• Can be audited with a high level of
assurance
• Usually cheaper to implement in the
short term, when compared to
equivalent Administrative Controls
• A and B
• B and C
• A and C
10. Technical Controls:
• Are usually more costly than
equivalent Administrative Controls
• Can break, either failing open or failing
closed, neither of which may be
desirable in a given situation.
• Are what corporations implement when
they want to engage in blame shifting.
• Are generally more complex than
equivalent Administrative Controls
• All of the above
• None of the above
• A, B and D
11. Administrative Controls are
usually:
• Less expensive than Technical
Controls
• Sufficient to meet HIPAA and
SOX compliance
• Easy to implement
• Very flexible
• Used in large enterprise
environments, but rarely in small
businesses
• A, B, C, D
• A, C and D
12. Data Classification is the conscious decision to assign a level of
sensitivity to data as it is being created, amended, enhanced,
stored, or transmitted. The classification of the data should then
determine the extent to which the data needs to be secured. The
generic data classification grading scale outlined in the class
handout and lecture slides included all of the following data
designations:
• Highly Confidential, Proprietary, Top Secret,
Open Records, Physically Secured
• Internal Use Only, Semi-Secret, Highly
Confidential, Proprietary, Top Secret
• Public Documents, Highly Confidential,
Proprietary, Transport Limited, Semi-Secured
• Internal Use Only, Public Documents, Top
Secret, Highly Confidential, Proprietary
• Top Secret, Highly Confidential, Open Records,
Public Records, Management View Only
• Proprietary, Open Records, Top Secret,
Destroy After Viewing, For Hannah Montana
Only
• None of the above
13. Authentication is defined as
the act of:
• Verifying a claim of identity
• Determining which informational
resources a person or entity may
be authorized to access
• Determining which actions a
person or entity will be allowed to
perform (read, write, delete,
etc.)
• A and B
• A and C
• A, B and C
• None of the above
14. Asymmetrically Encrypted data has which of
the following properties?
• It transforms usable information into a form
that renders it unusable by anyone other than
an authorized user.
• Can be transformed back into its original
usable form only by the original person who
encrypted the data.
• It is used to protect information from
unauthorized or accidental disclosure while the
information is in transit (either electronically or
physically) and while information is in storage.
• Can be transformed back into its original
usable form by anyone who possesses the
appropriate decryption key.
• Can’t be used as part of a Defense in Depth
strategy for data protection
• A, C, D
• A, C, D and E
15. If your organization engages in
information systems outsourcing,
which of the following outsourcing
security principles should be applied?
• A. Practice defense in depth
• B. Follow the principle of least
privilege
• C. Follow the principle of random
privilege
• D. Compartmentalize
• E. Promote privacy and accountability
• F. Be reluctant to trust
• G. A, B, D, E, F
• H. All of the above
• I. None of the above
16. In the reading “The Truth About Chinese
Hackers”, which of the following viewpoints
were expressed by the author?
• Cyber Attacks originating in China
don't seem to be coordinated by the
Chinese military.
• The hackers in China perform hacking
for two reasons: fame and glory, and
as an attempt to make a living.
• The Chinese government knows the
leaders of the hacker movement and
chooses to look the other way.
• If anything, the fact that these groups
aren't being run by the Chinese
government makes the problem worse.
• All of the above
• None of the above
• A, C and D
17. In the reading “Cyberwar: Myth or Reality”,
which of the following viewpoints were
expressed by the author?
• The best thing to do if you are a Cyberwar
hacker is to infiltrate enemy computers and
networks, spy on them, and surreptitiously
disrupt select pieces of their communications
when appropriate.
• Within two days of the start of a war between
the U.S. and Russia, the Internet will be totally
unreliable.
• The idea of Cyberwar is a clever scare tactic
that hardware and software vendors
perpetuate in order to sell more security
related technologies and make more profit.
• A and B
• A and C
• All of the above
• None of the above
18. In the reading “Make Vendors Liable For
Software Bugs”, which of the following
viewpoints were expressed by the author?
• Software vendors are in the best position to
improve software security; as they have the
capability.
• There is a general rule in security to align
interest with capability.
• Interest must be aligned with capability, but
you need to be careful how you generate
interest.
• Software vendors sometimes purposely and
intentionally create software code with bugs,
just so they can look like they care when they
distribute software patches to fix the security
holes
• A, B, and C
• A and D
• All of the above
19. Which of the following statements
does an accurate job of describing
Dual Factor Authentication?
• Providing proof of something you know and
providing proof of something you have
• Providing proof of something you know and
providing proof something you are (fingerprint,
retina scan, etc.)
• Providing written proof of your age and
providing written proof of your name
• Providing proof of something you have and
providing proof of something you are
(fingerprint, retina scan, etc.)
• Providing multiple passwords in order to gain
access to a sensitive software application
• A, B and D
• A, B, D and E
• All of the above
• None of the above
20. Which of the following guidelines should
included when establishing a strong password
policy?
• Passwords should be as long as possible (never shorter
than 6 characters)
• Passwords should introduce the use of multiple blank
spaces in every password issued, if possible
• Passwords should include mixed-case letters, if possible
• Passwords should Include digits and punctuation marks, if
possible
• Obligate all users to change their password on their
birthday and all non-religious holidays
• Passwords should expire on a regular basis and may not
be re-used
• Users should be encouraged to create passwords which
rhyme so that they are easy to remember
• Passwords may not contain any portion of your name,
birthday, address or other publicly available information
• All of the above should be included when establishing a
strong password policy
• B, and on E only should be included when establishing a
strong password policy
• A, C, D, F and H should be included when establishing a
strong password policy
• A, B, C, D, F and H should be included when establishing a
strong password policy
21. In lecture, we discussed several specific
technologies for strong authentication. Which of
the following authentication products can be
beaten simply by using a photocopier to copy the
user’s credential?
• RSA SecurID One Time Password
(OTP) device
• Initech brand facial recognition
Intruder Gate
• Verisign brand personal digital
certificates
• Any Biometric retina scanner
• DigiVault brand Zoster Fingerprint
Assurance
• Entrust brand Identity Guard
• A, E and F
• B and E
• None of the above can be beaten
simply by using a photocopier to copy
the credential
22. Which of the following is a true
statement about digital
certificates?
• Digital certificates are ALWAYS used in as the core
technology in SSL connections to secure websites
• A digital certificate can be thought of as a digital
passport, which is either contained on a secure
device, or on a hard disk
• A digital certificate secured with a password, which
makes it a dual factor authentication solution
• A digital certificate can be used to authenticate
machines as well as humans
• Digital certificates have a low variable cost to
produce individually, but a high fixed cost to setup
the supporting system infrastructure
• Can contain authorization data, such as birthday as
well as authentication data, but this is rare
• B, D, F and G
• All of the above are true statements
• None of the above are true statements
23. Which of the following is a true statement
about Knowledge Based Authentication?
• Knowledge Based Authentication authenticates
the user via verification of life events, usually
financial in nature
• Most of this Knowledge Based Authentication
information is publicly available and can be
easily stolen by an outsider
• The credit reports on which Knowledge Based
Authentication is based often contain factual
errors
• A and C are true statements about Knowledge
Based Authentication
• B and C are true statements about Knowledge
Based Authentication
• All of the above are true statements about
Knowledge Based Authentication
• None of the above are true statements about
Knowledge Based Authentication
24. In the reading entitled “Crypto AG, the NSA’s
Trojan Whore”, in which country was Hans
Buehler (a top Crypto AG salesman) arrested
in 1992, under suspicion of leaking encryption
codes to Western intelligence?
• Iraq
• Iran
• Russia
• Syria
• North Korea
• Libya
• Canada
• None of the above
25. Which of the following is the correct
definition for Symmetric Encryption?
• A. A single shared key is used for both
encryption and decryption.
• B. A pair of related but different keys
is used, one for Encryption and the
other for Decryption.
• C. Both A and B are correct definitions
for Symmetric Encryption
• D. None of the above are correct
definitions for Symmetric Encryption
26. Which of the following is the correct
definition for Asymmetric Encryption?
• A. A single shared key is used for both
encryption and decryption.
• B. A pair of related but different keys is
used, one for Encryption and the other
for Decryption.
• C. Both A and B are correct definitions
for Asymmetric Encryption
• D. None of the above are correct
definitions for Asymmetric Encryption
27. Which of the following best
describes Steganography?
• A. The process of protecting sensitive information in non-
production databases from inappropriate visibility. After
sanitization, the database remains perfectly usable. The look-
and-feel is preserved, but the information content is secure.
• B. The study of the principles and techniques by which
information is overtly converted into a version that is
difficult (ideally, impossible) for any unauthorized person to
convert to the original information, while still allowing the
intended reader to do so.
• C. The art and science of writing hidden messages in such a
way that no one apart from the sender and intended
recipient even realizes there is a covert (hidden) message
• D. A and C
• E. A and B
• F. None of the above definitions describe Steganography
• G. All of the above definitions describe Steganography
28. The three primary uses for personal
digital certificates are:
• A. Authentication, Password Control,
Shoulder Surfing
• B. Digital Signing, Authentication, Data
Retention
• C. Encryption, Software Forensics, ISO
Compliance
• D. Encryption, Outsourcing, Digital
Signing
• E. Authentication, Digital Signing,
Encryption
• F. All of the above
• G None of the above
• H. A, B and C, except in cases in which
the end user is a cow
29. Using the alphabet letter shifting method, decrypt the
message below, using the following formula, in which "e"
represents the encrypted letter and "d" represents the
decrypted letter.
"d" = "e" + 3
Assume a 26 letter, circular alphabet in which the letter A=1,
B=2, C=3, D=4, E=5, F=6, G=7, etc.
• The secret message is:
ZLTP XOB PILT
• A. "COWS ARE COOL"
• B. "COWS ARE FAST"
• C. "COWS ARE SLOW"
• D. "APES CAN WALK"
• E. "COWS EAT APES"
• F. None of the above
30. A Public Key Infrastructure (PKI) can
perform which of the following
functions?
• A. Revoke digital certificates
• B. Issue digital certificates
• C. Distribute digital certificates
• D. Make copies of digital
certificates issued by other
organizations
• E. A, B and C
• F. B, C and D
• G. All of the above
• H. None of the above
31. The relationship between Public Keys
and Private Keys in a PKI is:
• A. The Public Key is used to both encrypt and decrypt data
and the Private Key is used for creating a digital signature
only.
• B. The Public Key is used for creating a digital signature
only and the Private Key is used for both encrypting and
decrypting data.
• C. The Public Key is used for encrypting data and the
Private Key is used for creating a digital signature and for
decrypting data.
• D. The Public Key is used for encrypting data and creating
a digital signature and the Private Key is used for decrypting
data and also for creating a digital signature
• E. The Public Key is used for encrypting data, the Private
Key is used for decrypting data, and an Intermediary Key is
used for creating a digital signature.
• F. A and E
• G. All of the above are true.
32. The relationship between Public Keys
and Private Keys in a PKI is:
• A. The Public Key is used to both encrypt and
decrypt data and the Private Key is used for
creating a digital signature only.
• B. The Public Key is used for creating a digital
signature only and the Private Key is used for
both encrypting and decrypting data.
• C. The Public Key is used for encrypting data
and the Private Key is used for creating a digital
signature and for decrypting data.
• D. The Public Key is used for encrypting data
and creating a digital signature and the Private
Key is used for decrypting data and also for
creating a digital signature
• E. The Public Key is used for encrypting data,
the Private Key is used for decrypting data, and
an Intermediary Key is used for creating a digital
signature.
• F. A and E
• G. All of the above are true.
33. The term “Key Escrow”
refers to:
• The location where public and private keys are
grown before they are distributed to users.
• The ISO-9000 compliant method by which
encryption, decryption and digital signing take
place.
• An arrangement in which the keys needed to
decrypt encrypted data are copied and
securely held in storage so that, under certain
circumstances, an authorized third party may
gain access to those keys.
• A place where digital certificates go to retire
when they get old.
• C and D
• A and B
• All of the above
• None of the above
34. Digital certificates all have expiration dates. Select
the statement which best describes the benefits
and drawbacks of short and long certificate
lifetimes.
• Certificates with short lifetimes provide a greater assurance of
validity, but create greater operational difficulties in terms of
renewal due to their need to be renewed on a more frequent basis.
Certificates with long lifetimes provide less assurance of validity,
but from an operational standpoint are easier to manage because
they require less frequent renewal.
• Certificates with long lifetimes provide a greater assurance of
validity, but create greater operational difficulties in terms of
renewal due to their need to be renewed on a less frequent basis.
Certificates with short lifetimes provide less assurance of validity,
but from an operational standpoint are easier to manage because
they require more frequent renewal.
• The length of a certificate lifetime, whether it is short or long has
no impact on the operational support required to manage a PKI,
because digital certificates renew automatically by using a
Certificate Revocation List (CRL).
• Certificates with short lifetimes are easier to renew than
certificates with long lifetimes because certificates with short
lifetimes are fresher and not as entrenched in the end user’s
computer.
• None of the above is true.
• All of the above are true.
35. Which of the following is
true in relation to Trusted
Root Authorities?
• A Trusted Root Authority is a digital certificate issuer
recognized by all computers around the globe.
• Root Certificates from Trusted Root Authorities are stored
in each computer’s central certificate store.
• To become a Trusted Root Authority in an Operating
System or Internet Browser, your organization must
undergo a stringent audit and pay a substantial sum of
money, in most cases.
• Users should remove Trusted Root Authorities from their
computer at least once per year because Trusted Root
Authorities digitally degrade over time and lose reliability
after 14 months, in most cases.
• Verisign is a well known Trusted Root Authority.
• Your UW-Madison digital certificate is chained to a Root
Authority which is not trusted outside of the University of
Wisconsin System.
• A, B, C, and D
• A, B, C, and E
• A, B, C, E and F
• All of the above are true.
• None of the above is true.
36. A digital signature on an email
provides proof of which of the
following:
• That the email did indeed come from
the purported (claimed) author,
invalidating plausible denial.
• That the email was sent at the time
and date indicated within the email.
• That the contents of the email have
not been altered from the original
form.
• A and B
• B and C
• A and C
• All of the above
• None of the above
37. The following statements about Social
Engineering is/are true:
• Social Engineering involves the use of psychological
tricks in order to get useful information about a
system.
• Social Engineering involves using psychological
tricks to build inappropriate trust relationships with
insiders
• Kevin Mitnick is one of the world’s best known
Social Engineers, and he has been quoted as saying
“The weakest link in the security chain is the human
element”
• Social Engineering is successful because people are
generally helpful, especially to those who are nice,
knowledgeable and/or insistent.
• The primary methods of Social Engineering are:
flattery, authority Impersonation and threatening
behavior.
• A well known Social Engineering technique involves
using financial bribery to get the information desired
by the Social Engineer.
• A, B and C
• A, B, D and E
• A, B, C, D and E
• All of the above
• Non of the above
38. Which of the following defense
techniques should Administrators use
to keep Social Engineering from
working?
• Train employees to recognize situations in
which they are being Socially Engineered.
• Teach employees to use Pretexting as a
counter measure against suspected Social
Engineers.
• Train employees to punch suspected Social
Engineers in the face
• Perform Social Engineering role playing drills
with employees
• Train employees on how to follow policies so
that they will not become victims of Social
Engineering.
• A, D and E
• A, B, D and E
• All of the above
• None of the above
39. Which of the following is/are
true statement(s) about Road
Apples?
• A Road Apple uses physical media and relies on the
curiosity or greed of the victim.
• Using a Road Apple to infiltrate a company’s systems is
also known as “Baiting”.
• An example of a Road Apple is a USB drive or CD found in
the parking lot, labeled with information which makes the
potential victim curious about what is contained on the
media.
• A Road Apple which does not function as intended, is
commonly referred to as a “Rotten Road Apple”
• One way to partially combat Road Apples is to disable the
“Autorun on inserted media” function on all corporate
computers, although this method may not be 100%
effective.
• “Apple Seeding” is a term commonly used for viruses that
spread across organizational boundaries, caused by Road
Apples.
• A, B, and C
• A, B, C, D and F
• A, B, C, and E
• All of the above
• None of the above
40. Which of the following statements are
false, in relation to Digital Forensics?
• A. Digital Forensics can pertain to legal evidence found in
computers, digital storagedevices and media.
• B. The goal of Digital Forensics is to explain the current state
of a “digital artifact.”
• C. In the realm of Digital Forensics, a digital artifact is a
computer system, storage media (such as a hard disk or CD-
ROM), an electronic document (e.g. an email message or
JPEG image) or even a sequence of packets moving over a
computer network.
• D. Digital Forensics tools can be used to recover data in the
event of a hardware or software failure.
• E. Digital Forensics can be used to analyze a computer
system after a break-in, for example, to determine how the
attacker gained access and what the attacker did.
• F. Digital Forensics can be used to gather evidence against
an employee that an organization wishes to terminate.
• G. Digital Forensics can be used to gain information about
how computer systems work for the purpose of debugging,
performance optimization, or reverse-engineering.
• I. All of the above are false.
• J. None of the above are false.
41. What does the term "Chain
of Custody" mean?
• A. The organizational management and reporting
structure of an information systems organization
• B. The statistical method used to determine who is
to blame for a security breach in an organization
• C. The ability to demonstrate who has had access to
the digital information being used as evidence
• D. The ISO-9000 endorsed method for tracking down
how a virus was introduced into a secured network.
• E. The method used to covertly install malicious
software within a network, by using a Trojan or Worm.
• F. The method used by Superhacker Kevin Mitnick, to
hack mainframe computers in Malaysia.
• G. C and D
• H. None of the above
42. What are the five generic steps used
in the Digital Forensics process?
• A. Preparation of the investigator, Staging of the
crime scene, Examination, Analysis, Reporting
• B. Preparation of the investigator, Collection of data,
Examination, Fortification of data, Analysis
• C. Preparation of the investigator, Creation of data,
Manipulation of data, Examination, Reporting
• D. Preparation of the investigator, Creation of data,
Examination, Analysis, Reporting
• E. Preparation of the investigator, Collection of data,
Examination, Analysis, Reporting
• F. Preparation of the investigator, Collection of data,
Alteration of data, Analysis, Examination
• G. Preparation of the investigator, Collection of data,
Examination, Analysis, Reporting
• H. None of the above
43. Which of the following are important
data handling processes?
• A. Establish and maintain the chain of custody.
• B. Handle the original evidence as little as possible to avoid
changing the data.
• C. If important data is missing, do your best to re-create it
using an educated guess, based on everything you know
about the situation and your experience in similar situations.
• D. Document everything that has been done.
• E. Only use tools and methods that have been tested and
evaluated to validate their accuracy and reliability.
• F. Wash your hands thoroughly before handling any internal
hard disks.
• G. Your first priority should be to immediately make two
backup copies of the data, regardless of the situation.
• H. Turn off the computer containing the important data as
soon as you arrive on the scene, to avoid any potential
further loss of data.
• I. All of the above are important data handling processes.
• J. None of the above are important data handling processes.
• J. A, B, C, D, and E
• K. A, B, D, and E
• L. A, B, D, E, and H
44. What makes Knoppix a good tool for
use in Digital Forensics collection
situations?
• A. Knoppix can be loaded directly from a CD.
• B. Knoppix can be loaded from a USB flash
drive.
• C. Knoppix already comes pre-loaded on most
machines, and can be loaded directly from
where it resides in the boot sector of the hard
disk.
• D. Knoppix will not alter data on the hard disk
• E. A, B and D
• F. All of the above are things which make
Knoppix a good tool for use in Digital Forensics
collection situations.
• G. None of the above are things which make
Knoppix a good tool for use in Digital Forensics
collection situations because Knoppix is fake
vaporware, which does not even exist!!!
45. Which piece of Digital Forensics
evidence was critical in the capture of
the BTK Killer?
• A. Fingerprints left on a floppy disk, which was
sent to the police by the suspect.
• B. A digital photograph taken with a hidden
camera setup in the suspect's home.
• C. Data gathered from the suspect's MySpace
webpage.
• D. Emails from the suspect which were collected
by AT&T's NARUS device, based on keyword
filtering, which were then turned over to the FBI
for analysis.
• E. Metadata which was unknowingly included in
a Microsoft Word document, which was sent on a
floppy disk to the police, by the suspect.
• F. A, and E
• G. All of the above
• H. None of the above
46. Which of the following could an
Intrusion Detection System (IDS)
detect?
• A. Employees photocopying information at Kinko's, against
company policy.
• B. Which files have been backed up onsite and which files
have been backed up offsite.
• C. When sensitive information leaves the building on CD-
ROM or USB drive.
• D. Host Based Attacks (privilege escalation)
• E. Malware, Viruses, Trojan Horses and Worm related
activities on the network
• F. Attacks against a specific service, such as File Transfer
Protocol (FTP)
• G. Data driven attacks at the application layer. For example,
an SQL injection error is a data driven attack.
• H. A, B, and C
• I. D, E, F, and G
• J. All of the above can be detected by an Intrusion Detection
system.
• K. None of the above can be detected by an in Intrusion
Detection system.
47. Which of the following correctly defines each
of the three components of an Intrusion
Detection System (Sensors, Console and
Engine)?
• A. Sensors = Monitors events, alerts and controls
sensors
• Console = Generate security events such as log
files
• Engine = Analyzes the data using artificial I
ntelligence to generate alerts from
the events received
• B. Sensors = Analyzes the data using artificial
intelligence to generate alerts from
the events received
• Console = Monitors events, alerts and controls
sensors
• Engine = Generate security events such as log
files
• C. Sensors = Generate security events such as log files
• Console = Monitors events, alerts and controls
sensors
• Engine = Analyzes the data using artificial
intelligence to generate alerts from
the events received
• None
48. Which of the following is/are type(s) of
Intrusion Detection Systems described in the
lecture slides on Intrusion Detection
Systems?
• A. Network Based Intrusion Detection System (NDS)
• B. Protocol Based Intrusion Detection System (PIDS)
• C. Language Based Intrusion Detection System (LIDS)
• D. Stationary Based Intrusion Detection System (SIDS)
• E. Platform Based Intrusion Detection System (PIDS)
• F. Laptop Based Intrusion Detection System (LIDS)
• G. Centralized Output Workflow System (COWS)
• H. Stand Alone Storage Intrusion Detection System (SASIDS)
• I. Application Protocol Based Intrusion Detection System (APIDS)
• J. Host Based Intrusion Detection System (HIDS)
• K. Hybrid System
• L. A, B, I, J, K
• M. A, B, C, D, E, F, I, J
• N. A, B, D, F, G, H
• O. A, B, D, E, F, G, I, J,
• P. All of the above is/are type(s) of Intrusion Detection Systems
described in the lecture slides on Intrusion Detection Systems?
• Q. None of the above is/are type(s) of Intrusion Detection Systems
described in the lecture slides on Intrusion Detection Systems?
49. How is a Firewall different from an
Intrusion Detection System (IDS)?
• A. Firewalls look outwardly and protect from
external attacks
• B. An IDS evaluates a suspected intrusion after
it has taken place and signals an alarm.
• C. An IDS also watches for attacks that
originate from within a system.
• D. A Firewall is hot to the touch (that is why it
is called a Firewall), and IDS systems are always
cold to the touch.
• E. A and B
• F. A, B, and C
• G. All of the above
• H. None of the above
50. A Unified Threat Management (UTM)
appliance can perform which of the
following functions?
• A. Firewall
• B. Spell checking
• C. Provide emergency power to servers, from its
internal backup batteries
• D. Detect software logic bugs
• E. Virus Scanning
• F. Content Filtering
• G. VPN
• H. Anti-Spam
• I. Intrusion Detection and Prevention
• J. A, C, E, F, G, H and I
• K. A, D, E, F, G, H and I
• L. A, E, F, G, H, and I.
• M. All of the above
• N. None of the above
51. HIPAA, SOX and GLB all require similar
mechanisms for protection of data. These
data protection mechanisms are:
• A. Authentication of sender and receiver of data
• B. Recreation of missing data
• C. Auditing of data
• D. Protection of data, usually involving the use
of encryption
• E. Deletion of any data which contains personal
information about customers.
• F. Data Integrity Proof, usually involving use of
digital signatures
• G. A, C, D
• H. A, C, D and F
• I. A, C, D, E and F
• J. A, C, D and E
• K. All of the above
• L. None of the above
52. Which of the following accurately
define the terms vulnerability and
exploit?
• A. A security risk with one or more known instances
of working and fully-implemented attacks is classified
as an exploit.
• B. A security risk is classified as a vulnerability if it is
recognized as a possible means of attack.
• C. A security risk with one or more known instances of
working and fully-implemented attacks is classified as
a vulnerability.
• D. A security risk is classified as an exploit if it is
recognized as a possible means of attack.
• E. A and B accurately define and describe
vulnerabilities and exploits
• F. C and D accurately define and describe
vulnerabilities and exploits
• E. All of the above accurately define and describe
vulnerabilities and exploits
• F. None of the above accurately define and describe
vulnerabilities and exploits
53. The difference between
Limited Disclosure and
Responsible Disclosure is:
• A. Limited Disclosure means that full details of a
vulnerability and/or exploit should go to a restricted
community of developers and vendors, and only information
about the general existence of the problem is released to the
public, while Responsible Disclosure advocates that full and
public disclosure should be preceded by disclosure of the
vulnerability to the vendors or authors of the system. This
private advance disclosure allows the vendor time to produce
a fix or workaround.
• B. Responsible Disclosure means that full details of a
vulnerability and/or exploit should go to a restricted
community of developers and vendors, and only information
about the general existence of the problem is released to the
public, while Limited Disclosure advocates that full and public
disclosure should be preceded by disclosure of the
vulnerability to the vendors or authors of the system. This
private advance disclosure allows the vendor time to produce
a fix or workaround.
• C. Neither of the above statements correctly describe the
difference between Limited Disclosure and Responsible
Disclosure.
54. What happens in a Buffer
Overflow exploit?
• A. A process attempts to store data beyond the
boundaries of a fixed-length storage area in
memory.
• B. User input is either incorrectly filtered for
string literal escape characters embedded in
SQL statements or user input is not strongly
typed and thereby unexpectedly executed.
• C. An application is ordered to access a
computer file in hard disk storage that is not
intended to be accessible.
• D. Web applications unintentionally allow code
injection by malicious web users into the web
pages viewed by other users
• E. A and B
• F. C and sometimes D
• G. All of the above
• H. None of the above
55. Which of the following are not
classified as elements of Physical
Security?
• A. Material obstacles such as walls and fences
are put in place, to frustrate trivial attackers and
delay serious ones.
• B. Alarms, security lighting, and security guard
patrols are used and closed-circuit television
cameras are viewed by guards, to make it likely
that attacks will be noticed.
• C. Network traffic is monitored by an automated
Intrusion Detection System, for potential Denial
of Service attacks.
• D. Security forces (guards) respond to alarms,
to repel, catch or frustrate attackers when
an attack is detected.
• E. A and B are not elements of Physical
Security.
• F. All of the above are not elements of Physical
Security.
56. How are "Honeypots" used as part of a
network security strategy?
• A. "Honeypots" are essentially decoy network-
accessible resources, purposely designed and
deployed with known vulnerabilities, to attract
attackers. A Honeypot computer could be
deployed in a network as surveillance and/or
early-warning tool to warn that someone is
snooping or probing the network for
vulnerabilities.
B. "Honeypot" is a 100% imaginary made-up
term that means nothing at all. We never
studied "Honeypots" in class.
• C. “Honeypots” are essentially computers which
are designed to trap hackers in a data hive and
disable the attacking machine through intrusion
quarantine so that the hacker can’t attack other
machines on the network.
• D. A and C
• E. None of the above
57. The generic Change Control process we
studied in class consists of how many discrete
steps?
• A. 4
• B. 7
• C. 3
• D. 5
• E. 8
• F. 6
• G. None of the above
58. Class Project
• Pick a public traded company or
organization with international as
well as domestic operations
• Fill out Security Audit Template (by
hand is fine, but please print
carefully, so I can read it.)
• Write a five page Executive
Summary
• Prepare a 20-25 Powerpoint
presentation and prepare for 5
minutes of questions
59. Rest of Today and Thursday
• Meet with your team member today.
• Pick company or organization and send
to Nick via email
• Read through template today, together
• Thursday, we will cover entire template
in class
• Next Tuesday, Nick will give a
presentation of Coca-Cola as an
example, along with an Executive
Summary.
• Thursday the 13th of November will be a
group work day…I’ll be in class to
answer questions
• Tuesday the 18th will be current events
in IT Security, class day
• Thursday the 20th of November will be a
group work day…I’ll be in class to
answer questions
• First presentations will be the 25th of
November