Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

DCOM 212 Final: Cybersecurity Concepts and Practices, Exams of Nursing

A series of questions and answers related to cybersecurity concepts and practices, covering topics such as honeypots, intrusion detection systems, and digital forensics. It provides a basic understanding of these concepts and their applications in protecting computer systems from attacks.

Typology: Exams

2023/2024

Available from 11/15/2024

mad-grades
mad-grades 🇺🇸

3.5

(2)

3.2K documents

Partial preview of the text

Download DCOM 212 Final: Cybersecurity Concepts and Practices and more Exams Nursing in PDF only on Docsity!

DCOM 212 Final

A(n) ____________________ is a honey pot that has been protected so that it cannot be easily compromised - correct answer padded cell When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) honeynet. _________________________ - correct answer True ____________________ is the process of attracting attention to a system by placing tantalizing bits of information in key locations. - correct answer Enticement A(n) ____________________ system contains pseudo-services that emulate well-known services, but is configured in ways that make it look vulnerable to attacks. - correct answer honeypot __________ is the action of luring an individual into committing a crime to get a conviction - correct answer Entrapment When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) ____________________. - correct answer honey net If you see a /16 in the header of a snort rule, what does it mean - correct answer the subnet mask is 255.255.0. Enticement is the action of luring an individual into committing a crime to get a conviction. - correct answer False Security tools that go beyond routine intrusion detection include honeypots, honeynets and padded cell systems - correct answer True When using trap-and-trace, the trace usually consists of a honeypot or padded cell and an alarm. - correct answer False

__________ are decoy systems designed to lure potential attackers away from critical systems. - correct answer Honeypots __________ applications use a combination of techniques to detect an intrusion and then trace it back to its source. - correct answer Trap and trace A padded cell is a hardened honeynet. - correct answer False The process of entrapment is when an attacker changes the format and/or timing of their activities to avoid being detected by an IDPS. - correct answer False Which method for detecting certain types of attacks uses an algorithm to detect suspicious traffic, is resource intensive, and requires extensive tuning and maintenance? - correct answer heuristic Remediation would include the cleaning of systems, rebuilding from installation media, or abandonment due to persistent mechanisms installed in the hardware - correct answer True __________ collect data the ingress and egress from a host system - correct answer Agent Incident levels would include - correct answer Represents the highest degree of threat Represents a more serious threat Might be managed quickly Anomaly-based systems permit a custom rule base which would allow the IDPS to be used immediately - correct answer False

Focuses on the presumed nature of the adversary - correct answer threat-centric approach Once the IDPS database has been installed and the data has been collected the next step of the intrusion detection examination should be taken - correct answer Send alert messages Log & review events Assess the damage from the cyber security personnel Escalate Response from the IDPS __________Breach of an individual host system - correct answer Event Sensors on network segments cannot capture all packets if traffic levels become too heavy - correct answer True IDPS detection software - correct answer Compares captured datagrams with information stored in the database Which of the following are phases of the NSM process - correct answer Analysis Collection

Resolution Focuses on the presumed nature of the victim computers - correct answer asset-centric approach The line between acceptable & unacceptable network use is not always clear - correct answer True __________Policy violations or computer security incidents - correct answer Intrusions __________ Group very similar alarms that have occurred nearly simultaneously in to a single higher alarm - correct answer Alarm clustering & compaction Signature-based IDPS require a "training" period for the network to observe network traffic - correct answer False Log processes are composed of: - correct answer transport method log collector log source __________Examines data and might occupy the a system to identify and detect advanced threats - correct answer Hunter-killer Which of the following are phases of the security cycle: - correct answer Planning

Resistance Detection possible risk mitigation tactics - correct answer Implement a local firewall rule or kernel-level filter to deny the computer the ability to communicate with other computers Implement a routing change to prevent the computer from communicating with other computers. Put the computer in hibernate mode. (Don't turn it off; you will lose valuable volatile data in memory.) __________ Process of classifying IDPS alerts for the purpose of effective management - correct answer Alarm Filtering __________ collect data by analyzing packets - correct answer Network Sensors After a judge approves and signs a search warrant, the _______ is responsible for the collection of evidence as defined by the warrant - correct answer Digital Evidence First Responder _______ is not one of the functions of the investigations triad. - correct answer Data recovery The _______ is responsible for analyzing data and determining when another specialist should be called in to assist with analysis. - correct answer Digital Evidence Specialist A chain-of-evidence form, which is used to document what has and has not been done with the original evidence and forensic copies of the evidence, is also known as a(n) _______. - correct answer evidence custody form

What tool, currently maintained by the IRS Criminal Investigation Division and limited to use by law enforcement, can analyze and read special files that are copies of a disk? - correct answer ILook Which amendment to the U.S. Constitution protects everyone's right to be secure in their person, residence, and property from search and seizure? - correct answer Fourth Amendment Signed into law in 1973, the _______ was/were created to ensure consistency in federal proceedings - correct answer Federal Rules of Evidence Within a computing investigation, the ability to perform a series of steps again and again to produce the same results is known as - correct answer repeatable findings _______ is not recommended for a digital forensics workstation. - correct answer Remote access software What is a bit-stream image - correct answer bit-stream image is a file containing a bit-stream copy of all data on a disk or disk partition, and is usually referred to as an "image," "image save," or "image file." Basic report writing involves answering the six Ws. What are they? - correct answer The six Ws are who, what, when, where, why, and how _______ is the term for a statement that is made by someone other than an actual witness to the event while testifying at a hearing. - correct answer Hearsay What does FRE stand for? - correct answer Federal Rules of Evidence In the United States, ____________ and similar agencies must comply with state public disclosure and federal Freedom of Information Act (FOIA) laws, and make certain documents available as public records

  • correct answer NGO You must abide by the _______ while collecting evidence. - correct answer Fourth Amendment

State public disclosure laws apply to state records, but FOIA allows citizens to request copies of public documents created by federal agencies. - correct answer True The Fourth Amendment states that only warrants "particularly describing the place to be searched and the persons or things to be seized" can be issued. The courts have determined that this phrase means a warrant can authorize a search of a specific place for anything. - correct answer False The ability to obtain a search warrant from a judge that authorizes a search and seizure of specific evidence requires sufficient _______. - correct answer probable cause The ______________ rule states that to prove the content of a written document, recording, or photograph, ordinarily the original writing, recording, or photograph is required. - correct answer best evidence What should you do while copying data on a suspect's computer that is still live? - correct answer Make notes regarding everything you do. ________________ can be any information stored or transmitted in digital form - correct answer Digital evidence The ____________________ doesn't extend to supporting a general exploratory search from one object to another unless something incriminating is found. - correct answer plain view doctrine As a general rule, what should be done by forensics experts when a suspect computer is seized in a powered-on state? - correct answer The decision should be left to the Digital Evidence First Responder (DEFR _______ is a common cause for lost or corrupted evidence. - correct answer Professional curiosity Which system below can be used to quickly and accurately match fingerprints in a database? - correct answer Automated Fingerprint Identification System (AFIS)

Digital evidence is volatile therefore a slow response should be used to ensure digital evidence is not lost

  • correct answer False __________ when two different keys hash to the same value - correct answer Collision Facts of the case, plans, and objectives of the investigation should be reviewed prior to the intiation of a search - correct answer True A hash value is a __________ __________ that translates a file into hexadecimal code value - correct answer Mathematical formula _______ would not be found in an initial-response field kit - correct answer. Leather gloves and disposable latex gloves You may need to look for specialists in - correct answer RAID servers Databases OSs If practical, _______ team(s) should collect and catalog digital evidence at a crime scene or lab. - correct answer one When seizing digital evidence in criminal investigations, whose standards should be followed? - correct answer U.S. DOJ