User Account

All Pages

Give the answer of muliple choice question

Assignment Help Management Information Sys
Reference no: EM131304413

Foundations of Information Security and Assurance

TRUE/FALSE QUESTIONS:
1. Programmers use trapdoors legitimately to debug and test programs.

2. If the compromised machine uses encrypted communication channels, then just sniffing the network packets on the victim's computer is useless because the appropriate key to decrypt the packets is missing.

3. There is a problem anticipating and testing for all potential types of non-standard inputs that might be exploited by an attacker to subvert a program.

4. Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values.

5. The biggest change of the nature in Windows XP SP2 was to change all anonymous remote procedure call (RPC) access to require authentication.

6. The Zotob worm, which took advantage of a vulnerability in Microsoft Plug and Play (PnP) and which was accessible through RPC, did not affect Windows XP SP2, even the coding bug was there.

7. Key issues from a software security perspective are whether the implemented algorithm correctly solves the specified problem, whether the machine instructions executed correctly represent the high level algorithm specification, and whether the manipulation of data values in variables is valid and meaningful.

8. Packet sniffers are seldom used to retrieve sensitive information like usernames and passwords.

9. Buffer overflows can be found in a wide variety of programs.

10. EFS allows files and directories to be encrypted and decrypted transparently for authorized users. All versions of Windows since Windows 2000 support Encryption File System.

11. A bot propagates itself and activates itself, whereas a worm is initially controlled from some central facility.

12. The correct implementation in the case of an atomic operation is to test separately for the presence of the lockfile and to not always attempt to create it.

13.Kernel space is swapped to hard disk in order to obtain quick access.

14. Performing regular backups of data on a system is a critical control that assists with maintaining the integrity of the system and user data.

15. Backup and archive processes are often linked and managed separately.

16. C's designers placed much more emphasis on space efficiency and performance considerations than on type safety.

17. An effective method for protecting programs against classic stack overflow attacks is to instrument the function entry and exit code to setup and then check its stack frame for any evidence of corruption.

18. From the attacker's perspective, the challenge in cracking a Linux system therefore boils down to gaining root privileges.

19. AppArmor is built on the assumption that the single biggest attack vector on most systems is application vulnerabilities. If the application's behavior is restricted, then the behavior of any attacker who succeeds in exploiting some vulnerability in that application will also be restricted.

20. A very common configuration fault seen with Web and file transfer servers is for all the files supplied by the service to be owned by the same "user" account that the server executes as.

MULTIPLE CHOICE QUESTIONS:

1. Due to a history of abuse against setuid root programs, major Linux distributions no longer ship with unnecessary setuid-root programs. But ______________ for them.

A. system attackers still could not scan B. system attackers still scan
C. system attackers still embed D. None of the above

2. SELinux implements different types of MAC: ________________________.

A. Style Enforcement, and Role Based Access Controls,
B. Multi Level Security, Role Based Access Controls and Type Enforcement,
C. Multi Task Level Security
D. None of the above

3. __________ is malware that encrypts the user's data and demands payment in order to access the key needed to recover the information.

A. Trojan horse B. Ransomware
C. Crimeware D. Polymorphic
E. None of the above
4. ______ are resources that should be used as part of the system security planning process.
A. Texts
B. Online resources
C. Specific system hardening guides
D. All of the above
E. None of the above

5. Versions of Windows based on the Windows 95 code base, including Windows 98, Windows 98 SE, and Windows Me, had ____________, in contrast to the Windows NT code base, on which all current versions of Windows are based.

A. security model B. token model
C. two security models D. None of the above

6. In Linux system, a vulnerability is a specific weakness or security-related bug in an application or operating system. A threat is the combination of a vulnerability, an attacker, and _________________.

A. None of the above B. a weakness vector
C. an attack and vulnerability vector D. an attack vector

7. A runtime technique that can be used is to place ________ between critical regions of memory in a processes address space.
A. guard pages B. library functions
C. shellcodes D. MMUs
E. None of the above
8. _______ defenses involve changes to the memory management of the virtual address space of processes that act to either alter the properties of regions of memory or to make predicting the location of target buffers sufficiently difficult to thwart many types of attacks.
A. Run-time B. Position independent
C. Buffer D. Compile-time
E. None of the above
9. Windows Vista and later changes the default; all user accounts are users and not administrators. This is referred to as ______________

A. User Control Account (UCA.)
B. Tolerance User Account Control (TUAC.)
C. Preventive User Account Control (PUAC.)
D. None of the above
10. The most common variant of injecting malicious script content into pages returned to users by the targeted sites is the _________ vulnerability.
A. PHP file inclusion B. chroot jail
C. atomic bomb D. XSS reflection
E. None of the above
11. _________ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves.

A. Race conditions B. Deadlocks
C. Privileges D. all of the above
E. None of the above

12. Windows Vista and later add two other functions. The first is that the firewall is a ______________ of the rewritten TCP/IP networking stack. Second, the firewall supports optionally blocking outbound.

A. fully integrated component B. 50% integrated component model
C. partially integrated component D. None of the above

13. ______ systems should not run automatic updates because they may possibly introduce instability.
A. Change controlled B. Policy controlled
C. Configuration controlled D. Process controlled
E. None of the above
14. ___________ does its business (covering the tracks of attackers) in kernel space, intercepting system calls pertaining to any user's attempts to view the intruder's resources.

A. A MKLKM rootkit B. A MKLKM sourcekit
C. An LKM rootkit D.None of the above
15. SELinux is a ____________ implementation that doesn't prevent zero-day attacks, but it's specifically designed to contain their effects.

A. mandatory access B. fully access control
C. mandatory access control D. None of the above
16. ________ involve buffers located in the program's global (or static) data area.
A. Heap overflows B. Stack buffer overflows
C. Global Data Area Overflows D. Position overflows

17. In SELinux objects include not only files and directories but also other processes and various system resources in ______________.

A. kernel space only
B. both kernel space and userland
C. remote RAID, USB flash memory and network storage.
D. None of the above


18. __________ will integrate with the operating system of a host computer and monitor program behavior in real time for malicious actions.
A. Fingerprint-based scanners B. Action-blocking scanners
C. Generic decryption technology D. Heuristic scanners
E. None of the above

19. A ___________ is a root-owned program with its setuid bit set; that is, a program that runs as root no matter who executes it.

A. setgid root program B. setsid root program
C. setuid root program D. None of the above

20. A __________ attack is a bot attack on a computer system or network that causes a loss of service to users.
A. spam B. phishing
C. DDoS D. sniff
E. None of the above

Please put your answers in the following table and submit the table to the assignment folder. Do not include the above questions. Your submitted table should be editable saved in a file named as:INFA610_QUIZ2_Firstname_Lastname(e.g. INFA610_QUIZ2_Henry_Tsai).

Reference no: EM131304413

Questions Cloud

Calculate the current capital charge : Calculate the current capital charge, based on existing market value of the firm's debt and equity. Calculate the current Net Operating Profit After-taxes, as well as the Return on Invested Capital, comment on these and distinguish them from the me..
Describe ultimate goal of the product campaign for shampoo : Describe the ultimate goal of the product campaign for the new shampoo. Discuss your methods for achieving this goal. Identify the components of marketing, pricing, and distribution for the campaign.
Plot the stress strain curve by changing the applied forces : An elastoplastic bar is clamped at the left end, and variable loads are applied at the right end, as shown in the table. Plot the stress-strain curve by changing the applied forces by 5 kN increments.
What counterparty risk is involved with forward contracts : What is counterparty risk? What counterparty risk is involved with forward contracts? Why are investors and firms that enter forward contracts willing to accept counterparty risk?
Give the answer of muliple choice question : INFA 610:Give the Answer of Muliple Choice Question.Due to a history of abuse against setuid root programs, major Linux distributions no longer ship with unnecessary setuid-root programs. But for them.
Create an excel spreadsheet : Create an Excel spreadsheet that George can use as a decision support tool to answer his questions. The spreadsheet should be designed such that George would be able to use the spreadsheet without any additional documentation.
What is a forward transaction : In what sense do speculators earn a profit by absorbing risk? Why would the absence of speculators make it difficult for investors to quickly hedge or sell their positions?
How much truth do you think there is to the give statement : How much truth do you think there is to the statement below? What would prevent Donald Trump from using the power of being the American president to benefit his companies?
Plot stress strain curve by changing the tip displacement : An elastoplastic bar is clamped at the left end, and variable displacements are applied at the right end, as shown in the table. Plot the stress-strain curve by changing the tip displacement by 1 mm increments.

Reviews

Write a Review

Management Information Sys Questions & Answers

  What are the pros and cons of methods such as single sign-on

What are the pros and cons of methods such as Single Sign-On (SSO). Weigh the user benefits to security risks when considering the remote access methods.

  List and explain the memory constructs of the oracle

List and explain the memory constructs of the Oracle 12c databases. List and explain the background processes that support the 12c database. Explain why container and pluggable databases on a Linux server will use less memory compared to many Oracle ..

  How to manage information systems manager virtually

How to Manage Information Systems Manager Virtually - Explain how a computer and information systems manager could be effectively managed in a virtual environment. It offers tools to function in the virtual environment

  Provide information technology consulting services

You have been assembled to provide Information Technology consulting services to a newly formed fictitious company that is in the automotive accessories industry. (Their primary focus is mostly on dress-up items.) This medium-sized company was for..

  A safe working environment for personnel

Security managers are tasked with providing a safe working environment for personnel. How is that achieved and what are the consequences if a safe working environment is not provided?

  Historic and current impact of computers

Social Impacts of Technology: Historic and current impact of computers - Write about their historic and current impact on the economy

  Identify three innovative ways that corporation could take

Using the corporation you identified in question 9, identify three innovative ways that the corporation could take advantage of the low cost of data communication and storage.

  What is the main thrust of crm systems

What is the main thrust of CRM systems in contributing to operational excellence - Information form CRM systems increases sales revenue by identifying the most profitable customers and segments for focused marketing and cross-selling.

  Convergence for the department

Internet, LAN, extranets fully converge in your department and What would be the benefits of such a convergence for the department?

  Technology role in healthcare

Technology Role in Healthcare - Discussion of network utilization between office and hospital mainframe

  Write an html document to create a form

Write an HTML document to create a form with the following capabilities: A text widget to collect the user's name and Four checkboxes, one each for the following items

  Develop the load profile for the stereo speaker subassembly

Calculate the processing load and available capacity, and develop the load profile for the stereo speaker subassembly. Two employees work the assembly process for 40 hours each.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd