Uw madison information systems 365 information security exam - answer key presentation

550 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
550
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Uw madison information systems 365 information security exam - answer key presentation

  1. 1. Information Systems 365Exam Answers, Discussion and Class Project
  2. 2. Did You Vote? Flat Cow Did!
  3. 3. Flat Cow Gets His Ballot
  4. 4. Flat Cow Reads the Complex Instructions
  5. 5. Flat Cow’s Bovine Voice is“herd”…Check him out on Facebook
  6. 6. Exam• In general, they were pretty good• The average, after curving, was a 91!!• If you did not do as well as you had hoped, PLEASE come talk to me about EXTRA CREDIT
  7. 7. What are the Five Pillars of Information Security?• Protection, Automation, Detection, Reaction, Prevention• Detection, Integration, Globalization, Deletion, Operation• Implementation, Protection, Dissemination, Interaction, Prevention• Prevention, Protection, Communication, Obfuscation, Reaction• Documentation, Protection, Reaction, Detection, Prevention• Interaction, Prevention, Alteration, Reaction, Obliteration• Documentation, Prevention, Reaction, Interpolation, Detection
  8. 8. In the course reading “How to Sell Security”, the authordescribes the idea of Prospect Theory. According to thearticle and lecture slides, which of the followingresponses best summarizes Prospect Theory?• When presented with the potential opportunity for gain, people generally prefer to take risks. When presented with the potential for loss, people are less likely to embrace risk.• When presented with the potential opportunity for gain, people generally behave randomly. When presented with the potential for loss, people are more likely to embrace risk.• When presented with the potential opportunity for gain, people generally prefer not to take risks. When presented with the potential for loss, people are more likely to embrace risk.• When presented with the potential opportunity for gain, people generally prefer not to take risks. When presented with the potential for loss, people are more likely to behave randomly.• When presented with the potential opportunity for loss or gain, people generally behave randomly in both situations.• When presented with the potential opportunity for loss or gain, people generally drive to closest casino and bet all their money at the Roulette Wheel.• None of the above
  9. 9. Technical Controls are:• Strong and consistent, treating everyone equally• Usually outdated and unreliable• Can be audited with a high level of assurance• Usually cheaper to implement in the short term, when compared to equivalent Administrative Controls• A and B• B and C• A and C
  10. 10. Technical Controls:• Are usually more costly than equivalent Administrative Controls• Can break, either failing open or failing closed, neither of which may be desirable in a given situation.• Are what corporations implement when they want to engage in blame shifting.• Are generally more complex than equivalent Administrative Controls• All of the above• None of the above• A, B and D
  11. 11. Administrative Controls are usually:• Less expensive than Technical Controls• Sufficient to meet HIPAA and SOX compliance• Easy to implement• Very flexible• Used in large enterprise environments, but rarely in small businesses• A, B, C, D• A, C and D
  12. 12. Data Classification is the conscious decision to assign a level of sensitivity to data as it is being created, amended, enhanced,stored, or transmitted. The classification of the data should thendetermine the extent to which the data needs to be secured. The generic data classification grading scale outlined in the class handout and lecture slides included all of the following data designations:• Highly Confidential, Proprietary, Top Secret, Open Records, Physically Secured• Internal Use Only, Semi-Secret, Highly Confidential, Proprietary, Top Secret• Public Documents, Highly Confidential, Proprietary, Transport Limited, Semi-Secured• Internal Use Only, Public Documents, Top Secret, Highly Confidential, Proprietary• Top Secret, Highly Confidential, Open Records, Public Records, Management View Only• Proprietary, Open Records, Top Secret, Destroy After Viewing, For Hannah Montana Only• None of the above
  13. 13. Authentication is defined as the act of:• Verifying a claim of identity• Determining which informational resources a person or entity may be authorized to access• Determining which actions a person or entity will be allowed to perform (read, write, delete, etc.)• A and B• A and C• A, B and C• None of the above
  14. 14. Asymmetrically Encrypted data has which of the following properties?• It transforms usable information into a form that renders it unusable by anyone other than an authorized user.• Can be transformed back into its original usable form only by the original person who encrypted the data.• It is used to protect information from unauthorized or accidental disclosure while the information is in transit (either electronically or physically) and while information is in storage.• Can be transformed back into its original usable form by anyone who possesses the appropriate decryption key.• Can’t be used as part of a Defense in Depth strategy for data protection• A, C, D• A, C, D and E
  15. 15. If your organization engages in information systems outsourcing, which of the following outsourcingsecurity principles should be applied?• A. Practice defense in depth• B. Follow the principle of least privilege• C. Follow the principle of random privilege• D. Compartmentalize• E. Promote privacy and accountability• F. Be reluctant to trust• G. A, B, D, E, F• H. All of the above• I. None of the above
  16. 16. In the reading “The Truth About ChineseHackers”, which of the following viewpoints were expressed by the author?• Cyber Attacks originating in China dont seem to be coordinated by the Chinese military.• The hackers in China perform hacking for two reasons: fame and glory, and as an attempt to make a living.• The Chinese government knows the leaders of the hacker movement and chooses to look the other way.• If anything, the fact that these groups arent being run by the Chinese government makes the problem worse.• All of the above• None of the above• A, C and D
  17. 17. In the reading “Cyberwar: Myth or Reality”, which of the following viewpoints were expressed by the author?• The best thing to do if you are a Cyberwar hacker is to infiltrate enemy computers and networks, spy on them, and surreptitiously disrupt select pieces of their communications when appropriate.• Within two days of the start of a war between the U.S. and Russia, the Internet will be totally unreliable.• The idea of Cyberwar is a clever scare tactic that hardware and software vendors perpetuate in order to sell more security related technologies and make more profit.• A and B• A and C• All of the above• None of the above
  18. 18. In the reading “Make Vendors Liable For Software Bugs”, which of the following viewpoints were expressed by the author?• Software vendors are in the best position to improve software security; as they have the capability.• There is a general rule in security to align interest with capability.• Interest must be aligned with capability, but you need to be careful how you generate interest.• Software vendors sometimes purposely and intentionally create software code with bugs, just so they can look like they care when they distribute software patches to fix the security holes• A, B, and C• A and D• All of the above
  19. 19. Which of the following statements does an accurate job of describing Dual Factor Authentication?• Providing proof of something you know and providing proof of something you have• Providing proof of something you know and providing proof something you are (fingerprint, retina scan, etc.)• Providing written proof of your age and providing written proof of your name• Providing proof of something you have and providing proof of something you are (fingerprint, retina scan, etc.)• Providing multiple passwords in order to gain access to a sensitive software application• A, B and D• A, B, D and E• All of the above• None of the above
  20. 20. Which of the following guidelines should included when establishing a strong password policy?• Passwords should be as long as possible (never shorter than 6 characters)• Passwords should introduce the use of multiple blank spaces in every password issued, if possible• Passwords should include mixed-case letters, if possible• Passwords should Include digits and punctuation marks, if possible• Obligate all users to change their password on their birthday and all non-religious holidays• Passwords should expire on a regular basis and may not be re-used• Users should be encouraged to create passwords which rhyme so that they are easy to remember• Passwords may not contain any portion of your name, birthday, address or other publicly available information• All of the above should be included when establishing a strong password policy• B, and on E only should be included when establishing a strong password policy• A, C, D, F and H should be included when establishing a strong password policy• A, B, C, D, F and H should be included when establishing a strong password policy
  21. 21. In lecture, we discussed several specific technologies for strong authentication. Which of the following authentication products can be beaten simply by using a photocopier to copy the user’s credential?• RSA SecurID One Time Password (OTP) device• Initech brand facial recognition Intruder Gate• Verisign brand personal digital certificates• Any Biometric retina scanner• DigiVault brand Zoster Fingerprint Assurance• Entrust brand Identity Guard• A, E and F• B and E• None of the above can be beaten simply by using a photocopier to copy the credential
  22. 22. Which of the following is a true statement about digital certificates?• Digital certificates are ALWAYS used in as the core technology in SSL connections to secure websites• A digital certificate can be thought of as a digital passport, which is either contained on a secure device, or on a hard disk• A digital certificate secured with a password, which makes it a dual factor authentication solution• A digital certificate can be used to authenticate machines as well as humans• Digital certificates have a low variable cost to produce individually, but a high fixed cost to setup the supporting system infrastructure• Can contain authorization data, such as birthday as well as authentication data, but this is rare• B, D, F and G• All of the above are true statements• None of the above are true statements
  23. 23. Which of the following is a true statement about Knowledge Based Authentication?• Knowledge Based Authentication authenticates the user via verification of life events, usually financial in nature• Most of this Knowledge Based Authentication information is publicly available and can be easily stolen by an outsider• The credit reports on which Knowledge Based Authentication is based often contain factual errors• A and C are true statements about Knowledge Based Authentication• B and C are true statements about Knowledge Based Authentication• All of the above are true statements about Knowledge Based Authentication• None of the above are true statements about Knowledge Based Authentication
  24. 24. In the reading entitled “Crypto AG, the NSA’s Trojan Whore”, in which country was Hans Buehler (a top Crypto AG salesman) arrestedin 1992, under suspicion of leaking encryption codes to Western intelligence?• Iraq• Iran• Russia• Syria• North Korea• Libya• Canada• None of the above
  25. 25. Which of the following is the correctdefinition for Symmetric Encryption?• A. A single shared key is used for both encryption and decryption.• B. A pair of related but different keys is used, one for Encryption and the other for Decryption.• C. Both A and B are correct definitions for Symmetric Encryption• D. None of the above are correct definitions for Symmetric Encryption
  26. 26. Which of the following is the correctdefinition for Asymmetric Encryption?• A. A single shared key is used for both encryption and decryption.• B. A pair of related but different keys is used, one for Encryption and the other for Decryption.• C. Both A and B are correct definitions for Asymmetric Encryption• D. None of the above are correct definitions for Asymmetric Encryption
  27. 27. Which of the following bestdescribes Steganography?• A. The process of protecting sensitive information in non- production databases from inappropriate visibility. After sanitization, the database remains perfectly usable. The look- and-feel is preserved, but the information content is secure.• B. The study of the principles and techniques by which information is overtly converted into a version that is difficult (ideally, impossible) for any unauthorized person to convert to the original information, while still allowing the intended reader to do so.• C. The art and science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realizes there is a covert (hidden) message• D. A and C• E. A and B• F. None of the above definitions describe Steganography• G. All of the above definitions describe Steganography
  28. 28. The three primary uses for personaldigital certificates are:• A. Authentication, Password Control, Shoulder Surfing• B. Digital Signing, Authentication, Data Retention• C. Encryption, Software Forensics, ISO Compliance• D. Encryption, Outsourcing, Digital Signing• E. Authentication, Digital Signing, Encryption• F. All of the above• G None of the above• H. A, B and C, except in cases in which the end user is a cow
  29. 29. Using the alphabet letter shifting method, decrypt themessage below, using the following formula, in which "e"represents the encrypted letter and "d" represents thedecrypted letter. "d" = "e" + 3Assume a 26 letter, circular alphabet in which the letter A=1,B=2, C=3, D=4, E=5, F=6, G=7, etc.• The secret message is: ZLTP XOB PILT• A. "COWS ARE COOL"• B. "COWS ARE FAST"• C. "COWS ARE SLOW"• D. "APES CAN WALK"• E. "COWS EAT APES"• F. None of the above
  30. 30. A Public Key Infrastructure (PKI) can perform which of the following functions?• A. Revoke digital certificates• B. Issue digital certificates• C. Distribute digital certificates• D. Make copies of digital certificates issued by other organizations• E. A, B and C• F. B, C and D• G. All of the above• H. None of the above
  31. 31. The relationship between Public Keys and Private Keys in a PKI is:• A. The Public Key is used to both encrypt and decrypt data and the Private Key is used for creating a digital signature only.• B. The Public Key is used for creating a digital signature only and the Private Key is used for both encrypting and decrypting data.• C. The Public Key is used for encrypting data and the Private Key is used for creating a digital signature and for decrypting data.• D. The Public Key is used for encrypting data and creating a digital signature and the Private Key is used for decrypting data and also for creating a digital signature• E. The Public Key is used for encrypting data, the Private Key is used for decrypting data, and an Intermediary Key is used for creating a digital signature.• F. A and E• G. All of the above are true.
  32. 32. The relationship between Public Keys and Private Keys in a PKI is:• A. The Public Key is used to both encrypt and decrypt data and the Private Key is used for creating a digital signature only.• B. The Public Key is used for creating a digital signature only and the Private Key is used for both encrypting and decrypting data.• C. The Public Key is used for encrypting data and the Private Key is used for creating a digital signature and for decrypting data.• D. The Public Key is used for encrypting data and creating a digital signature and the Private Key is used for decrypting data and also for creating a digital signature• E. The Public Key is used for encrypting data, the Private Key is used for decrypting data, and an Intermediary Key is used for creating a digital signature.• F. A and E• G. All of the above are true.
  33. 33. The term “Key Escrow” refers to:• The location where public and private keys are grown before they are distributed to users.• The ISO-9000 compliant method by which encryption, decryption and digital signing take place.• An arrangement in which the keys needed to decrypt encrypted data are copied and securely held in storage so that, under certain circumstances, an authorized third party may gain access to those keys.• A place where digital certificates go to retire when they get old.• C and D• A and B• All of the above• None of the above
  34. 34. Digital certificates all have expiration dates. Select the statement which best describes the benefits and drawbacks of short and long certificate lifetimes.• Certificates with short lifetimes provide a greater assurance of validity, but create greater operational difficulties in terms of renewal due to their need to be renewed on a more frequent basis. Certificates with long lifetimes provide less assurance of validity, but from an operational standpoint are easier to manage because they require less frequent renewal.• Certificates with long lifetimes provide a greater assurance of validity, but create greater operational difficulties in terms of renewal due to their need to be renewed on a less frequent basis. Certificates with short lifetimes provide less assurance of validity, but from an operational standpoint are easier to manage because they require more frequent renewal.• The length of a certificate lifetime, whether it is short or long has no impact on the operational support required to manage a PKI, because digital certificates renew automatically by using a Certificate Revocation List (CRL).• Certificates with short lifetimes are easier to renew than certificates with long lifetimes because certificates with short lifetimes are fresher and not as entrenched in the end user’s computer.• None of the above is true.• All of the above are true.
  35. 35. Which of the following is true in relation to Trusted Root Authorities?• A Trusted Root Authority is a digital certificate issuer recognized by all computers around the globe.• Root Certificates from Trusted Root Authorities are stored in each computer’s central certificate store.• To become a Trusted Root Authority in an Operating System or Internet Browser, your organization must undergo a stringent audit and pay a substantial sum of money, in most cases.• Users should remove Trusted Root Authorities from their computer at least once per year because Trusted Root Authorities digitally degrade over time and lose reliability after 14 months, in most cases.• Verisign is a well known Trusted Root Authority.• Your UW-Madison digital certificate is chained to a Root Authority which is not trusted outside of the University of Wisconsin System.• A, B, C, and D• A, B, C, and E• A, B, C, E and F• All of the above are true.• None of the above is true.
  36. 36. A digital signature on an email provides proof of which of the following:• That the email did indeed come from the purported (claimed) author, invalidating plausible denial.• That the email was sent at the time and date indicated within the email.• That the contents of the email have not been altered from the original form.• A and B• B and C• A and C• All of the above• None of the above
  37. 37. The following statements about Social Engineering is/are true:• Social Engineering involves the use of psychological tricks in order to get useful information about a system.• Social Engineering involves using psychological tricks to build inappropriate trust relationships with insiders• Kevin Mitnick is one of the world’s best known Social Engineers, and he has been quoted as saying “The weakest link in the security chain is the human element”• Social Engineering is successful because people are generally helpful, especially to those who are nice, knowledgeable and/or insistent.• The primary methods of Social Engineering are: flattery, authority Impersonation and threatening behavior.• A well known Social Engineering technique involves using financial bribery to get the information desired by the Social Engineer.• A, B and C• A, B, D and E• A, B, C, D and E• All of the above• Non of the above
  38. 38. Which of the following defensetechniques should Administrators use to keep Social Engineering from working?• Train employees to recognize situations in which they are being Socially Engineered.• Teach employees to use Pretexting as a counter measure against suspected Social Engineers.• Train employees to punch suspected Social Engineers in the face• Perform Social Engineering role playing drills with employees• Train employees on how to follow policies so that they will not become victims of Social Engineering.• A, D and E• A, B, D and E• All of the above• None of the above
  39. 39. Which of the following is/are true statement(s) about Road Apples?• A Road Apple uses physical media and relies on the curiosity or greed of the victim.• Using a Road Apple to infiltrate a company’s systems is also known as “Baiting”.• An example of a Road Apple is a USB drive or CD found in the parking lot, labeled with information which makes the potential victim curious about what is contained on the media.• A Road Apple which does not function as intended, is commonly referred to as a “Rotten Road Apple”• One way to partially combat Road Apples is to disable the “Autorun on inserted media” function on all corporate computers, although this method may not be 100% effective.• “Apple Seeding” is a term commonly used for viruses that spread across organizational boundaries, caused by Road Apples.• A, B, and C• A, B, C, D and F• A, B, C, and E• All of the above• None of the above
  40. 40. Which of the following statements arefalse, in relation to Digital Forensics?• A. Digital Forensics can pertain to legal evidence found in computers, digital storagedevices and media.• B. The goal of Digital Forensics is to explain the current state of a “digital artifact.”• C. In the realm of Digital Forensics, a digital artifact is a computer system, storage media (such as a hard disk or CD- ROM), an electronic document (e.g. an email message or JPEG image) or even a sequence of packets moving over a computer network.• D. Digital Forensics tools can be used to recover data in the event of a hardware or software failure.• E. Digital Forensics can be used to analyze a computer system after a break-in, for example, to determine how the attacker gained access and what the attacker did.• F. Digital Forensics can be used to gather evidence against an employee that an organization wishes to terminate.• G. Digital Forensics can be used to gain information about how computer systems work for the purpose of debugging, performance optimization, or reverse-engineering.• I. All of the above are false.• J. None of the above are false.
  41. 41. What does the term "Chain of Custody" mean?• A. The organizational management and reporting structure of an information systems organization• B. The statistical method used to determine who is to blame for a security breach in an organization• C. The ability to demonstrate who has had access to the digital information being used as evidence• D. The ISO-9000 endorsed method for tracking down how a virus was introduced into a secured network.• E. The method used to covertly install malicious software within a network, by using a Trojan or Worm.• F. The method used by Superhacker Kevin Mitnick, to hack mainframe computers in Malaysia.• G. C and D• H. None of the above
  42. 42. What are the five generic steps usedin the Digital Forensics process?• A. Preparation of the investigator, Staging of the crime scene, Examination, Analysis, Reporting• B. Preparation of the investigator, Collection of data, Examination, Fortification of data, Analysis• C. Preparation of the investigator, Creation of data, Manipulation of data, Examination, Reporting• D. Preparation of the investigator, Creation of data, Examination, Analysis, Reporting• E. Preparation of the investigator, Collection of data, Examination, Analysis, Reporting• F. Preparation of the investigator, Collection of data, Alteration of data, Analysis, Examination• G. Preparation of the investigator, Collection of data, Examination, Analysis, Reporting• H. None of the above
  43. 43. Which of the following are important data handling processes?• A. Establish and maintain the chain of custody.• B. Handle the original evidence as little as possible to avoid changing the data.• C. If important data is missing, do your best to re-create it using an educated guess, based on everything you know about the situation and your experience in similar situations.• D. Document everything that has been done.• E. Only use tools and methods that have been tested and evaluated to validate their accuracy and reliability.• F. Wash your hands thoroughly before handling any internal hard disks.• G. Your first priority should be to immediately make two backup copies of the data, regardless of the situation.• H. Turn off the computer containing the important data as soon as you arrive on the scene, to avoid any potential further loss of data.• I. All of the above are important data handling processes.• J. None of the above are important data handling processes.• J. A, B, C, D, and E• K. A, B, D, and E• L. A, B, D, E, and H
  44. 44. What makes Knoppix a good tool for use in Digital Forensics collection situations?• A. Knoppix can be loaded directly from a CD.• B. Knoppix can be loaded from a USB flash drive.• C. Knoppix already comes pre-loaded on most machines, and can be loaded directly from where it resides in the boot sector of the hard disk.• D. Knoppix will not alter data on the hard disk• E. A, B and D• F. All of the above are things which make Knoppix a good tool for use in Digital Forensics collection situations.• G. None of the above are things which make Knoppix a good tool for use in Digital Forensics collection situations because Knoppix is fake vaporware, which does not even exist!!!
  45. 45. Which piece of Digital Forensicsevidence was critical in the capture ofthe BTK Killer?• A. Fingerprints left on a floppy disk, which was sent to the police by the suspect.• B. A digital photograph taken with a hidden camera setup in the suspects home.• C. Data gathered from the suspects MySpace webpage.• D. Emails from the suspect which were collected by AT&Ts NARUS device, based on keyword filtering, which were then turned over to the FBI for analysis.• E. Metadata which was unknowingly included in a Microsoft Word document, which was sent on a floppy disk to the police, by the suspect.• F. A, and E• G. All of the above• H. None of the above
  46. 46. Which of the following could anIntrusion Detection System (IDS)detect?• A. Employees photocopying information at Kinkos, against company policy.• B. Which files have been backed up onsite and which files have been backed up offsite.• C. When sensitive information leaves the building on CD- ROM or USB drive.• D. Host Based Attacks (privilege escalation)• E. Malware, Viruses, Trojan Horses and Worm related activities on the network• F. Attacks against a specific service, such as File Transfer Protocol (FTP)• G. Data driven attacks at the application layer. For example, an SQL injection error is a data driven attack.• H. A, B, and C• I. D, E, F, and G• J. All of the above can be detected by an Intrusion Detection system.• K. None of the above can be detected by an in Intrusion Detection system.
  47. 47. Which of the following correctly defines each of the three components of an Intrusion Detection System (Sensors, Console and Engine)?• A. Sensors = Monitors events, alerts and controls sensors• Console = Generate security events such as log files• Engine = Analyzes the data using artificial I ntelligence to generate alerts from the events received• B. Sensors = Analyzes the data using artificial intelligence to generate alerts from the events received• Console = Monitors events, alerts and controls sensors• Engine = Generate security events such as log files• C. Sensors = Generate security events such as log files• Console = Monitors events, alerts and controls sensors• Engine = Analyzes the data using artificial intelligence to generate alerts from the events received• None
  48. 48. Which of the following is/are type(s) of Intrusion Detection Systems described in the lecture slides on Intrusion Detection Systems?• A. Network Based Intrusion Detection System (NDS)• B. Protocol Based Intrusion Detection System (PIDS)• C. Language Based Intrusion Detection System (LIDS)• D. Stationary Based Intrusion Detection System (SIDS)• E. Platform Based Intrusion Detection System (PIDS)• F. Laptop Based Intrusion Detection System (LIDS)• G. Centralized Output Workflow System (COWS)• H. Stand Alone Storage Intrusion Detection System (SASIDS)• I. Application Protocol Based Intrusion Detection System (APIDS)• J. Host Based Intrusion Detection System (HIDS)• K. Hybrid System• L. A, B, I, J, K• M. A, B, C, D, E, F, I, J• N. A, B, D, F, G, H• O. A, B, D, E, F, G, I, J,• P. All of the above is/are type(s) of Intrusion Detection Systems described in the lecture slides on Intrusion Detection Systems?• Q. None of the above is/are type(s) of Intrusion Detection Systems described in the lecture slides on Intrusion Detection Systems?
  49. 49. How is a Firewall different from an Intrusion Detection System (IDS)?• A. Firewalls look outwardly and protect from external attacks• B. An IDS evaluates a suspected intrusion after it has taken place and signals an alarm.• C. An IDS also watches for attacks that originate from within a system.• D. A Firewall is hot to the touch (that is why it is called a Firewall), and IDS systems are always cold to the touch.• E. A and B• F. A, B, and C• G. All of the above• H. None of the above
  50. 50. A Unified Threat Management (UTM)appliance can perform which of thefollowing functions?• A. Firewall• B. Spell checking• C. Provide emergency power to servers, from its internal backup batteries• D. Detect software logic bugs• E. Virus Scanning• F. Content Filtering• G. VPN• H. Anti-Spam• I. Intrusion Detection and Prevention• J. A, C, E, F, G, H and I• K. A, D, E, F, G, H and I• L. A, E, F, G, H, and I.• M. All of the above• N. None of the above
  51. 51. HIPAA, SOX and GLB all require similar mechanisms for protection of data. These data protection mechanisms are:• A. Authentication of sender and receiver of data• B. Recreation of missing data• C. Auditing of data• D. Protection of data, usually involving the use of encryption• E. Deletion of any data which contains personal information about customers.• F. Data Integrity Proof, usually involving use of digital signatures• G. A, C, D• H. A, C, D and F• I. A, C, D, E and F• J. A, C, D and E• K. All of the above• L. None of the above
  52. 52. Which of the following accurately define the terms vulnerability and exploit?• A. A security risk with one or more known instances of working and fully-implemented attacks is classified as an exploit.• B. A security risk is classified as a vulnerability if it is recognized as a possible means of attack.• C. A security risk with one or more known instances of working and fully-implemented attacks is classified as a vulnerability.• D. A security risk is classified as an exploit if it is recognized as a possible means of attack.• E. A and B accurately define and describe vulnerabilities and exploits• F. C and D accurately define and describe vulnerabilities and exploits• E. All of the above accurately define and describe vulnerabilities and exploits• F. None of the above accurately define and describe vulnerabilities and exploits
  53. 53. The difference between Limited Disclosure and Responsible Disclosure is:• A. Limited Disclosure means that full details of a vulnerability and/or exploit should go to a restricted community of developers and vendors, and only information about the general existence of the problem is released to the public, while Responsible Disclosure advocates that full and public disclosure should be preceded by disclosure of the vulnerability to the vendors or authors of the system. This private advance disclosure allows the vendor time to produce a fix or workaround.• B. Responsible Disclosure means that full details of a vulnerability and/or exploit should go to a restricted community of developers and vendors, and only information about the general existence of the problem is released to the public, while Limited Disclosure advocates that full and public disclosure should be preceded by disclosure of the vulnerability to the vendors or authors of the system. This private advance disclosure allows the vendor time to produce a fix or workaround.• C. Neither of the above statements correctly describe the difference between Limited Disclosure and Responsible Disclosure.
  54. 54. What happens in a Buffer Overflow exploit?• A. A process attempts to store data beyond the boundaries of a fixed-length storage area in memory.• B. User input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.• C. An application is ordered to access a computer file in hard disk storage that is not intended to be accessible.• D. Web applications unintentionally allow code injection by malicious web users into the web pages viewed by other users• E. A and B• F. C and sometimes D• G. All of the above• H. None of the above
  55. 55. Which of the following are not classified as elements of Physical Security?• A. Material obstacles such as walls and fences are put in place, to frustrate trivial attackers and delay serious ones.• B. Alarms, security lighting, and security guard patrols are used and closed-circuit television cameras are viewed by guards, to make it likely that attacks will be noticed.• C. Network traffic is monitored by an automated Intrusion Detection System, for potential Denial of Service attacks.• D. Security forces (guards) respond to alarms, to repel, catch or frustrate attackers when an attack is detected.• E. A and B are not elements of Physical Security.• F. All of the above are not elements of Physical Security.
  56. 56. How are "Honeypots" used as part of anetwork security strategy?• A. "Honeypots" are essentially decoy network- accessible resources, purposely designed and deployed with known vulnerabilities, to attract attackers. A Honeypot computer could be deployed in a network as surveillance and/or early-warning tool to warn that someone is snooping or probing the network for vulnerabilities. B. "Honeypot" is a 100% imaginary made-up term that means nothing at all. We never studied "Honeypots" in class.• C. “Honeypots” are essentially computers which are designed to trap hackers in a data hive and disable the attacking machine through intrusion quarantine so that the hacker can’t attack other machines on the network.• D. A and C• E. None of the above
  57. 57. The generic Change Control process westudied in class consists of how many discrete steps?• A. 4• B. 7• C. 3• D. 5• E. 8• F. 6• G. None of the above
  58. 58. Class Project• Pick a public traded company or organization with international as well as domestic operations• Fill out Security Audit Template (by hand is fine, but please print carefully, so I can read it.)• Write a five page Executive Summary• Prepare a 20-25 Powerpoint presentation and prepare for 5 minutes of questions
  59. 59. Rest of Today and Thursday• Meet with your team member today.• Pick company or organization and send to Nick via email• Read through template today, together• Thursday, we will cover entire template in class• Next Tuesday, Nick will give a presentation of Coca-Cola as an example, along with an Executive Summary.• Thursday the 13th of November will be a group work day…I’ll be in class to answer questions• Tuesday the 18th will be current events in IT Security, class day• Thursday the 20th of November will be a group work day…I’ll be in class to answer questions• First presentations will be the 25th of November

×