CIS 2337 MIDTERM EXAM
QUESTIONS AND VERIFIED
ANSWERS
What is not in the 3 major security properties?
Integrity
Confidentiality
Availability
Classification
Classification
Fill in the blank. _______ time must exceed Detection time + Response time
Integrity
Conditional
Protection
Available
Protection
What is security vulnerability?
Psychological acceptability
Specific error to be exploited in the attack
Factors opening the system to vulnerability
,information assurance strategy that provides multiple, redundant defensive
measures
Specific error to be exploited in the attack
What is Fortress model?
Most up to date security model
Variant of time-based model
Keep bad out, allow only good (prevention)
Prevention + Detection + Response
Keep bad out, allow only good (prevention)
Historically, computer security is getting focused more on information
True
False
True
Information assurance is bad security practice
True
False
False
What is social engineering?
the process of convincing an authorized individual to provide confidential
information or access to an unauthorized individual
Process of cryptography
Process of telling people what to do
, Model regarding read up, write down
the process of convincing an authorized individual to provide confidential information
or access to an unauthorized individual
Which statement describes why social engineering is successful?
People tend to forego personal egos to better an organization.
People have a basic desire to withhold information for personal gain.
People have a basic desire to be helpful.
People with a higher status may be coerced into providing information to
those of lower status.
People have a basic desire to be helpful.
Which term describes a type of phishing where individuals who are high up in
an organization such as the corporate officers are targeted?
Whaling
Pharming
DNS poisoning
Vishing
Whaling
Which term is a variation of phishing that uses voice communication
technology to obtain the information the attacker is seeking?
Whaling
Pharming
DNS poisoning
QUESTIONS AND VERIFIED
ANSWERS
What is not in the 3 major security properties?
Integrity
Confidentiality
Availability
Classification
Classification
Fill in the blank. _______ time must exceed Detection time + Response time
Integrity
Conditional
Protection
Available
Protection
What is security vulnerability?
Psychological acceptability
Specific error to be exploited in the attack
Factors opening the system to vulnerability
,information assurance strategy that provides multiple, redundant defensive
measures
Specific error to be exploited in the attack
What is Fortress model?
Most up to date security model
Variant of time-based model
Keep bad out, allow only good (prevention)
Prevention + Detection + Response
Keep bad out, allow only good (prevention)
Historically, computer security is getting focused more on information
True
False
True
Information assurance is bad security practice
True
False
False
What is social engineering?
the process of convincing an authorized individual to provide confidential
information or access to an unauthorized individual
Process of cryptography
Process of telling people what to do
, Model regarding read up, write down
the process of convincing an authorized individual to provide confidential information
or access to an unauthorized individual
Which statement describes why social engineering is successful?
People tend to forego personal egos to better an organization.
People have a basic desire to withhold information for personal gain.
People have a basic desire to be helpful.
People with a higher status may be coerced into providing information to
those of lower status.
People have a basic desire to be helpful.
Which term describes a type of phishing where individuals who are high up in
an organization such as the corporate officers are targeted?
Whaling
Pharming
DNS poisoning
Vishing
Whaling
Which term is a variation of phishing that uses voice communication
technology to obtain the information the attacker is seeking?
Whaling
Pharming
DNS poisoning
