Information Security Concepts and Techniques, Exams of Information Technology

A wide range of information security topics, including risk assessment, asset identification, authentication mechanisms, access control models, cryptographic algorithms, public key infrastructure, and common security awareness issues. It also delves into various types of attacks and vulnerabilities, such as social engineering, buffer overflows, race conditions, input validation attacks, and database security issues. Solutions and explanations for these concepts, making it a comprehensive resource for understanding the fundamental principles and techniques in the field of information security. The level of detail and the breadth of topics covered suggest that this document could be useful for university-level courses or as a reference for security professionals.

Typology: Exams

2023/2024

Available from 09/13/2024

Emma_Johnson
Emma_Johnson šŸ‡¬šŸ‡§

2.1K documents

1 / 26

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
C836 MULTI/COMPREHENSIVE FINAL EXAM
REVIEW with verified Solutions
The Fabrication attack type most commonly affects which principle(s) of the
CIA triad?
A. Availability
B. Integrity
C. Confidentiality
D. Integrity and Availability
E. Confidentiality and Integrity - Solution Integrity and Availability
The Interception attack type most commonly affects which principle(s) of
the CIA triad? This task contains the radio buttons and checkboxes for
options. The shortcut keys to perform this task are A to H and alt+1 to
alt+9.
A.Integrity and Availability
B.Confidentiality and Integrity
C.Availability
D.Integrity
E.Confidentiality - Solution Confidentiality
Something that has the potential to cause harm to our assets is known as
a(n) ________.
A.Threat
B.Impact
C.Risk
D.Vulnerability - Solution Threat
Controls that protect the systems, networks, and environments that
process, transmit, and store our data are called _______.
A.Logical controls
B.Administrative controls
C.Physical controls - Solution Logical Control
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a

Partial preview of the text

Download Information Security Concepts and Techniques and more Exams Information Technology in PDF only on Docsity!

C836 MULTI/COMPREHENSIVE FINAL EXAM

REVIEW with verified Solutions

The Fabrication attack type most commonly affects which principle(s) of the CIA triad? A. Availability B. Integrity C. Confidentiality D. Integrity and Availability E. Confidentiality and Integrity - Solution Integrity and Availability The Interception attack type most commonly affects which principle(s) of the CIA triad? This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A.Integrity and Availability B.Confidentiality and Integrity C.Availability D.Integrity E.Confidentiality - Solution Confidentiality Something that has the potential to cause harm to our assets is known as a(n) ________. A.Threat B.Impact C.Risk D.Vulnerability - Solution Threat Controls that protect the systems, networks, and environments that process, transmit, and store our data are called _______. A.Logical controls B.Administrative controls C.Physical controls - Solution Logical Control

What is the first and arguably one of the most important steps of the risk management process? A.Assess risks B.Mitigate risks C.Identify threats D.Assess vulnerabilities E.Identify assets - Solution Identify assets Protects information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction - Solution information security A type of attack, primarily against confidentiality - Solution Interception Something that has the potential to cause harm to our assets - Solution Threat A weakness that can be used to harm us - Solution Vulnerability The likelihood that something bad will happen - Solution Risk An attack that involves tampering with our assets - Solution Modification attack A model that adds three more principles to the CIA triad: possession or control, utility, and authenticity - Solution Parkerian hexad The physical disposition of the media on which the data is stored - Solution Possession or control An attack that involves generating data, processes, communications, or other similar activities with a system - Solution Fabrication attack A multilayered defense that will allow us to achieve a successful defense should one or more of our defensive measures fail - Solution Defense in depth

A user who creates a network share and sets permissions on that share is employing which model of access control? This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A. Mandatory access control B. Discretionary access control C. Attribute-based access control D. Role-based access control - Solution Discretionary access control What type of access control can prevent the confused deputy problem? This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A.ACLs B.A password policy C.Capability-based security D.A locked door - Solution Capability-based security Confidential Services Inc. is a military-support branch consisting of 1, computers with Internet access and 250 servers. All employees are required to have security clearances. From the options listed below, what access control model would be most appropriate for this organization? This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A.Discretionary access control B.Role-based access control C.Attribute-based access control D.Mandatory access control - Solution D.Mandatory access control A VPN connection that is set to time out after 24 hours is demonstrating which model of access control? This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A.Mandatory access control B.Role-based access control C.Attribute-based access control D.Discretionary access control - Solution Attribute-based access control

Lesson: Authorization and Access Control Objective: More Advanced States that we should allow only the bare minimum access required in order for a given party (person, user account, or process) to perform a needed functionality - Solution Principle of least privilege Typically built to a certain resource, these contain the identifiers of the party allowed to access the resource and what the party is allowed to do. - Solution Access control lists (ACLs) In this method of security, a person's capabilities are oriented around the use of a token that controls their access (e.g. a personal badge) - Solution Capability-based security A type of attack that is more common in systems that use ACLs rather than capabilities - Solution The confused deputy problem A type of attack that misuses the authority of the browser on the user's computer - Solution Cross-site request forgery (CSRF) Access is determined by the owner of the resource in question - Solution Discretionary access control (DAC) Similar to MAC in that access controls are set by an authority responsible for doing so, rather than by the owner of the resource. In this model, access is based on the role the individual is performing - Solution Role- based access control (RBAC) Access is based on attributes (of a person, a resource, or an environment)

  • Solution Attribute-based access control Designed to prevent conflicts of interest; commonly used in industries that handle sensitive data. Three main resource classes are considered in this model: objects, company groups, and conflict classes. - Solution The Brewer and Nash model A combination of DAC and MAC, primarily concerned with the confidentiality of the resource. Two security properties define how

checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A.Deterrence B.Nonrepudiation C.Intrusion detection and prevention D.Authentication E.Authorization - Solution B.Nonrepudiation _______ provides us with the means to trace activities in our environment back to their source. This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A.Access B.Authentication C.Accountability D.Authorization E.Nonrepudiation - Solution C.Accountability Backordered Parts is a defense contractor that builds communications parts for the military. The employees use mostly Web-based applications for parts design and information sharing. Due to the sensitive nature of the business, Backordered Parts would like to implement a solution that secures all browser connections to the Web servers. What encryption solution best meets this company's needs? This task contains the radio buttons and checkboxes for options. A.Elliptic Curve Cryptography (ECC) B.Digital signatures C.Advanced Encryption Standard (AES) D.Blowfish - Solution A.Elliptic Curve Cryptography (ECC) Lesson: Cryptography Objective: Alert! Question 3 : We are somewhat limited in our ability to protect which type of data? This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A.Data at rest B.Data in motion C.Data in use - Solution C.Data in use he science of breaking through encryption is known as _____. This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A.Ciphertext B.Cryptology C.Cryptography D.Cryptanalysis - Solution D.Cryptanalysis The specifics of the process used to encrypt the plaintext or decrypt the ciphertext - Solution Cryptographic algorithm Also known as private key cryptography, this uses a single key for both encryption of the plaintext and decryption of the ciphertext - Solution Symmetric key cryptography Example: AES A type of cipher that takes a predetermined number of bits in the plaintext message (commonly 64 bits) and encrypts that block - Solution Block cipher A type of cipher that encrypts each bit in the plaintext message, 1 bit at a time - Solution Stream cipher A set of symmetric block ciphers endorsed by the US government through NIST. Shares the same block modes that DES uses and also includes other modes such as XEX-based Tweaked CodeBook (TCB) mode - Solution AES Also known as public key cryptography, this method uses two keys: a public key and a private key. - Solution Asymmetric key cryptography Uses the RSA algorithm, an asymmetric algorithm, to secure web and email traffic - Solution Secure Sockets Layer (SSL) protocol

3.If you are not protecting it (i.e. the information), THE DRAGON WINS! - Solution 1.If you don't know the threat, how do you know what to protect? 2.If you don't know what to protect, how do you know you are protecting it? 3.If you are not protecting it (i.e. the information), THE DRAGON WINS! During what phase of the operations security process do we match threats and vulnerabilities? T A.Assessment of risks B.Analysis of vulnerabilities C.Analysis of threats D.Identification of critical information E.Application of countermeasures - Solution A.Assessment of risks Haas' second law of operations security, "If you don't know what to protect, how do you know you are protecting it?," maps to what step in the operations security process? A.Analysis of threats B.Analysis of vulnerabilities C.Assessment of risks D.Application of countermeasures E.Identification of critical information - Solution E.Identification of critical information You are leaving for an extended vacation and want to take steps to protect your home. You set a timer to turn lights and the TV on and off at various times throughout the day, suspend the mail delivery, and arrange for a neighbor to come in and water the plants. What step in the operations security process do these actions demonstrate? This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A.Identification of critical information B.Analysis of threats C.Analysis of vulnerabilities D.Assessment of risks

E.Application of countermeasures - Solution E.Application of countermeasures The process of intelligence gathering and analysis to support business decisions is known as _______. A.Competitive intelligence B.Competitive business C.Business intelligence D.Business competition E.Counter intelligence - Solution A.Competitive intelligence The study that was conducted to discover the cause of the information leak during the Vietnam War was codenamed ________ and is now considered a symbol of OPSEC. A.Sun Tzu B.Vietnam Viper C.The Art of War D.Purple Dragon - Solution D.Purple Dragon The process of intelligence gathering and analysis in order to support business decisions - Solution Competitive intelligence Name the five steps of the operations security process 1.Identification of critical information 2.Analysis of threats 3.Analysis of vulnerabilities 4.Assessment of risks 5.Application of countermeasures - Solution 1.Identification of critical information 2.Analysis of threats 3.Analysis of vulnerabilities 4.Assessment of risks 5.Application of countermeasures Haas' Laws of Operations Security: The First Law - Solution If you don't know the threat, how do you know what to protect?

A social engineering technique that uses electronic communications (email, texts, or phone calls) to convince a potential victim to give out sensitive information or perform some action - Solution Phishing A social engineering technique that targets a specific company, organization, or person, and involves knowing specifics about the target to appear valid - Solution Spear phishing A program that seeks to make users aware of the risk they are accepting through their current actions and attempts to change their behavior through targeted efforts - Solution Security Awareness, Training, and Education (SATE) What planning process ensures that critical business functions can continue to operate during an emergency? A.Incident response planning B.Risk management planning C.Operations security planning D.Disaster recovery planning E.Business continuity planning - Solution E.Business continuity planning What planning process ensures that we can respond appropriately during and after a disaster? A.Incident response planning B.Risk management process C.Operations security process D.Disaster recovery planning E.Business continuity planning - Solution D.Disaster recovery planning Your company has an office full of expensive computer equipment to protect. You recommend a variety of approaches, including a security guard stationed at the entrance, a high fence around the property, and key card entry to all nonpublic areas. What security concept are you recommending to protect your company's assets? A.Defense in depth B.Nonrepudiation C.Capability-based security

D.Access control lists E.Principle of least privilege - Solution A.Defense in depth Which of the options below demonstrates all three types of physical security controls: deterrent, detective, and preventive? A.A burglar alarm B.A guard dog C.A locked door D.A warning sign E.An employee policy - Solution B.A guard dog Name three main types of physical controls Deterrent, detective, and preventive - Solution Deterrent, detective, and preventive Hping3: A tool used to test the security of firewalls. - Solution Hping3: A tool used to test the security of firewalls. Kismet: A tool used to detect unauthorized wireless access points. - Solution Kismet: A tool used to detect unauthorized wireless access points. Nmap: A versatile tool able to scan ports, search for hosts on the network, and other operations. - Solution Nmap: A versatile tool able to scan ports, search for hosts on the network, and other operations. Tcpdump: This command-line packet sniffing tool runs on Linux and UNIX operating systems. - Solution Tcpdump: This command-line packet sniffing tool runs on Linux and UNIX operating systems. Wireshark: A graphical interface protocol analyzer capable of filtering, sorting, and analyzing both wired and wireless network traffic. - Solution Wireshark: A graphical interface protocol analyzer capable of filtering, sorting, and analyzing both wired and wireless network traffic. _____________ is a sniffer that specializes in detecting wireless devices. A.Hping

This method of security involves a well-configured and patched network, and incorporating elements such as network segmentation, choke points, and redundancy - Solution Security in network design The act of dividing a network into multiple smaller networks, each acting as its own small network (subnet) - Solution Network segmentation Certain points in the network, such as routers, firewalls, or proxies, where we can inspect, filter, and control network traffic - Solution Choke points A firewall technology that inspects the contents of each packet in network traffic individually and makes a gross determination (based on source and destination IP address, port number, and the protocol being used) of whether the traffic should be allowed to pass - Solution Packet filtering A firewall technology that functions on the same general principle as packet filtering firewalls, but is able to keep track of the traffic at a granular level. Has the ability to watch the traffic over a given connection - Solution Stateful packet inspection A firewall technology that can analyze the actual content of the traffic that is flowing through - Solution Deep packet inspection A specialized type of firewall that can serve as a choke point, log traffic for later inspection, and provide a layer of security for the devices behind it - Solution Proxy server A combination of a network design feature and a protective device such as a firewall; often used for systems that need to be exposed to external networks but are connected to our network (such as a web server) - Solution Demilitarized Zone (DMZ) A system that monitors the network to which it is connected for unauthorized activity - Solution Network intrusion detection system (NIDS) An intrusion detection system that maintains a database of signatures that might signal a particular type of attack and compares incoming traffic to those signatures - Solution Signature-based IDS

An intrusion detection system that takes a baseline of normal network traffic and activity and measures current traffic against this baseline to detect unusual events - Solution Anomaly-based IDS A phrase that refers to an organization's strategy and policies regarding the use of personal vs. corporate devices - Solution Bring your own device (BYOD A well-known Linux tool used to detect wireless access points - Solution Kismet A Windows tool used to detect wireless access points - Solution NetStumbler A well-known port scanner that can also search for hosts on a network, identify the operating systems those hosts are running, and detect the versions of the services running on any open ports - Solution Nmap Also known as a network or protocol analyzer, this type of tool can intercept traffic on a network - Solution Packet sniffer A fully featured sniffer that is also a great tool for troubleshooting traffic; this well-known tool is used by many network operations and security teams - Solution Wireshark A type of tool that deliberately displays vulnerabilities or attractive data so it can detect, monitor, and sometimes tamper with the activities of an attacker

  • Solution Honeypot A tool that can map the network topology and help locate firewall vulnerabilities - Solution Hping There are six main ways in which we can decrease our attack surface, as listed here and shown in Figure 11.1: 1.Removing unnecessary software 2.Removing or turning off unessential services 3.Making alterations to common accounts 4.Applying the principle of least privilege 5.Applying software updates in a timely manner

D.Risk area E.Avenue field - Solution A.Attack surface Small bits of software that take advantage of flaws in other software or applications to cause them to behave in ways that were not intended by their creators are called _____ A.Intruders B.Scanners C.Vulnerabilities D.Fuzzers E.Exploits - Solution E.Exploits The process of reducing the number of available avenues through which our operating system might be attacked - Solution Operating system hardening The total of the areas through which our operating system might be attacked - Solution Attack surface Name the six main hardening categories

  1. Removing unnecessary software
  2. Removing or turning off unessential services
  3. Making alterations to common accounts
  4. Applying the principle of least privilege
  5. Applying software updates in a timely manner
  6. Making use of logging and auditing functions - Solution 1. Removing unnecessary software
  7. Removing or turning off unessential services
  8. Making alterations to common accounts
  9. Applying the principle of least privilege
  10. Applying software updates in a timely manner
  11. Making use of logging and auditing functions A principle that states we should only allow a party the absolute minimum permission needed for it to carry out its function - Solution The principle of least privilege A particularly complex and impactful item of malware that targeted the Supervisory Control and Data Acquisition (SCADA) systems that run

various industrial processes; this piece of malware raised the bar for malware from largely being a virtual-based attack to actually being physically destructive - Solution Stuxnet A type of tool that uses signature matching or anomaly detection (heuristics) to detect malware threats, either in real-time or by performing scans of files and processes - Solution Anti-malware tool The process of anomaly detection used by anti-malware tools to detect malware without signatures - Solution Heuristics A hardware- and software-based technology that prevents certain portions of the memory used by the operating system and applications from being used to execute code - Solution Executable space protection A security method that involves shifting the contents of memory around to make tampering difficult - Solution Address space layout randomization (ASLR) This type of firewall generally contains a subset of the features on a large firewall appliance but is often capable of similar packet filtering and stateful packet inspection activities - Solution Software firewall A system used to analyze the activities on or directed at the network interface of a particular host - Solution Host intrusion detection system (HIDS) A type of tool that can detect various security flaws when examining hosts - Solution Scanner A well-known vulnerability assessment tool (it also includes a port scanner)

  • Solution Nessus A group of tools that can include network mapping tools, sniffers, and exploits - Solution Exploit framework Name three examples of exploit frameworks Metasploit, Immunity CANVAS, Core Impact - Solution Metasploit, Immunity CANVAS, Core Impact