Question 1

A buffer overflow vulnerability refers to a situation where

Accepted Answer

A)  Files are accepted as input without verifying their specifications 
B)  Input from other users is supplied as output to other users 
C)  A program puts more data into a storage location than it can hold 
D)  User input is used without confirming its validity 
A)  Files are accepted as input without verifying their specifications 
B)  Input from other users is supplied as output to other users 
C)  A program puts more data into a storage location than it can hold 
D)  User input is used without confirming its validity C

Question 2

Relative to physical security, information security is challenging because

Accepted Answer

A)  Assets are largely invisible 
B)  Most assets are easily duplicated 
C)  Both the above 
D)  None of the above 
A)  Assets are largely invisible 
B)  Most assets are easily duplicated 
C)  Both the above 
D)  None of the above C

Question 3

Vulnerabilities in IT systems can be eliminated through secure coding practices

Accepted Answer

A) True 
 B)False  False

Question 4

Malware refers to

Accepted Answer

A)  Programs that propagate through the network without a user's consent 
B)  Unauthorized prevention of access to resources 
C)  Attempting to compromise a user by masquerading as a trustworthy entity in electronic communication 
D)  Code specifically designed to exploit a computer or data, without the user's consent 
A)  Programs that propagate through the network without a user's consent 
B)  Unauthorized prevention of access to resources 
C)  Attempting to compromise a user by masquerading as a trustworthy entity in electronic communication 
D)  Code specifically designed to exploit a computer or data, without the user's consent

Question 5

Denial of service refers to

Accepted Answer

A)  Programs that propagate through the network without a user's consent 
B)  Unauthorized prevention of access to resources 
C)  Attempting to compromise a user by masquerading as a trustworthy entity in electronic communication 
D)  Code specifically designed to exploit a computer or data, without the user's consent 
A)  Programs that propagate through the network without a user's consent 
B)  Unauthorized prevention of access to resources 
C)  Attempting to compromise a user by masquerading as a trustworthy entity in electronic communication 
D)  Code specifically designed to exploit a computer or data, without the user's consent

Question 6

Zombies are

Accepted Answer

A)  Software used to hide the existence of malicious software on computer systems 
B)  Exploits that compromise a previously unknown software vulnerability 
C)  Computers that perform malicious tasks at the direction of a remote controller 
D)  Manipulating people into performing desired actions 
A)  Software used to hide the existence of malicious software on computer systems 
B)  Exploits that compromise a previously unknown software vulnerability 
C)  Computers that perform malicious tasks at the direction of a remote controller 
D)  Manipulating people into performing desired actions

Question 7

Assets are

Accepted Answer

A)  Resources or information that is to be protected 
B)  Safeguards used to minimize the impact of threats 
C)  Capabilities, intentions and attack methods of adversaries to cause harm to assets 
D)  Weaknesses in an information system that can lead to a compromise of an asset 
A)  Resources or information that is to be protected 
B)  Safeguards used to minimize the impact of threats 
C)  Capabilities, intentions and attack methods of adversaries to cause harm to assets 
D)  Weaknesses in an information system that can lead to a compromise of an asset

Question 8

The NVD database

Accepted Answer

A)  Describes likely impacts and measures to remove vulnerabilities 
B)  A list of all known viruses 
C)  A list of all known information security firms 
D)  An inventory of known software vulnerabilities 
A)  Describes likely impacts and measures to remove vulnerabilities 
B)  A list of all known viruses 
C)  A list of all known information security firms 
D)  An inventory of known software vulnerabilities

Question 9

A cross-site scripting vulnerability can occur when

Accepted Answer

A)  Files are accepted as input without verifying their specifications 
B)  Input from other users is supplied as output to other users 
C)  A program puts more data into a storage location than it can hold 
D)  User input is used without confirming its validity 
A)  Files are accepted as input without verifying their specifications 
B)  Input from other users is supplied as output to other users 
C)  A program puts more data into a storage location than it can hold 
D)  User input is used without confirming its validity

Question 10

Physical controls

Accepted Answer

A)  Use non-technical methods of preventing harm 
B)  Are the security measures built into the information system itself 
C)  Perform malicious tasks at the direction of a remote controller 
D)  Manipulate people into performing desired actions 
A)  Use non-technical methods of preventing harm 
B)  Are the security measures built into the information system itself 
C)  Perform malicious tasks at the direction of a remote controller 
D)  Manipulate people into performing desired actions

Question 11

Threats are

Accepted Answer

A)  Safeguards used to minimize the impact of threats 
B)  Capabilities, intentions and attack methods of adversaries to cause harm to assets 
C)  Resource or information that is to be protected 
D)  Weaknesses in an information system that can lead to a compromise of an asset 
A)  Safeguards used to minimize the impact of threats 
B)  Capabilities, intentions and attack methods of adversaries to cause harm to assets 
C)  Resource or information that is to be protected 
D)  Weaknesses in an information system that can lead to a compromise of an asset

Question 12

Controls are

Accepted Answer

A)  Safeguards used to minimize the impact of threats 
B)  Capabilities, intentions and attack methods of adversaries to cause harm to assets 
C)  Resource or information that is to be protected 
D)  Weaknesses in an information system that can lead to a compromise of an asset 
A)  Safeguards used to minimize the impact of threats 
B)  Capabilities, intentions and attack methods of adversaries to cause harm to assets 
C)  Resource or information that is to be protected 
D)  Weaknesses in an information system that can lead to a compromise of an asset

Question 13

Rootkits are

Accepted Answer

A)  Software used to hide the existence of malicious software on computer systems 
B)  Exploits that compromise a previously unknown software vulnerability 
C)  Computers that perform malicious tasks at the direction of a remote controller 
D)  Manipulating people into performing desired actions 
A)  Software used to hide the existence of malicious software on computer systems 
B)  Exploits that compromise a previously unknown software vulnerability 
C)  Computers that perform malicious tasks at the direction of a remote controller 
D)  Manipulating people into performing desired actions

Question 14

Zero-day exploits are

Accepted Answer

A)  Software used to hide the existence of malicious software on computer systems 
B)  Exploits that compromise a previously unknown software vulnerability 
C)  Computers that perform malicious tasks at the direction of a remote controller 
D)  Manipulating people into performing desired actions 
A)  Software used to hide the existence of malicious software on computer systems 
B)  Exploits that compromise a previously unknown software vulnerability 
C)  Computers that perform malicious tasks at the direction of a remote controller 
D)  Manipulating people into performing desired actions

Question 15

As reported in the chapter, recent trends in vulnerabilities and threats indicate that

Accepted Answer

A)  Increasing numbers of new vulnerabilities are being discovered, and the number of attacks is also going up 
B)  Decreasing numbers of new vulnerabilities are being discovered, but the number of attacks is going up 
C)  Decreasing numbers of new vulnerabilities are being discovered, and the number of attacks is also going down 
D)  Increasing numbers of new vulnerabilities are being discovered, but the number of attacks is going down 
A)  Increasing numbers of new vulnerabilities are being discovered, and the number of attacks is also going up 
B)  Decreasing numbers of new vulnerabilities are being discovered, but the number of attacks is going up 
C)  Decreasing numbers of new vulnerabilities are being discovered, and the number of attacks is also going down 
D)  Increasing numbers of new vulnerabilities are being discovered, but the number of attacks is going down

Question 16

Vulnerabilities are

Accepted Answer

A)  Safeguards used to minimize the impact of threats 
B)  Capabilities, intentions and attack methods of adversaries to cause harm to assets 
C)  Resource or information that is to be protected 
D)  Weaknesses in an information system that can lead to a compromise of an asset 
A)  Safeguards used to minimize the impact of threats 
B)  Capabilities, intentions and attack methods of adversaries to cause harm to assets 
C)  Resource or information that is to be protected 
D)  Weaknesses in an information system that can lead to a compromise of an asset

Question 17

A lack of input validation vulnerability refers to a situation where

Accepted Answer

A)  Files are accepted as input without verifying their specifications 
B)  Input from other users is supplied as output to other users 
C)  A program puts more data into a storage location than it can hold 
D)  User input is used without confirming its validity 
A)  Files are accepted as input without verifying their specifications 
B)  Input from other users is supplied as output to other users 
C)  A program puts more data into a storage location than it can hold 
D)  User input is used without confirming its validity

Question 18

Phishing refers to

Accepted Answer

A)  Programs that propagate through the network without a user's consent 
B)  Unauthorized prevention of access to resources 
C)  Attempting to compromise a user by masquerading as a trustworthy entity in electronic communication 
D)  Code specifically designed to exploit a computer or data, without the user's consent 
A)  Programs that propagate through the network without a user's consent 
B)  Unauthorized prevention of access to resources 
C)  Attempting to compromise a user by masquerading as a trustworthy entity in electronic communication 
D)  Code specifically designed to exploit a computer or data, without the user's consent

Question 19

A SQL injection vulnerability is an example of a

Accepted Answer

A)  Unrestricted uploads vulnerability 
B)  Cross-site scripting vulnerability 
C)  Buffer overflow vulnerability 
D)  Lack of input validation vulnerability 
A)  Unrestricted uploads vulnerability 
B)  Cross-site scripting vulnerability 
C)  Buffer overflow vulnerability 
D)  Lack of input validation vulnerability

Question 20

Zeus and Spyeye are examples of

Accepted Answer

A)  Viruses 
B)  Vulnerabilities 
C)  IDEs to create new attacks 
D)  Systems to defend against attacks 
A)  Viruses 
B)  Vulnerabilities 
C)  IDEs to create new attacks 
D)  Systems to defend against attacks

A buffer overflow vulnerability refers to a situation where

Relative to physical security, information security is challenging because

Vulnerabilities in IT systems can be eliminated through secure coding practices

Malware refers to

Denial of service refers to

Zombies are

Assets are

The NVD database

A cross-site scripting vulnerability can occur when

Physical controls

Threats are

Controls are

Rootkits are

Zero-day exploits are

As reported in the chapter, recent trends in vulnerabilities and threats indicate that

Vulnerabilities are

A lack of input validation vulnerability refers to a situation where

Phishing refers to

A SQL injection vulnerability is an example of a

Zeus and Spyeye are examples of

Introduction

System Administration

System Administration 2

Asset Identification and Characterization

Threats and Vulnerabilities

Encryption Controls

Identity and Access Management

Hardware and Software Controls

Shell Scripting

Incident Handling

Incident Analysis

Policies, Standards and Guidelines

It Risk Analysis and Risk Management

Filters

Exam 4: Basic Information Security Model

A buffer overflow vulnerability refers to a situation where

Relative to physical security, information security is challenging because

Vulnerabilities in IT systems can be eliminated through secure coding practices

Malware refers to

Denial of service refers to

Zombies are

Assets are

The NVD database

A cross-site scripting vulnerability can occur when

Physical controls

Threats are

Controls are

Rootkits are

Zero-day exploits are

As reported in the chapter, recent trends in vulnerabilities and threats indicate that

Vulnerabilities are

A lack of input validation vulnerability refers to a situation where

Phishing refers to

A SQL injection vulnerability is an example of a

Zeus and Spyeye are examples of

Introduction

System Administration

System Administration 2

Asset Identification and Characterization

Threats and Vulnerabilities

Encryption Controls

Identity and Access Management

Hardware and Software Controls

Shell Scripting

Incident Handling

Incident Analysis

Policies, Standards and Guidelines

It Risk Analysis and Risk Management

Filters