1. It is not possible to spread a virus via an USB stick?
  2. The SYN spoofing attack targets the table of TCP connections on the server
  3. Malicious software aims to...?
    trick users into revealing sensitive personal data
  4. Data integrity assures that information and programs are changed only in a specified and authorized manner
  5. Sometimes referred to as the 'infection vector'
    the infection mechanism is the means by which a virus spreads or propagates
  6. Developed for commercial applications in which conflicts of interest can arise.
    The Chinese Wall Model
  7. When a DoS attack is detected, the first step is to........?
    Identify the attack
  8. To prevent XSS attacks
    attacks any user supplied input should be examined and any dangerous code removed or escaped to block its execution
  9. Security classes are referred to as
    security levels
  10. The most common technique for using an appropriate synchronization mechanism to serialize the accesses to prevent errors
    is to acquire a Lock  on the shared file, ensuring that each process has appropriate access in turn
  11. A regular expression is ??
    a pattern composed of a sequence of characters that describe allowable input variant
  12. Classification creep is when
    • a new document consolidates information from a range of sources and
    • levels so that some of that information is now classified at a higher
    • level than it was originally
  13. A steady reduction in memory available on the heap to the point where it is completely exhausted is known as a
    memory leak
  14. Injection attack is ??
    • Program flaw that occurs when program input data can accidentally or
    • deliberately influence the flow of execution of the program
  15. Defensive programming is sometimes referred to as
    secure programming
  16. A Stack frame is a structure
    where data are usually saved on the stack
  17. Assurance is a process that ensures??
    a system is developed and operated as intended by the system's security policy
  18. A circuit-level gateway sets up two TCP connections
    one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host
  19. DRM are systems and procedures that ensure
    that holders of digital rights are clearly identified and receive stipulated payment for their works
  20. The advantages of the baseline
    • approach are that it doesn't require the expenditure of additional
    • resources in conducting a more formal risk assessment and that the same
    • measures can be replicated over a range of systems
  21. Trademark is?
    • a word, name, symbol or device used in trade with goods to indicate the
    • source of goods and and distinguish these goods from other goods
  22. A network-based IDS does ?
    • monitors network traffic for particular network segments or devices and
    • analyzes network, transport, and application protocols to identify
    • suspicious activity
  23. Risk acceptance is
    choosing to accept a risk level greater than normal for business reasons
  24. Patent grants ??
    property rights to the inventor
  25. Service control determines
    the types of Internet services that can be accessed, inbound or outbound
  26. A Class is
    a collection of requirements that share a common focus or intent
  27. A ciphertext is
    the scrambled message produced as output
  28. A replay attack
    Involves an adversary repeating a previously captured user response
  29. Authorization is
    the granting of a right or permission to a system entity to access a system resource
  30. The most important symmetric algorithms
    all of which are block ciphers, are the DES, triple DES, and the ASE
  31. Cardinality is
    refers to setting a maximum number with respect to roles
  32. A digital signature is
    • created by using a secure hash function to generate a hash value for a
    • message and then encrypting the hash code with a private key
  33. Hand geometry systems
    identify features of the hand, including shape, and lengths and widths of fingers
  34. The user education strategy is
    when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords
  35. The decryption algorithm is
    the encryption algorithm run in reverse
Card Set
Online tests