CS 3113 - Final Review || with Certified Answers.
With the attention that computer security is receiving in the media today, as a result of the
numerous security breaches we can read about, preventing, detecting, and prosecuting computer
crime has become easier. correct answers False
An individual who blocks the traffic from an authorized user to a system they are authorized to
access is conducting which of the following threat types? correct answers Interruption
An individual who simply "listens" to the traffic that is being sent by an authorized user between
systems is an example of which of the following threat types? correct answers Interception
Which of the following is the name for a program that holds a computer "hostage" while
demanding a ransom? correct answers Ransomware
Which of the following describes the "CIA Triad"? correct answers Confidentiality, integrity,
Availability
Which level of threat includes disgruntled employees seeking to harm your systems? correct
answers Unstructured Threats
Which of the following best describes the changes (if any) that have occurred to the average
intruder knowledge and the attack sophistication over the last few decades? correct answers The
average required intruder knowledge has decreased while the attack sophistication has increased.
What does the term "threat" refer to in computer security? correct answers Any potential threat
that could cause an undesirable outcome - including natural disasters
Which of the following is the name for a program that appears to do one thing (and may indeed
do it) but that hides something else? correct answers Trojan Horse
,Which of the following is the name for a program that reproduces by attaching copies of itself to
other programs and which often carries a malicious "payload"? correct answers Virus
Issues of proprietary software and trade secrets complicate the application of the Open Design
principle. In some cases companies may not want their designs made public, lest their
competitors use them. The principle then requires that the design and implementation be
available to people barred from disclosing it outside of the company. correct answers True
Which disclosure paradigm has as its assumptions that 1) an attacker will learn little or nothing
from disclosure; 2) Disclosure will prompt designers to improve the design of defenses, and 3)
Disclosure will prompt other defenders to take action? correct answers Open Source
What is the name of the method of communication between two computers (arbitrarily named
here client and server) in which information is encoded, and possibly encrypted, into a sequence
of port numbers? Initially, the server presents no open ports to the public and is monitoring all
connection attempts. The client initiates connection attempts to the server by sending SYN
packets to the ports specified in a special sequence. The server offers no response to the client
during this phase, as it "silently" processes the port sequence. When the server decodes a valid
sequence it triggers a server-side process and response. correct answers Port Knocking
What is the name given to a form of host-to-host communication in which information flows
across closed ports. Information may be encoded into a port sequence or a packet-payload. In
general, data are transmitted to closed ports and received by a monitoring daemon which
intercepts the information without sending a receipt to the sender. correct answers Port Knocking
Can all issues with complexity be avoided through the use of one of the secure design principles
identified in class? correct answers No
The number of bugs introduced by a bug fix release may actually exceed the number of bugs
fixed by that release. correct answers True
In cyber security, one of the best ways to protect a computer or network is with a strategy called
defense in depth. This strategy means that there are multiple defenses put in place. If one fails, it
,is likely another will catch the problem. Which method of reducing complexity is this concept
most closely aligned with? correct answers Layering
When viewing a Drone Pilot app, the screen will show "flight instruments" that indicate how fast
the drone is flying and how high it is off the ground. Which method is this an example of?
correct answers Abstraction
While a password should be long and complex so that it will be difficult to break, the password
should be easy for you to remember. One way to do this is to take the first letter of each word
from a song that you know. Which design principle is this most closely aligned with? correct
answers Simplicity
Which of the following was described as one of the main drawback to the waterfall software
development model? correct answers The Waterfall model does not easily accommodate change
after the process is underway. One phase has to be completed before moving onto the next phase.
Which of the following are advantages of an iterative design process? correct answers B,C,D, but
not A
A....It results in the fastest development of software; it is the quickest design process.
B....Having a working system available at all times helps provide assurance that something can
be built.
C....It provides on-going experience with the current technology ground rules and an opportunity
to discover and fix bugs.
D....It is easier to incorporate technology changes that arrive during the system development.
Which design principle states that you should start with a simple, working system that meets
only a modest subset of the requirements, and then evolve the system in small steps to gradually
encompass more and more of the full set of requirements? correct answers Design for Iteration
What is the name given to the software testing technique, which basically consists of finding
implementation bugs using malformed/semi-malformed data injection in an automated fashion?
correct answers Fuzzing
, Rather than deliver the system as a single delivery, the development and delivery is broken down
into increments with each increment delivering part of the required functionality describes which
development model? correct answers Incremental Development
Which NSA security design principle has as a basic tenet that a feature should do "the least
surprising thing"? correct answers Least Astonishment
Users won't specify protections correctly if the specification doesn't make sense to them. This is
known as Psychological Acceptability which is related to the design principle of Simplicity as it
"keeps things simple" . correct answers False
Because cryptography is a highly mathematical subject, companies that market cryptographic
software or use cryptography to protect user data frequently keep their algorithms secret.
Experience has shown that such secrecy adds little if anything to the security of the system.
Worse, it gives an aura of strength that is all too often lacking in the actual implementation of the
system. correct answers True
In which disclosure paradigm may disclosure provide little advantage for the defenders but
potentially have a tremendous benefit for attackers? correct answers Military
Many computers are built with parts that can easily be taken out and replaced with other parts.
This makes it easier to troubleshoot and fix. What is the name for this method of reducing
complexity? correct answers Modularity
"When you log into a computer, it is a good practice to do so as a regular user instead of as an
administrator or super user. A normal user can perform most of the common tasks and does not
need to be an administrator. It also protects a computer from increased harm if there is a virus
present" is a statement of what security principle? correct answers Least Privilege
Availability Management is the management of the uptime of business and technology services.
It is typically focused on designing services for high availability, managing maintenance
activities, and reporting uptime data to customers and internal clients. correct answers True
With the attention that computer security is receiving in the media today, as a result of the
numerous security breaches we can read about, preventing, detecting, and prosecuting computer
crime has become easier. correct answers False
An individual who blocks the traffic from an authorized user to a system they are authorized to
access is conducting which of the following threat types? correct answers Interruption
An individual who simply "listens" to the traffic that is being sent by an authorized user between
systems is an example of which of the following threat types? correct answers Interception
Which of the following is the name for a program that holds a computer "hostage" while
demanding a ransom? correct answers Ransomware
Which of the following describes the "CIA Triad"? correct answers Confidentiality, integrity,
Availability
Which level of threat includes disgruntled employees seeking to harm your systems? correct
answers Unstructured Threats
Which of the following best describes the changes (if any) that have occurred to the average
intruder knowledge and the attack sophistication over the last few decades? correct answers The
average required intruder knowledge has decreased while the attack sophistication has increased.
What does the term "threat" refer to in computer security? correct answers Any potential threat
that could cause an undesirable outcome - including natural disasters
Which of the following is the name for a program that appears to do one thing (and may indeed
do it) but that hides something else? correct answers Trojan Horse
,Which of the following is the name for a program that reproduces by attaching copies of itself to
other programs and which often carries a malicious "payload"? correct answers Virus
Issues of proprietary software and trade secrets complicate the application of the Open Design
principle. In some cases companies may not want their designs made public, lest their
competitors use them. The principle then requires that the design and implementation be
available to people barred from disclosing it outside of the company. correct answers True
Which disclosure paradigm has as its assumptions that 1) an attacker will learn little or nothing
from disclosure; 2) Disclosure will prompt designers to improve the design of defenses, and 3)
Disclosure will prompt other defenders to take action? correct answers Open Source
What is the name of the method of communication between two computers (arbitrarily named
here client and server) in which information is encoded, and possibly encrypted, into a sequence
of port numbers? Initially, the server presents no open ports to the public and is monitoring all
connection attempts. The client initiates connection attempts to the server by sending SYN
packets to the ports specified in a special sequence. The server offers no response to the client
during this phase, as it "silently" processes the port sequence. When the server decodes a valid
sequence it triggers a server-side process and response. correct answers Port Knocking
What is the name given to a form of host-to-host communication in which information flows
across closed ports. Information may be encoded into a port sequence or a packet-payload. In
general, data are transmitted to closed ports and received by a monitoring daemon which
intercepts the information without sending a receipt to the sender. correct answers Port Knocking
Can all issues with complexity be avoided through the use of one of the secure design principles
identified in class? correct answers No
The number of bugs introduced by a bug fix release may actually exceed the number of bugs
fixed by that release. correct answers True
In cyber security, one of the best ways to protect a computer or network is with a strategy called
defense in depth. This strategy means that there are multiple defenses put in place. If one fails, it
,is likely another will catch the problem. Which method of reducing complexity is this concept
most closely aligned with? correct answers Layering
When viewing a Drone Pilot app, the screen will show "flight instruments" that indicate how fast
the drone is flying and how high it is off the ground. Which method is this an example of?
correct answers Abstraction
While a password should be long and complex so that it will be difficult to break, the password
should be easy for you to remember. One way to do this is to take the first letter of each word
from a song that you know. Which design principle is this most closely aligned with? correct
answers Simplicity
Which of the following was described as one of the main drawback to the waterfall software
development model? correct answers The Waterfall model does not easily accommodate change
after the process is underway. One phase has to be completed before moving onto the next phase.
Which of the following are advantages of an iterative design process? correct answers B,C,D, but
not A
A....It results in the fastest development of software; it is the quickest design process.
B....Having a working system available at all times helps provide assurance that something can
be built.
C....It provides on-going experience with the current technology ground rules and an opportunity
to discover and fix bugs.
D....It is easier to incorporate technology changes that arrive during the system development.
Which design principle states that you should start with a simple, working system that meets
only a modest subset of the requirements, and then evolve the system in small steps to gradually
encompass more and more of the full set of requirements? correct answers Design for Iteration
What is the name given to the software testing technique, which basically consists of finding
implementation bugs using malformed/semi-malformed data injection in an automated fashion?
correct answers Fuzzing
, Rather than deliver the system as a single delivery, the development and delivery is broken down
into increments with each increment delivering part of the required functionality describes which
development model? correct answers Incremental Development
Which NSA security design principle has as a basic tenet that a feature should do "the least
surprising thing"? correct answers Least Astonishment
Users won't specify protections correctly if the specification doesn't make sense to them. This is
known as Psychological Acceptability which is related to the design principle of Simplicity as it
"keeps things simple" . correct answers False
Because cryptography is a highly mathematical subject, companies that market cryptographic
software or use cryptography to protect user data frequently keep their algorithms secret.
Experience has shown that such secrecy adds little if anything to the security of the system.
Worse, it gives an aura of strength that is all too often lacking in the actual implementation of the
system. correct answers True
In which disclosure paradigm may disclosure provide little advantage for the defenders but
potentially have a tremendous benefit for attackers? correct answers Military
Many computers are built with parts that can easily be taken out and replaced with other parts.
This makes it easier to troubleshoot and fix. What is the name for this method of reducing
complexity? correct answers Modularity
"When you log into a computer, it is a good practice to do so as a regular user instead of as an
administrator or super user. A normal user can perform most of the common tasks and does not
need to be an administrator. It also protects a computer from increased harm if there is a virus
present" is a statement of what security principle? correct answers Least Privilege
Availability Management is the management of the uptime of business and technology services.
It is typically focused on designing services for high availability, managing maintenance
activities, and reporting uptime data to customers and internal clients. correct answers True
