Shared Flashcard Set

Details

security chp 1-8
mid-term
98
Computer Science
Undergraduate 1
03/29/2013

Additional Computer Science Flashcards

 


 

Cards

Term
The policies of the Bell-LaPadula model are
Definition
*-Property (no write down) and Simple Security Rule (no read up)
Term
The term "script kiddies" refers to
Definition
A hacker of low-end technical ability
Term
What is an elite hacker?
Definition
A hacker with a high level of technical ability
Term
Users on your network receive an e-mail warning them of a dangerous computer virus. It instructs the user to delete files it claims were put there by the virus, but they are actually critical system files. This is an example of
Definition
A hoax
Term
Locks, sign-in logs, and security guards are examples of
Definition
Access controls.
Term
Locks, sign-in logs, and security guards are examples of
Definition
Access controls.
Term
What is an unstructured threat?
Definition
An attack that is uncoordinated, nonspecific, and lasts a short amount of time
Term
What is a structured threat?
Definition
An attack that uses coordination, insiders, and lasts for a long period of time
Term
What is Solar Sunrise?
Definition
An attack that was made to look like an attack from Iraq, but was actually made by two teenagers from California who got training in Israel
Term
All of the following are techniques used by a social engineer EXCEPT
Definition
An attacker runs a brute force attack on a password.
Term
Which of the following is NOT an example of a poor security practice?
Definition
An employee does not allow a person he is talking to, to enter a secured area behind him before showing proper credentials.
Term
Which of the following is a security model that uses transactions as the basis for its rules?
Definition
Clark-Wilson
Term
What is the most common threat to information security in an organization?
Definition
Computer viruses
Term
The company CIO wants you and your team to check the security of the network by simulating an attack by malicious individuals. He is asking you to
Definition
Conduct a penetration test
Term
The outermost layer of physical security should
Definition
Contain the most publicly visible activities
Term
The most sensitive equipment should be located
Definition
Deep inside the organization
Term
The IDS fails to alert on an intruder's ping sweep and port scan. This is a failure of which element of the operational model of computer security?
Definition
Detection
Term
Attackers need a certain amount of information before launching their attack. One common place to find information is to go through the trash of the target to find information that could be useful to the attacker. This process of going through a target's trash is known in the community as
Definition
Dumpster diving
Term
Which of the following is not a common wireless communications method?
Definition
E.A.R.S. system
Term
What is the problem described by the van Eck phenomenon and studied under TEMPEST?
Definition
Electromagnetic eavesdropping
Term
The first step an administrator can take to reduce possible attacks is to
Definition
Ensure all patches for the operating system and applications are installed
Term
What is a good first step for companies to take to fight potential social engineering attacks?
Definition
Establish policies and procedures dictating the roles and responsibilities all users, as well as security administrators
Term
Bob works in a small office with a network of computers. Bob, along with all the other employees, is responsible for securing his own computer on the network. This is an example of network security
Definition
FALSE
Term
Computer security and information assurance are the same thing
Definition
FALSE
Term
The steps an attacker takes in attempting to penetrate a targeted network are extremely different from the ones that a security consultant performing a penetration test would take.
Definition
FALSE
Term
There are three general reasons a particular computer system is attacked: It is specifically targeted by the attacker, it is a target of opportunity, or it is a target that was specified to be attacked by a larger criminal organization.
Definition
FALSE
Term
Operating systems and applications all implement rights and permissions the same way.
Definition
False
Term
Social engineers attempt to exploit the natural tendencies of people. They do this by
Definition
First trying to evoke sympathy; if this fails, then by fear of confrontation
Term
Social engineers attempt to exploit the natural tendencies of people. They do this by
Definition
First trying to evoke sympathy; if this fails, then by fear of confrontation
Term
A fire suppression system that is safe for equipment, but dangerous for humans is
Definition
Halon
Term
Who is Kevin Mitnick?
Definition
He used social engineering, sniffers, and cloned cell phones to gain unauthorized access to networks belonging to Motorola, Novell, Fujitsu, and Sun Microsystems
Term
Background checks, drug testing, retirement, and termination are elements found in which type of policy?
Definition
Human resources
Term
What is a port scan?
Definition
Identifies ports that are open and services that are running
Term
If the system is infected with a time bomb, it means that
Definition
It has a piece of malicious code that will be triggered at a certain time
Term
The database administrator falls ill and is not able to come to work for three weeks. No one else in the company knows how to administer the database server. This is a result of not following which principle?
Definition
Job rotation
Term
Reducing the number of services to the least number necessary for it to properly perform its functions is an example of which principle?
Definition
Keep it simple
Term
When information is disclosed to individuals not authorized to see it, you have suffered a
Definition
LOST OF CONFIDENTIALITY
Term
Ensuring that users have access only to the files they need to complete their tasks is an example of which principle?
Definition
Least privilege
Term
When users are unable to access information or the systems processing information, you may have suffered a
Definition
Loss of availability
Term
A successful attack on a network may adversely impact security in all the following ways EXCEPT
Definition
Loss of functionality
Term
What was the Slammer Worm/Virus?
Definition
Malware that exploited Microsoft SQL Server and spread across the world in just 10 minutes
Term
When creating a password, users tend to use
Definition
Names of family, pets, or teams
Term
Which of the following is the weakest password
Definition
P@$$w0rd
Term
IEEE 802.11 is a set of standards suited for
Definition
Personal area networks
Term
The incident response team reviewed the security logs and discovered that the network had been breached, due to a misconfigured firewall. This is a failure of which element of the operational model of computer security?
Definition
Prevention
Term
The policies of the Biba model are?
Definition
Ring (no read down) and Low-Water-Mark (no write up
Term
A database server is put on the network by the for a project manager. No one is told it is there except for the project manager, so that he can work on it without worrying that other individuals will try to get to it. This is an example of which principle?
Definition
Security through obscurity
Term
A person parks his car by an ATM, sets up a small camera discreetly pointed at ATM keypad, and then pretends to be going through bank papers in his car. This would be an example of
Definition
Shoulder surfing
Term
The three types of authentication used for access control are
Definition
Something you have, something you know, something you are
Term
A fire suppression system that is safe for humans, but will destroy equipment is
Definition
Sprinkler-based systems
Term
Making the effort to compromise a system more costly than the value of accomplishing it is the goal of security
Definition
TRUE
Term
Fifty years ago, few people had access to a computer system or network, so securing them was a relatively easy matter.
Definition
TRUE
Term
As the level of sophistication of attacks has increased,
Definition
The level of knowledge necessary to exploit vulnerabilities has decreased
Term
Why is the Morris worm significant?
Definition
This was the first large-scale attack on the Internet
Term
The first step an administrator can take to minimize possible attacks is to ensure that all patches for the operating system and applications are installed
Definition
True
Term
According to the Computer Crime and Security Survey, the four types of attacks that increased from 2007 to 2008 were
Definition
Unauthorized access, theft/loss of proprietary information, misuse of web applications, and DNS attacks
Term
When an attacker attempts to get credit card numbers using telephone and voice technologies, it's called
Definition
Vishing
Term
Information warfare is?
Definition
Warfare conducted against information and information processing equipment
Term
Bob inadvertently disconnects the cable from the company file server. This creates a problem of ________.
Definition
availability
Term
Jane is in the finance department. Although she should not be able to open files or folders from the marketing department, she can and does. This a problem of ___________.
Definition
confidentiality
Term
Three means of establishing auditability: something you know, something you have, or something you are.
Definition
false
Term
The Code Red Worm spread to 350,000 computers in just over a week.
Definition
false
Term
The A in CIA refers to the term auditability.
Definition
false
Term
Bob works in a small office with a network of computers. Bob, along with all the other employees, is responsible for securing his own computer on the network. This is an example of network security.
Definition
false
Term
Operating systems and applications all implement rights and permissions the same way.
Definition
false
Term
The biggest change that has occurred in security over the last 30 years has been the change in the computing environment from small, tightly contained mainframes to a highly widespread network of much larger systems.
Definition
false
Term
Leaving sensitive information in a car is appropriate if the doors are locked and the files are not in plain view.
Definition
false
Term
Halon is effective at putting out fires and safe for humans but can damage equipment.
Definition
false
Term
Standards are recommendations relating to a policy.
Definition
false
Term
A good security practice is to choose one good password and use it for all of your various accounts.
Definition
false
Term
Hoaxes, while a potential nuisance, can not cause any real harm to your data.
Definition
false
Term
Spear phishing is when an attacker attempts to redirect a user to a bogus web site that appears similar to the web site the user had intended to access.
Definition
false
Term
TEMPEST is a program developed by the US department of defense to protect equipment from the ill effects of weather and other natural disasters.
Definition
false
Term
UPS is short for keeping UP Services.
Definition
false
Term
Jane is in the finance department. Although she should not be able to modify files or folders from the marketing department, she can, and does. This a problem of ___________.
Definition
integrity
Term
Joe sends a scathing e-mail to his boss regarding increased work hours. Joe tries to deny sending the e-mail, but is unable to due to the use of digital signatures. This is an example of ________.
Definition
nonrepudiation
Term
During the day, it takes an employee twice as long to retrieve files from the server that is under attack. The attack has resulted in a degradation of availability.
Definition
true
Term
Access controls, firewalls, and encryption are technologies used for prevention
Definition
true
Term
All applications, scripts, and batch files run in the same security context of the user who is logged in at the time.
Definition
true
Term
Backups, incident response teams, and computer forensics are response technologies
Definition
true
Term
The first step an administrator can take to minimize possible attacks is to ensure that all patches for the operating system and applications are installed
Definition
true
Term
Auditability refers to whether a control can be verified as functioning or not.
Definition
true
Term
Phishing is the most common form of social engineering attack related to computer security.
Definition
true
Term
Shoulder surfing is when a person looks over the shoulder of another person while typing pins or passwords.
Definition
true
Term
Voice recognition, iris scans, and facial geometry can be used for biometric access controls.
Definition
true
Term
Shoulder surfing is when a person looks over the shoulder of another person while typing pins or passwords.
Definition
true
Term
Procedures are high-level, broad statements of what the organization wants to accomplish.
Definition
true
Term
A critical piece of equipment that provides power to systems even during a black out is called a(n) _______________.
Definition
uninterruptible power supply
Term
counter-controlled
Definition
A for loop provides a convenient way to create a(n) ____ loop.
Term
prefix increment operator
Definition
When you want to increase a variable’s value by exactly 1, use the ____.
Term
indefinite
Definition
A loop controlled by the user is a type of ____ loop.
Term
60
Definition
How many times will outputLabel be called?
for(customer = 1; customer <= 20; ++customer)
for(color = 1; color <= 3; ++color) {
outputLabel();
}
}
Term
while
Definition
Use a(n) ____ loop to execute a body of statements continually as long as the Boolean expression that controls entry into the loop continues to be true.
Term
loop
Definition
A(n) ____ is a structure that allows repeated execution of a block of statements.
Term
equal sign
Definition
In Java, the ____ assigns a value to the variable on the left.
Term
the loop control variable is false
Definition
In a do...while loop, the loop will continue to execute until ____.
Term
validating data
Definition
____ is the process of ensuring that a value falls within a specified range.
Term
negative
Definition
You use a unary minus sign preceding a value to make the value ____.
Supporting users have an ad free experience!