User Account

All Pages

Give the answer of muliple choice question

Assignment Help Management Information Sys
Reference no: EM131304413

Foundations of Information Security and Assurance

TRUE/FALSE QUESTIONS:
1. Programmers use trapdoors legitimately to debug and test programs.

2. If the compromised machine uses encrypted communication channels, then just sniffing the network packets on the victim's computer is useless because the appropriate key to decrypt the packets is missing.

3. There is a problem anticipating and testing for all potential types of non-standard inputs that might be exploited by an attacker to subvert a program.

4. Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values.

5. The biggest change of the nature in Windows XP SP2 was to change all anonymous remote procedure call (RPC) access to require authentication.

6. The Zotob worm, which took advantage of a vulnerability in Microsoft Plug and Play (PnP) and which was accessible through RPC, did not affect Windows XP SP2, even the coding bug was there.

7. Key issues from a software security perspective are whether the implemented algorithm correctly solves the specified problem, whether the machine instructions executed correctly represent the high level algorithm specification, and whether the manipulation of data values in variables is valid and meaningful.

8. Packet sniffers are seldom used to retrieve sensitive information like usernames and passwords.

9. Buffer overflows can be found in a wide variety of programs.

10. EFS allows files and directories to be encrypted and decrypted transparently for authorized users. All versions of Windows since Windows 2000 support Encryption File System.

11. A bot propagates itself and activates itself, whereas a worm is initially controlled from some central facility.

12. The correct implementation in the case of an atomic operation is to test separately for the presence of the lockfile and to not always attempt to create it.

13.Kernel space is swapped to hard disk in order to obtain quick access.

14. Performing regular backups of data on a system is a critical control that assists with maintaining the integrity of the system and user data.

15. Backup and archive processes are often linked and managed separately.

16. C's designers placed much more emphasis on space efficiency and performance considerations than on type safety.

17. An effective method for protecting programs against classic stack overflow attacks is to instrument the function entry and exit code to setup and then check its stack frame for any evidence of corruption.

18. From the attacker's perspective, the challenge in cracking a Linux system therefore boils down to gaining root privileges.

19. AppArmor is built on the assumption that the single biggest attack vector on most systems is application vulnerabilities. If the application's behavior is restricted, then the behavior of any attacker who succeeds in exploiting some vulnerability in that application will also be restricted.

20. A very common configuration fault seen with Web and file transfer servers is for all the files supplied by the service to be owned by the same "user" account that the server executes as.

MULTIPLE CHOICE QUESTIONS:

1. Due to a history of abuse against setuid root programs, major Linux distributions no longer ship with unnecessary setuid-root programs. But ______________ for them.

A. system attackers still could not scan B. system attackers still scan
C. system attackers still embed D. None of the above

2. SELinux implements different types of MAC: ________________________.

A. Style Enforcement, and Role Based Access Controls,
B. Multi Level Security, Role Based Access Controls and Type Enforcement,
C. Multi Task Level Security
D. None of the above

3. __________ is malware that encrypts the user's data and demands payment in order to access the key needed to recover the information.

A. Trojan horse B. Ransomware
C. Crimeware D. Polymorphic
E. None of the above
4. ______ are resources that should be used as part of the system security planning process.
A. Texts
B. Online resources
C. Specific system hardening guides
D. All of the above
E. None of the above

5. Versions of Windows based on the Windows 95 code base, including Windows 98, Windows 98 SE, and Windows Me, had ____________, in contrast to the Windows NT code base, on which all current versions of Windows are based.

A. security model B. token model
C. two security models D. None of the above

6. In Linux system, a vulnerability is a specific weakness or security-related bug in an application or operating system. A threat is the combination of a vulnerability, an attacker, and _________________.

A. None of the above B. a weakness vector
C. an attack and vulnerability vector D. an attack vector

7. A runtime technique that can be used is to place ________ between critical regions of memory in a processes address space.
A. guard pages B. library functions
C. shellcodes D. MMUs
E. None of the above
8. _______ defenses involve changes to the memory management of the virtual address space of processes that act to either alter the properties of regions of memory or to make predicting the location of target buffers sufficiently difficult to thwart many types of attacks.
A. Run-time B. Position independent
C. Buffer D. Compile-time
E. None of the above
9. Windows Vista and later changes the default; all user accounts are users and not administrators. This is referred to as ______________

A. User Control Account (UCA.)
B. Tolerance User Account Control (TUAC.)
C. Preventive User Account Control (PUAC.)
D. None of the above
10. The most common variant of injecting malicious script content into pages returned to users by the targeted sites is the _________ vulnerability.
A. PHP file inclusion B. chroot jail
C. atomic bomb D. XSS reflection
E. None of the above
11. _________ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves.

A. Race conditions B. Deadlocks
C. Privileges D. all of the above
E. None of the above

12. Windows Vista and later add two other functions. The first is that the firewall is a ______________ of the rewritten TCP/IP networking stack. Second, the firewall supports optionally blocking outbound.

A. fully integrated component B. 50% integrated component model
C. partially integrated component D. None of the above

13. ______ systems should not run automatic updates because they may possibly introduce instability.
A. Change controlled B. Policy controlled
C. Configuration controlled D. Process controlled
E. None of the above
14. ___________ does its business (covering the tracks of attackers) in kernel space, intercepting system calls pertaining to any user's attempts to view the intruder's resources.

A. A MKLKM rootkit B. A MKLKM sourcekit
C. An LKM rootkit D.None of the above
15. SELinux is a ____________ implementation that doesn't prevent zero-day attacks, but it's specifically designed to contain their effects.

A. mandatory access B. fully access control
C. mandatory access control D. None of the above
16. ________ involve buffers located in the program's global (or static) data area.
A. Heap overflows B. Stack buffer overflows
C. Global Data Area Overflows D. Position overflows

17. In SELinux objects include not only files and directories but also other processes and various system resources in ______________.

A. kernel space only
B. both kernel space and userland
C. remote RAID, USB flash memory and network storage.
D. None of the above


18. __________ will integrate with the operating system of a host computer and monitor program behavior in real time for malicious actions.
A. Fingerprint-based scanners B. Action-blocking scanners
C. Generic decryption technology D. Heuristic scanners
E. None of the above

19. A ___________ is a root-owned program with its setuid bit set; that is, a program that runs as root no matter who executes it.

A. setgid root program B. setsid root program
C. setuid root program D. None of the above

20. A __________ attack is a bot attack on a computer system or network that causes a loss of service to users.
A. spam B. phishing
C. DDoS D. sniff
E. None of the above

Please put your answers in the following table and submit the table to the assignment folder. Do not include the above questions. Your submitted table should be editable saved in a file named as:INFA610_QUIZ2_Firstname_Lastname(e.g. INFA610_QUIZ2_Henry_Tsai).

Reference no: EM131304413

Questions Cloud

Calculate the current capital charge : Calculate the current capital charge, based on existing market value of the firm's debt and equity. Calculate the current Net Operating Profit After-taxes, as well as the Return on Invested Capital, comment on these and distinguish them from the me..
Describe ultimate goal of the product campaign for shampoo : Describe the ultimate goal of the product campaign for the new shampoo. Discuss your methods for achieving this goal. Identify the components of marketing, pricing, and distribution for the campaign.
Plot the stress strain curve by changing the applied forces : An elastoplastic bar is clamped at the left end, and variable loads are applied at the right end, as shown in the table. Plot the stress-strain curve by changing the applied forces by 5 kN increments.
What counterparty risk is involved with forward contracts : What is counterparty risk? What counterparty risk is involved with forward contracts? Why are investors and firms that enter forward contracts willing to accept counterparty risk?
Give the answer of muliple choice question : INFA 610:Give the Answer of Muliple Choice Question.Due to a history of abuse against setuid root programs, major Linux distributions no longer ship with unnecessary setuid-root programs. But for them.
Create an excel spreadsheet : Create an Excel spreadsheet that George can use as a decision support tool to answer his questions. The spreadsheet should be designed such that George would be able to use the spreadsheet without any additional documentation.
What is a forward transaction : In what sense do speculators earn a profit by absorbing risk? Why would the absence of speculators make it difficult for investors to quickly hedge or sell their positions?
How much truth do you think there is to the give statement : How much truth do you think there is to the statement below? What would prevent Donald Trump from using the power of being the American president to benefit his companies?
Plot stress strain curve by changing the tip displacement : An elastoplastic bar is clamped at the left end, and variable displacements are applied at the right end, as shown in the table. Plot the stress-strain curve by changing the tip displacement by 1 mm increments.

Reviews

Write a Review

Management Information Sys Questions & Answers

  Case for developing strategic information systems

Case for developing Strategic Information Systems - critical in the progression of businesses

  Evaluate of website based on the visibility and affordance

Evaluate of the website based on the visibility and affordance. Does the website optimal balance between the number of pages refreshes and delay between page refreshes? Would your answer change if you were using a different network, or assessing th..

  Accounting information systems

Accounting Information Systems (AIS): database software systems - Discuss the advantage and disadvantages of having an industry-wide standard to which all database software systems conform.

  How do companies use an rfp when sourcing software

What is included in a request for proposal (RFP)? How do companies use an RFP when sourcing software

  Explain how these technologies can bring value to business

Explain why an Internet systems developer might choose one technology over another technology. Explain how these technologies can bring value to the business or organization.

  Barchester city council operates seven car parks in the

Barchester City Council operates seven car parks in the centre of Barchester.  The Council has a requirement for a new system to control its car parks.  This system must provide for the day-to-day operation of each car park-issuing tickets, handling ..

  Implementation methods of information systems

implementation methods of information systems conversionexplain the four implementation methods parallel plunge pilot

  Analyzes the implementation of the system in your plan

Analyzes the implementation of the system in your plan.Examine how this system balanced security and usability, and explain the challenges of incorporating system security and system usability into a design.

  Role of information systems in todays business environment

Understand the role of information systems in today's business environment, Gain an overview of information technology

  Information systems and preparing a report

Information Systems - Preparing a Report - What features do the tools offer that could be beneficial to use in the development of your project?

  Ientify and describe three different types of web

1- when you should test web applications for known vulnerabilities? provide at least two examples using the sdlc

  What is the smallest processing rate per hour

A business school is considering replacing its copy machine with a faster model.- What is the smallest processing rate per hour that can be considered?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd