CIS 377 Final FA 23

docx

School

Community College of Baltimore County *

*We aren’t endorsed by this school

Course

377

Subject

Computer Science

Date

Jan 9, 2024

Type

docx

Pages

16

Uploaded by ElderRiverKomodoDragon20

Report
CIS 377 Final Exam Answer all questions QUESTION 1 What are users often instructed to do as part of a watering hole attack? Create a deliverable payload to launch the attack once it has reached the target machine Disable their firewall to allow traffic to and from a website Enter their computer login credentials to access a website Update or install a plugin to access a website 1 points QUESTION 2 What is the main objective of the Installation phase of the cyber kill chain? Install code to gain access to a target computer or system Install software which removes all traces of the attack ever taking place Install a ‘backdoor’ to maintain access to a compromised system Install destructive code to maximise the damage to the compromised system 1 points QUESTION 3 A weakness in the design, implementation, operation or internal controls in a process that could be exploited to violate the system security is a(n): exploit threat backdoor vulnerability 1 points QUESTION 4 Anything capable of acting against an asset in a manner that can cause harm is a(n): backdoor threat exploit vulnerability 1 points QUESTION 5 A(n) ___________ is an attack on a computer system: Classification: Internal Classified as Confidential
threat backdoor vulnerability exploit 1 points QUESTION 6 Vulnerabilities can be found in software, hardware, or a network. True False 1 points QUESTION 7 Which of the following terms best describes the assurance that data has not been changed unintentionally due to an accident or malice? availabiity integrity possession/control utility 1 points QUESTION 8 Suppose you are making an online purchase and want to pay for it with your credit card. What is the best way to preserve confidentiality of your credit card information? Call the merchant and provide credit card information over the phone. Since the online connection is secured with SSL or TLS, you enter the credit card information from your laptop. Text your credit card information to the merchant. Email your credit card information to the merchant. 1 points QUESTION 9 Which aspect of the CIA triad is most important for the power grid? confidentiality integrity Classification: Internal Classified as Confidential
availability all are equally important 1 points QUESTION 10 Which aspect of the CIA triad is most important for the patient health data? confidentiality integrity availability all are equally important 1 points QUESTION 11 Given the following statement: Adding functionality without regard for proper integration into the security solution increases complexity and the risk of misconfiguration. Which security principle does this invoke? Defense in Depth Think like and adversary Keep it Simple CIA Triad 1 points QUESTION 12 An ethical hacker is an example of: White Hat Hacker Black Hat Hacker Grey Hat Hacker Hacktivist 1 points QUESTION 13 Grey hat hacking is legal. True False 1 points Classification: Internal Classified as Confidential
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
QUESTION 14 The _______________________ law protects PHI. DPPA CFAA HIPAA FCRA 1 points QUESTION 15 Examples of PII include: Medical Information Social Security numbers Biometric information all of the above 1 points QUESTION 16 Which of the following countries pose the greatest cyber threat to the United States? Russia, China, Cuba, and North Korea Russia, China, Iran, and North Korea Russia, China, Iran, and South Korea Russia, China, Iraq, and Iran 1 points QUESTION 17 Eric Snowden is an example of: an insider threat a Hacktivist an APT a social engineer 1 points QUESTION 18 With today's advanced technology, APT's are no longer possible, as a company will immediately detect if an unauthorized user has gained access to its systems. True False 1 points QUESTION 19 Classification: Internal Classified as Confidential
_____________ are implemented to carry out distributed DDoS attacks, steal data, send spam messages & permits the hacker to access various devices & its connection. Trojan Botnet Worm Virus 1 points QUESTION 20 A ____________ is software used by a hacker to gain constant administrator-level access to a computer or network. logic bomb keylogger rootkit botnet 1 points QUESTION 21 _________ are the special type of programs used for recording and tracking user’s keystroke. keylogger Trojans worm virus 1 points QUESTION 22 The primary difference between a virus and worm is that a virus operates independently and a worm depends on a host program to spread itself. True False 1 points QUESTION 23 ________________ is software which infiltrates user’s system, spy on user’s activities, stealing internet usage data & sensitive information of that user. ransomware freeware shareware spyware Classification: Internal Classified as Confidential
1 points QUESTION 24 Ransomware attacks are increasing and many companies fail to report them. True False 1 points QUESTION 25 The intent of a ______________ is to overkill the targeted server’s bandwidth and other resources of the target website. Phishing attack DoS attack MiTM attack Website attack 1 points QUESTION 26 A DoS attack coming from a large number of IP addresses, making it hard to manually filter or crash the traffic from such sources is known as a _____________ DDoS attack GoS attack DDoS attack PDoS attack 1 points QUESTION 27 Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late. True False 1 points QUESTION 28 A SYN flood is a form of a _____________ attack. MitM Drive by Download DOS Sniffing Classification: Internal Classified as Confidential
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
1 points QUESTION 29 _____________ are programs or devices that capture the vital information from the target network or particular network. Wireless- crackers Trappers Sniffers Routers 1 points QUESTION 30 Which of the following is not an objective of sniffing for hackers? Types of files transferred Geographic location of a user Types of file transferred Content of email message 1 points QUESTION 31 ___________________ is an attack where the emails are exclusively designed to target any exact user. Vishing Domain Phishing Spear phishing Algo-based phishing 1 points QUESTION 32 ________________ is a fraudulent practice in which a legitimate website's traffic is manipulated to direct users to fake lookalikes that will either install malicious software on visitors' computers, or harvest users' personal data, such as passwords or financial details. Vishing Whaling Pharming Watering hole 1 points QUESTION 33 Which of the following is NOT true about credential harvesting: Credential harvesting is on the decline. Classification: Internal Classified as Confidential
Credential harvesting can be used for financial gain. Credential harvesting provides cyber adversaries the "keys to the kingdom." Credential harvesting is often done by phishing and pharming. 1 points QUESTION 34 Which step of the Software Development Lifecycle should security first be considered? Analysis Design Implementatio n Testing 1 points QUESTION 35 Insecure software is a huge industry problem because There is little financial incentive to implement security in software Software products are often rushed to be released. Many software professionals were not trained in security. Security is hard to measure. All are true. 1 points QUESTION 36 Buffer overflow is a well known type of software vulnerability that rarely occurs today. True False 1 points QUESTION 37 A software vulnerability is a bug in the code that can be exploited by a hacker. True False 1 points QUESTION 38 Static analyis: Classification: Internal Classified as Confidential
is performed when a program is running to detect coding flaws, back doors, and potentially malicious code. is performed when a program is not running to detect coding flaws, back doors, and potentially malicious code. is the same as debugging. is the same as testing. 1 points QUESTION 39 ________________ attacks are used to steal information from databases. XXS SQL injection CSRF Active X 1 points QUESTION 40 A(n) ____________ attack uses malicious code to redirect users to malicious websites, steal cookies or credentials, or deface websites. XSS SQL injection CSRF OWASP 1 points QUESTION 41 three major components of Risk Management are: evaluate threats, rank threats, implement controls Risk identification, risk assessment, and risk control identify vulnerabilites, quantify threat likelihood, select risk stragy Asset identification, select risk risk control strategy, implement and monitor controls 1 points QUESTION 42 Risk identification includes: Identify human assets, identify data assets, and identify hardware assets Identify assets, identify threats, and rank vulnerabilites Identify assets, identify threats, and identify vulnerabilities Identify assets, valuate and prioritize assets, identify and prioritize threats Classification: Internal Classified as Confidential
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
1 points QUESTION 43 Which of the following is not considered a company asset: People Procedures Data Hardware and Software All are considered company assets. 1 points QUESTION 44 Assigning initial value to assets considers all of the the following criteria, except: impact to profitability likelihood of attack expense to replace and protect exposure to liability and reputation 1 points QUESTION 45 In the risk management process, the step following asset identification and valuation is: asset prioritization threat identification threat prioritization vulnerability identification 1 points QUESTION 46 All of the following are threats to information security, except: Theft Software attacks, such as malware Forces of nature, such as hurricanes Human error All are threats to information security. 1 points QUESTION 47 Of the various types of mitigation plans, the ____________________ plan is the most strategic and long-term. Classification: Internal Classified as Confidential
Business Continuity Plan Disaster Recovery Plan Incident Response Plan Risk Recovery Plan 1 points QUESTION 48 Cryptography converts _______________________ to ____________________________. plain text, cypher text English, ASCII plain text, code binary, octal 1 points QUESTION 49 DES is more secure than AES. True False 1 points QUESTION 50 ________________ is the practice of concealing a file, message, image, or video within another file, message, image, or video. Stenography Encyrption PKI DES 1 points QUESTION 51 Hash functions are used to assure: Integrity and authentication Identity and confidentiality Integrity and availabity Identity and availability 1 points QUESTION 52 Classification: Internal Classified as Confidential
Websites using HTTP vs HTTPS are more secure. True False 1 points 1 points QUESTION 53 The authentication methods based on "what you are" include: multi-factor authentication password, PIN biometrics smart card 1 points QUESTION 54 HTTP is a(n) ______________________ layer protocol used to deliver resources in a hypermedia system. application physical data link transport 1 points QUESTION 55 _______ is a computer network administration software utility used to test the rea chability of a host on the network. IPSec Ping ICMP UDP 1 points QUESTION 56 Which of the following is not true about IPSec: It is used in VPNs. It was designed to address drawbacks of IPv4, including being subject to spoofing and eavesdropping. It includes two operation modes, transport and tunnel mode. It requires changes to the existing TCP layer. Classification: Internal Classified as Confidential
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
1 points QUESTION 57 A firewall examines each ____________ that are entering or leaving the internal network. update email user data packet connection 1 points QUESTION 58 A firewall protects which of the following attacks? DoS Phishing Shoulder surfing Dumpster diving 1 points QUESTION 59 Risk assessments should be performed: On a regular basis When a vulnerability is discovered When an asset changes At the start of a program 1 points QUESTION 60 The key difference between laws and ethics is that ethics carry the authority of a governing body and laws do not. True False 1 points QUESTION 61 The difference between a policy and a law is that ignorance of a law is an acceptable defense. True Classification: Internal Classified as Confidential
False 1 points QUESTION 62 The Computer __________ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts. Fraud Theft Violence Usage 1 points QUESTION 63 One form of online vandalism is ____________________ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. hacktivist phreak hackcyber cyberhack 1 points QUESTION 64 The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack brute force backdoor encryption 1 points QUESTION 65 In the context of information security, ____________________ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker. Classification: Internal Classified as Confidential
reverse engineering social engineering spyware pharming 1 points QUESTION 66 Adversarial thinking can help build an effective security strategy. True False 1 points QUESTION 67 The Caesar Cipher is a type of ___________ cipher. shift stream block bitwise 1 points QUESTION 68 The following is NOT true regarding password authentication: Strong passwords are difficult to remember. They are always encrypted. People often reuse the same password. They are less expensive to implement than biometric authentication. 1 points QUESTION 69 The following is an example of multi-factor authentication: Retina and fingerprint scan. Password followed by PIN. Bank withdrawal requiring card and PIN. Password and security question. QUESTION 70 Encrypt the word "BREAK" using the shift cipher with the key of 4. FVIEO Classification: Internal Classified as Confidential
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
QUESTION 71 Describe a defense in depth strategy for securing your home computer. A good defense in depth strategy for securing your home computer would be to have locked doors, security measures that protect the network and systems such as firewalls and antivirus programs. You should also consider monitoring your network for attacks and encrypt data that maybe important to you. Classification: Internal Classified as Confidential

Related Documents

Hart_Assignment 2 (1).docx
Quiz1_Practice_InterestCalc.pdf
CS 305 Module Five Coding Assignment Checksum Verification_Rupert.docx
lab03_section_51.pdf
5-2CertGenerationRupert.docx
CIS 377 Midterm Questions FA23.docx
CIS 377 Midterm Questions FA23 Nittin Raj.docx
HW4 (2).pdf
ihlp-2022-question-paper-solved.pdf
Homework2_Solutions (1).pdf
Homework6_Solution (1).pdf
Homework5_Solution (1).pdf
Recommended textbooks for you
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
A+ Guide To It Technical Support
Computer Science
ISBN:9780357108291
Author:ANDREWS, Jean.
Publisher:Cengage,
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
A+ Guide To It Technical Support
Computer Science
ISBN:9780357108291
Author:ANDREWS, Jean.
Publisher:Cengage,
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS