Exam II Flashcards
(294 cards)
1
Q
Denial of service becomes more possible
- if the service is distributed to many sites that must occasionally synchronize their data.
- if the service can be accessed through several addresses, some of which can be administratively blocked in case of too many requests.
- if the security policy dictates that too many failed attempts to log in lead to a temporary lock-out.
- if the authentication of clients requires a proof-of-effort from them.
A
- if the security policy dictates that too many failed attempts to log in lead to a temporary lock-out.
2
Q
Three of these five: Ping of Death, Ping sweep, Smurf, Spyware and SYN flood, are examples of attacks directly against confidentiality. integrity. authentication. availability.
A
availability.
3
Q
What is an example of a cyber attack?
An insider in a technology firm doing industrial espionage for a foreign company.
A group of script kiddies trying their skills randomly and managing to launch a distributed DoS attack against a government agency.
Using social engineering to inject code to a city’s central water supply system and causing it to crash.
Terrorists causing severe damage to the infrastructure by explosives.
A
Using social engineering to inject code to a city’s central water supply system and causing it to crash.
4
Q
A web cookie is a piece of information stored at the
web server and concerning the browser program.
web server and concerning the browsing person.
browser and concerning the browsing person.
browser and concerning the visits to the server.
A
browser and concerning the visits to the server.
5
Q
There are three models of cloud services, SaaS, IaaS and PaaS, that is, ‘S’, ‘I’ and ‘P’ as a service, where
S=software, I=infrastructure, P=platform
S=security, I=integrity, P=process
S=safety, I=internet, P=premises
S=software, I=infrastructure, P=procedure
A
S=software, I=infrastructure, P=platform
6
Q
Data mining is the opposite of data hiding. an attack against privacy. a method to handle big data. a method of cryptanalysis.
A
a method to handle big data.
7
Q
Advanced persistent threat refers to
a vulnerability that has not been patched.
a threat actor with plentiful resources who has gained unauthorized access to an information system and stays undetected for an extended period of time.
a Trojan horse that applies some novel method to compromise the system where it is residing.
a zero-day vulnerability, which the finder has sold to some party other than the manufacturer or vendor who is responsible for patching it.
A
a threat actor with plentiful resources who has gained unauthorized access to an information system and stays undetected for an extended period of time.
8
Q
When an attacker combines the methods of aggregation and inference against a large collection of data, what is he is most likely attempting to do?
Extracting sensitive information from non-sensitive data items in databases.
Abusing social media.
A known-plaintext attack against encryption.
Password cracking.
A
Extracting sensitive information from non-sensitive data items in databases.
9
Q
What is the term used for attacks where each successful transaction benefits the attacker only very little but the number of transactions is high? email spam phishing salami attack DDoS
A
salami attack
10
Q
In the physical information security the concept of baiting means
blackmailing with something questionable that the victim has done.
stealing a device and requesting ransom for it.
letting the victim find a curiosity-arousing media container.
causing damage to rotating memory disks by perturbing their speed.
A
letting the victim find a curiosity-arousing media container.
11
Q
Alice cannot figure out how her colleague Bob gained unauthorized access to her information system, because Bob has little computer experience. However among the following she can easily rule out all except a covert channel. social engineering. a dictionary attack. shoulder surfing.
A
shoulder surfing.
12
Q
An internet troll is a type of
fake news that is spreading unusually fast.
anonymous communication protocol.
author of disturbing messages.
hacker who is trying to find and sell vulnerabilites to anyone who wants to pay.
A
author of disturbing messages.
13
Q
The concept deepfake is related to steganography. side channels in multimedia. forged video. anonymous commerce on counterfeit products.
A
forged video.
14
Q
Which attack is based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself (e.g. cryptanalysis and software bugs)? Timing information, power consumption, electromagnetic leaks or even sound can provide a means for this. a side-channel attack implicit attack direct-access attack brute-force attack
A
a side-channel attack
15
Q
Meet-in-the-middle is an attack type where
password hashes are broken by optimizing the use of rainbow tables.
a cryptographic algorithm is broken at about a square root of effort by working both from the start and end toward the middle.
the attacker or his process relays modified messages between two unknowing communication parties.
the statistics of the birthday paradox are simultaneously applied to identity theft of many individuals.
A
a cryptographic algorithm is broken at about a square root of effort by working both from the start and end toward the middle.
16
Q
A birthday attack is a way to
make inferences on private personal data from social media posts.
“paradoxically” find a hash collision much faster than an input that gives a particular hash.
boost social engineering, by knowing not only the birthday of the victim but also an approaching birthday of a colleague of the victim.
crack an average person’s passwords faster in case his or her birthday is known.
A
“paradoxically” find a hash collision much faster than an input that gives a particular hash.
17
Q
Rooting
is an attack type where an outside intruder gets administrative rights to an operating system.
is a term referring to methods of overriding the limitations of the OS for installing programs from any sources.
involves alteration of OS access controls on a computer in such a way that all users have administrative rights.
means that an attacker has been able to alter the initial operations that a computer does before the OS starts.
A
is a term referring to methods of overriding the limitations of the OS for installing programs from any sources.
18
Q
A root kit is
a term referring to methods of breaking the limitations of the OS for installing programs from various sources.
is a set of tools for breaking the DRM limitations of multimedia software with respect to viewing, copying and modifying content.
a collection of software tools which - after getting to a computer - allow the attacker to access the machine with root privileges.
the common name for versions of a computer virus that attaches to one of the supervisor or kernel modules.
A
a collection of software tools which - after getting to a computer - allow the attacker to access the machine with root privileges.
19
Q
Which two of these statements are true? (i) Only about one-fifth of computer viruses come from optical disks, memory sticks, and other storage media (ii) Files with .bat and .pif as name extensions can contain malware. (iii) Antivirus software vendors update virus identification databases usually a few times an hour. (iv) A memory-based virus scan program is constantly running and scans the programs before they start.
(ii) & (iv)
(i) & (iv)
(ii) & (iii)
(i) & (iii)
A
(ii) & (iv)
20
Q
Which two of these claims are true? (i) More than a quarter of computer viruses come from optical disks, memory sticks, and other removable media. (ii) Files with .scr and .pif as name extensions can contain malware. (iii) Antivirus software vendors usually have to update virus identification data twice a week. (iv) Heuristic-based antivirus software does not need to be updated as often as software that is based on traditional scanning.
(ii) & (iii)
(ii) & (iv)
(i) & (iii)
(i) & (iv)
A
(ii) & (iv)
21
Q
None of the following is a definition of a buffer overflow, but which one best describes it?
The program counter, i.e. the address of the next instruction to be executed, is moved forward by one, even if it is already in the last instruction of the subroutine.
It is always a security threat because an attacker can use it to cause evil - at least a program crash.
A memory reference made by a program points to another process’s memory area.
A number larger than the array size is used to index the array, and the operating system does not block this reference.
A
A number larger than the array size is used to index the array, and the operating system does not block this reference.
22
Q
Only depending on their context, a sequence of bits in the memory of a computer can mean either data or instructions. This can lead to attacks of type impersonation. injection. buffering. bit rot.
A
injection.
23
Q
A covert channel
is a way of communicating that is hidden from the access control mechanisms.
was originally meant for transmitting inaudible signals between computer peripherals but was deprecated since attackers found a way to abuse it.
refers to a data transfer mechanism that an attacker has enabled between computer processes even if it should have been disabled according to the security policy.
is a performance-optimizing design that allows data flow through a common kernel process serving different users.
A
is a way of communicating that is hidden from the access control mechanisms.
24
Q
Assume that two processes compete for a shared resource. If they cooperate in such a way that the system's security policy is violated, the situation is called a race condition. object reuse. a covert channel. denial of service.
A
a covert channel.
25
```
Assume a web site allows users to input data that other users retrieve later. If those data are not intended to be executed by the retrieving browsers, but this still happens, the input validation has failed to prevent a
cross-site scripting.
cross-site request forgery.
malicious file execution.
database injection.
```
cross-site scripting.
26
Race condition is
a low level vulnerability in program code, usually at the OS kernel level.
the situation where a denial of service has already happened but not to all processes.
a situation where two processes can raise their privilege wrongly to compete for more resources.
a situation where two processes try to access a single resource at the same time and the resulting sequence of accesses may be wrong.
a situation where two processes try to access a single resource at the same time and the resulting sequence of accesses may be wrong.
27
A virus can do nothing if its code is just read but not run. Why then does the MS-Word macro virus start, even if the document containing it is only read from disk to Word?
An infected document contains program code that Word runs after reading the document.
The virus is memory-resident and infects documents when they are opened.
An infected document contains program code which, when read into Word, causes a buffer overflow in Word and ends up being executed after all.
The virus has also infected Word's program code.
An infected document contains program code that Word runs after reading the document.
28
```
Threats to network communications can be summarized in five fundamental cases, one of which is the unauthorized use of a resource over the network. The other four deal with the "fate" of messages. If each of these four cases is seen as a breach of either confidentiality, integrity or availability, then there will be two cases breaching
integrity.
availability.
both confidentiality and availability.
both integrity and confidentiality.
```
integrity.
29
```
On which layer of the TCP/IP stack does routing operate?
Physical layer.
Network layer.
Transport layer.
Data-link layer.
```
Network layer.
30
```
On which layer of the TCP/IP stack does Ethernet (IEEE 802.3) operate?
Physical layer.
Network layer.
Data-link layer.
Transport layer.
```
Data-link layer.
31
```
A wormhole attack happens when two colluding attackers at non-adjacent locations of a (wireless) network have a direct connection and by replaying routing information cause traffic to flow through their link. This gives good opportunity to
money laundering.
cryptanalysis.
seeing confidential data.
stopping the network.
```
seeing confidential data.
32
ARP poisoning
is a result of an attacker sending fake ARP messages within a LAN.
is a result from an attacker randomly changing several MAC addresses of devices in a local network.
halts the operation of a LAN because the addresses in the ARP table point to non-existent MACs.
happens when malware corrupts the program that runs the Address Resolution Protocol.
is a result of an attacker sending fake ARP messages within a LAN.
33
```
Scanning is systematic search for something. Which of the following scans is least useful for finding targets of attack or abuse?
wardialing
portsweep
wardriving
webcrawling
```
webcrawling
34
Which of these properties is true about link encryption? (i) It is recommended for environments with high confidentiality requirements. (ii) It encrypts routing information. (iii) It provides confidentiality for traffic flow.
(ii) and (iii), but not (i)
(i) and (ii), but not (iii)
(i) and (iii), but not (ii)
(i) , (ii) and (iii)
(ii) and (iii), but not (i)
35
```
When a user runs scripts - written by an attacker - on one web page and they cause damage on another page, which the user has open in the browser, what sort of attack is happening?
OWASP
XSS
CSRF
CVE
```
CSRF
36
Besides a physical meaning the concept of access control is defined as "The process of granting or denying specific requests to obtain and use information and related information processing services". What is the significance of the word "specific" here?
It denotes the fact that not all requests are submitted to the granting/denying process.
Without that word the defined scope would be overly large, covering all levels from the OS kernel to the application layer.
Omitting the word would not change the meaning, because all requests of the defined kind are specific in some sense.
It limits the scope of access control to the moment when the request happens - in contrast to the policy level that tells how the granting/denying process should work.
It limits the scope of access control to the moment when the request happens - in contrast to the policy level that tells how the granting/denying process should work.
37
Investigate the claim: As a security goal, Availability, or Usability, means that information or services are stored and accessible sooner or later. It is false because
the term usability should not be used in the same sense as the term availability.
availability requires that the data be accessed within a set time limit.
in terms of security, availability only applies to information and usability only to services.
usability also requires that the data have not changed uncontrollably.
availability requires that the data be accessed within a set time limit.
38
```
Identity is a profound concept in information systems. Count how many of the following operations can be done to it: Identity can be (i) offered as a service, (ii) changed, (iii) confiscated, (iv) stolen, (v) verified (vi) spoofed.
5
3
4
6
```
5
39
Assume Bob worked in an organization until he was terminated. Which of the following is an example of the organization's information systems to fail with the TOCTOU principle (Time of Check/Time of Use)?
Bob causes harm in the information system, and it turns out from the logs that this happened while he was still logged in after his termination.
Bob manages to solicit new sensitive information from the organization by using his old knowledge of the organization to masquerade as a current employee.
Bob gradually damages the file system by a remote-access program he had installed while he was still an employee.
A program destroys files. It turns out that Bob had installed the program while he was still an employee, and its action was triggered when it no more saw Bob logged in within the last month.
Bob causes harm in the information system, and it turns out from the logs that this happened while he was still logged in after his termination.
40
```
The worst enemy of security may be a human being, but what is the second worst - often also called the worst?
multilayerness
single-levelness
the weakest link in the chain
none of these
```
none of these
41
```
An administrator grants access rights to a group of users called "HR" instead of granting rights to each member individually. This is an example of a security mechanism called
layering.
data hiding.
abstraction.
polyinstantiation.
```
abstraction.
42
The over 100 years old principle of Kerckhoffs
concerns the separate nature of an algorithm and its parameters.
is in current parlance known also as the onion (protection) principle.
has been obsoleted by the invention of public key cryptography.
says that locks are for honest people.
concerns the separate nature of an algorithm and its parameters.
43
The security of a mechanism shall not be based on the secrecy of its design or implementation. This is the principle of an open model. Which of the following is an example of complying with this?
A corporate network is defended by a two-tier system in which the structure of the outer and less important part of the network is clearly visible to the attacker and can misdirect him into focusing on it.
The security system is assembled from so simple modules that everyone can be assured of the security of each of them.
All publicly available URLs on a website are linked on a sitemap or other index page, but all non-public URLs require a login.
The single sign-on mechanism that allows the user to access various web services works regardless of the service implementation platform.
All publicly available URLs on a website are linked on a sitemap or other index page, but all non-public URLs require a login.
44
```
Encapsulation is a general protection idea whose applicability ranges from vaults to IPsec's encapsulating security payload (ESP), but which of the following is NOT another example of it?
intrusion detection system
TCP wrapper
sandbox in Java Virtual Machine
a VPN tunnel
```
intrusion detection system
45
```
The ____ describes the rules that need to be implemented to ensure that the security requirements are met in your organization.
security policy
security model
reference monitor
security kernel
```
security policy
46
What does accountability mean in the field of information security?
The users or their departments have to pay for the CPU and network usage, and logs are kept to enable this.
The users or their departments have to pay the costs of resolving security incidents caused by the users.
The user’s actions in the information system are recorded in log files and they are used for evaluation of the user with respect to rewards or sanctions.
The user’s actions are logged and in case of security incidences it will be known whether the user is responsible or not.
The user’s actions are logged and in case of security incidences it will be known whether the user is responsible or not.
47
What kind of identity is a federated identity?
The stolen identity of a victim of identity theft.
The corrected or resumed identity of a victim of identity theft.
An identity that is portable across boundaries of organizations.
The shared identity of a group of individuals acting on a common task.
An identity that is portable across boundaries of organizations.
48
Residual risk is a concept in risk management that
means an approximation of what is left over of risks after their treatment is done.
corresponds to measurement error in exact sciences.
defines those risks that can be safely accepted.
sets the starting point for risk assessment.
means an approximation of what is left over of risks after their treatment is done.
49
In choosing protection mechanisms one must take into account their applicability in different stages of the general security process. Which three stages?
policy making, threat response and remediation.
recovery, correction, and punishment of the perpetrators.
avoidance, intimidation and deterrence.
prevention, detection and response.
prevention, detection and response.
50
What can be considered a basic model of work in information security?
Division to the phases of prevention, detection and response.
Repeated identification of asset values and threats to them, and mitigation of risks in order of priority.
Confidentiality, integrity and availability.
Optimization to find the most economical alternative between good but expensive security measures and losses due to not using them.
Repeated identification of asset values and threats to them, and mitigation of risks in order of priority.
51
For mandatory access control to work the data owner must determine
a sufficient level of consensus among users.
the method of validating users' authorization.
the users' need to know.
the method of verifying users' identities.
the users' need to know.
52
Multilevel security is
an example of defence-in-depth.
a security model where new parts are introduced at lower assurance levels and gradually elevated to higher levels as they are evaluated.
the way how operating systems treat processes of users, running them with more or less restricted rights.
a system that simultaneously processes information at different classification levels and users with different clearance levels.
a system that simultaneously processes information at different classification levels and users with different clearance levels.
53
Role-based access control
is the strictest form of mandatory access control.
is implemented by considering job functions.
can be compromised by role inheritance.
does not depend on what the data owner declares.
is implemented by considering job functions.
54
Role-based access control, RBAC, means
an access control model that bases the access decision on pre-assigned roles of a user in relation to the requested resource.
a method to assign roles to users or revoke them in order to fulfill the security policy.
an access control model that uses such grouping of users and resources where the groups can change on the basis of previous accesses.
a method to allocate roles to users for access to various parts of the organization network.
an access control model that bases the access decision on pre-assigned roles of a user in relation to the requested resource.
55
CERT, Computer Emergency Response Team,
is an international company whose main task is to investigate and trace data breaches in companies.
originated in the United States and has since spread to e.g. Finland.
is a UN agency that also has offices in Finland.
in accordance with the EU directive, has also been made to operate in Finland under FICORA.
originated in the United States and has since spread to e.g. Finland.
56
```
The process of evaluating the security properties of software or a system against a set of security standards or policies is called
accreditation.
verification.
certification.
validation.
```
certification.
57
The idea of information security criteria models (e.g. Common Criteria) is mainly to
assist in the marketing of security products.
facilitate the assessment of information security.
facilitate the installation of security mechanisms.
enable automatic evaluation of products and systems with respect to security.
facilitate the assessment of information security.
58
One of the ISO standards 9126, 15408 and 27001 focuses on evaluation of software quality. The other two focus on information security. (i) Which is about management, and (ii) which provides evaluation criteria for IT products?
(i) 27001, (ii) 15408
(i) 15408, (ii) 27001
(i) 9126, (ii) 27001
(i) 9126, (ii) 15408
(i) 27001, (ii) 15408
59
An X.509 certificate is used to verify
a cryptographic key using a trusted server.
a digital signature by submitting it to a certificate authority.
the ownership of a website that uses TLS.
the binding between an identity and a cryptographic key.
the binding between an identity and a cryptographic key.
60
What is the offline rule for backups?
While making a backup, take your system offline, except for the connection to the backup site.
Only connect your backup to your production systems when making or retrieving the copy.
Transport your backup media physically to storage which is never online.
While making a backup to a local service or media, take your system offline.
Only connect your backup to your production systems when making or retrieving the copy.
61
What is the '3-2-1' rule for backups?
At least 3 copies, on 2 devices, and 1 offsite.
At least 3 generations, 2 copies of each, and 1 offline.
At least 3 copies, on 2 sites, and 1 offline.
At least 3 generations, 2 copies of each, and a new copy once per day.
At least 3 copies, on 2 devices, and 1 offsite.
62
Intrusion detection systems use three types of information as the basis for their analysis. Which of the following is not typically included in this information?
program file checksums
characteristics of previous attacks
knowledge from previous attackers
information about current system configuration
knowledge from previous attackers
63
In the event of a security incidence, one of the primary objectives of the response is to ensure that
the attackers are detected and stopped.
appropriate documentation about the event is maintained as chain of evidence.
there is minimal disruption to the organization's mission.
the affected systems are immeadiately shut off to limit the impact.
there is minimal disruption to the organization's mission.
64
What should owners do to find vulnerabilities in their information systems?
Use intrusion detection techniques.
Provide a parallel version of the system for hackers to examine.
Install a root kit.
Apply automatic attack tools.
Apply automatic attack tools.
65
Business continuity plan together with disaster recovery plan
are a set of plans for preventing disasters.
are the set of adequate preparations and procedures for the continuation of all organization functions.
are a standard set of preparations and procedures for responding to a disaster without the need of being approved.
are a sufficient and priorly approved set of preparations and procedures for responding to a disaster.
are the set of adequate preparations and procedures for the continuation of all organization functions.
66
When dealing with digital evidence, the chain of custody must
never be altered.
be completely reproducible in a court of law
exist in only one location.
be compiled according to a documented process.
be compiled according to a documented process.
67
```
In an organization both disaster recovery and business continuity need a plan, and when information security is concerned the term disaster recovery commonly refers to the recovery of
technology environment.
manufacturing environment.
personnel environments.
organization operations.
```
technology environment.
68
Even if a Finnish company wants to be silent about a breach, it may have obligations to report it to
CERT Coordination Center.
anonymous police reporting service.
Finnish Communications Regulatory Authority.
To the EU Information Security Agency.
Finnish Communications Regulatory Authority.
69
```
Computer forensics can be regarded as a combination of computer science, information technology, engineering and
hacker's mindset.
critical thinking.
the scientific method.
law.
```
law.
70
To ensure proper forensic action when needed, an incident response team must
avoid conflicts of interest by ensuring that the legal council of the organization is not part of the process.
routinely create forensic images of all desktops and servers.
only promote closed incidents to law enforcement.
treat every incident as though it may be a crime.
treat every incident as though it may be a crime.
71
```
GDPR defines the concept of data subject as a person who can be identified by reference to an identifier such as a name, ..., "or to one or more factors specific to the physical, physiological, genetic, ______ , economic, cultural or social identity of that natural person."
gender
medical
mental
ethnic
```
mental
72
Which of the following is furthest from the main role of the company's data protection officer?
management of access rights
processing of consents to collecting data
supervision of log data
implementing physical access control
implementing physical access control
73
There is legislation to promote information security. It is possible to violate it even if you don't do or have not done anything unauthorized actively. Whom can this affect?
The owner of the information when the information is illegal.
An organization that neglects to take care of information security.
A private person on whose computer a bot agent is sending spam.
A government official who intends to disclose confidential material.
An organization that neglects to take care of information security.
74
A digital signature improves the handwritten signature in many ways, but it does not increase
assurance on the signed content not having been altered.
trust on the time when the signature was made.
assurance on the identity of the signer.
the number of people who can get assured of its validity.
trust on the time when the signature was made.
75
A digital signature is not legally valid if it is technically verified, but
a signatory declares that he has done so in error.
a new signature subsequently revokes it.
the signed electronic information has been altered.
the signatory no longer has the instrument he used to make the signature.
the signed electronic information has been altered.
76
The issuer of the Citizen certificate, for instance on the Finnish identity card, must comply with the Certificate Policy,
the details of which are trade secrets.
which is a public document drawn up by the issuer.
which is part of Finnish legislation.
which is not part of the law but is common to all issuers of the Citizen certificates.
which is a public document drawn up by the issuer.
77
Two complementary viewpoints in information security are: (i) people can be protected from information or (ii) information from people. Which among the following is the most common example of (ii)?
Unprotected and unrestricted information would block telecommunication networks.
Information that is freely available elsewhere is not wanted somewhere in the world.
Information may become unreliable if accessed by too many.
One does not want to give access to the information for free.
One does not want to give access to the information for free.
78
Two complementary viewpoints in information security are: (i) people can be protected from information or (ii) information from people. Which among the following is the most common example of (i)?
Unsolicited bulk email is effectively filtered at several stages between the senders and receivers.
Information that is freely available elsewhere is not wanted somewhere in the world.
Information may become harmfully unreliable if modified by too many.
Big web shops like Amazon have effective recommendation mechanisms that filter out most uninteresting items.
Unsolicited bulk email is effectively filtered at several stages between the senders and receivers.
79
None of the following is a comprehensive definition of e-commerce. What is the most comprehensive?
Money is transferred in bits.
Products are digital.
Trading takes place automatically without human interaction.
The trading parties meet mainly in a way other than face to face or through paperwork.
The trading parties meet mainly in a way other than face to face or through paperwork.
80
What is a mule , when used in relation to information security?
Malware, where an exceptionally high proportion of the code is carrying the harmful payload.
A person assisting in money laundering, perhaps without realizing it himself.
The server in ransomware botnets, that is handling the payments.
A person, knowingly or not, carrying an implanted processor that is used for spying through a wireless connection.
A person assisting in money laundering, perhaps without realizing it himself.
81
If the security concerns of publishers of web pages are divided into four categories, which of the following covers them best?
availability of pages, authenticity of pages, protection of copyright, liability.
availability of pages, integrity of pages, getting proper compensation, being able to take care of responsibilities.
page authenticity, page integrity, customer authenticity, liability.
confidentiality of pages, integrity of pages, obtaining appropriate compensation, bearing responsibilities.
availability of pages, integrity of pages, getting proper compensation, being able to take care of responsibilities.
82
What kinds of payment systems are the Finnish Siirto, Swedish Swish and Danish MobilePay?
localized versions of an American system
credit based
insecure unless used within a VPN connection to one's own bank.
working without the payer knowing the payee's account number
working without the payer knowing the payee's account number
83
```
You can have many things filled in automatically or predictively in messages that you write in various systems. In general, what should you be most wary of, when using such filling facilities?
embarrassing words
passwords
obscene smileys or emojis
names of unrelated persons
```
passwords
84
In your new IoT gadget, i.e. in the appliance that joins the Internet of Things, what is the most likely weakness with respect to information security?
A spy module set up by the importer based on regulations of the Finnish authorities.
Default password that you didn't change.
Unfiltered power cord that allows easy side channel attacks.
The connection to a server network that collects not only statistics but personal usage data.
Default password that you didn't change.
85
```
If you want to have a wireless dashboard for your electric sockets and lamp switches at home, you might end up letting outsiders interfere with your appliances. Which connection is the best in this respect?
Wifi
ZigBee
Bluetooth
NFC (Near field communication)
```
ZigBee
86
Imagine a near-future situation where you carry a common neuroimplant that interacts with your consciousness, but is also connected to the outside world by itself. What is the most likely weakness with respect to information security?
An attacker may find a backdoor in the software and start affecting the way you think.
The gadget may fail to improve the quality of your life in the intended way.
If one of its tasks is to ration out medicine, an attacker may cause a DoS to this function by simply overloading the communication channel with traffic.
The connection may leak personal information to false receivers or through security holes in the supporting information system.
The connection may leak personal information to false receivers or through security holes in the supporting information system.
87
A job announcement for professor in Cyber security (Oulu 2020) outlines the research problem area this way: "Traditional thinking in system development may have considered trust as an afterthought: data is processed by various devices and actors in the system, supply chain is long and complicated, _______ and trust and privacy is upheld by either attempting to anonymize the data or applying strong access controls." What belongs to the slot?
regulations are poorly understood
data persist forever
cryptographic protections are frequently broken
customers demand open-access data
data persist forever
88
```
A job announcement for professor in Cyber security (Oulu 2020) outlines the research field in this way: "Traditional thinking in system development may have considered trust as an afterthought: ... ... Opposite thinking would be to focus data collection, keeping data and its processing ____, simplifying and securing each step in processing and expiring collected data as swiftly as possible." What belongs to the slot?
encrypted
public
local
distributed
```
local
89
What does it mean in terms of usability, if one of the goals in the design of a secure system is to make abuse really difficult?
The system will not be optimal with respect to other security goals.
The goal has very little to do with usability.
It is likely that usability for allowed use is not impaired, and good user-experience improves the opportunity for success in the security design.
The system is likely to become unusable.
It is likely that usability for allowed use is not impaired, and good user-experience improves the opportunity for success in the security design.
90
Your browser displays a page and navigates to a new page without using a link on the original page (that is, you enter an address or use a bookmark). In this case, a different server that has the new page does not know which page you came from. What else does the server not know in this case?
Your machine's or proxy's IP address.
The cookie it sent during your previous visit.
Your email address.
Whether your browser can display JPEG images.
Your email address.
91
All of the following are related to ethical hacking, but which one makes it actually ethical?
Agreement with the target.
Adherence to its purpose by the hacker.
Supervision by a representative of the target organization.
Education and skill
Adherence to its purpose by the hacker.
92
You receive an email with an attachment from a person that you know. The email is digitally signed but your email client cannot verify the signature. What is the best course of action?
Determine why the signature cannot be verified before opening the attachment.
Delete the email.
Forward the email to another address with a new signature.
Open the attachment to determine if the signature is valid.
Determine why the signature cannot be verified before opening the attachment.
93
There are several ways, how an attacker can make money from your misspelling a URL. Many kinds of phishing and malware are some ways but which is not a way?
Through a botnet she collects statistics on misspellings of popular sites and their pages, and sells these data to the site owners.
Advertising revenue from ads on the pages with the misspelled URL, owned by the attacker.
The attacker owns the misspelled URL and sells but doesn’t deliver to you something you thought you were buying at the correct URL.
The attacker redirects traffic from his misspelled URL to the correct site through a real affiliate site, and earns a commission for each real purchase. (The correct site pays to its affiliate, who pays to the attacker - or is the attacker.)
Through a botnet she collects statistics on misspellings of popular sites and their pages, and sells these data to the site owners.
94
Assume your cell phone stays strictly in your possession while you face an attacker well versed with 4G/5G technology, who gets to know some data concerning your phone. Which of the following revelations would most easily lead him to be able to make calls on your bill?
The secret shared between your telephone network and your SIM card
Your phone number and IMSI (International Mobile Subscriber Identity)
The key used to encrypt your call.
Your phone number and IMEI (International Mobile Equipment Identity)
The secret shared between your telephone network and your SIM card
95
```
Which of the following has the least to do with ordinary cell phone calls?
key management
antivirus
security policy
authentication
```
antivirus
96
Which of the following applies to 4G and 5G mobile phone systems? Here "the phone is authenticated" means that its SIM / USIM is authenticated.
In 5G, the phone network is authenticated to the phone, but not in 4G.
In both, the phone is authenticated to the phone network.
The phone is authenticated to the phone network in 5G, but not in 4G.
The phone is authenticated in 5G to the receiving 5G phone, but the same does not happen in 4G.
In both, the phone is authenticated to the phone network.
97
Which of the following applies to 4G and 5G mobile phone systems?
The call is encrypted end to end between two 5G phones, while in 4G the call is decrypted and re-encrypted in the exchanges.
The call is encrypted end-to-end between two 5G phones, while in 4G the encryption is only between the device and the base station.
Both 4G and 5G calls have encryption, but neither of them extends from end to end.
The call is encrypted in 5G but not in 4G.
Both 4G and 5G calls have encryption, but neither of them extends from end to end.
98
Which of the following does not apply?
Spyware can be part of an employee's computer installation based on the employment contract.
Restricting browser-run scripts reduces the chances of spyware running.
Only government authorities have the right to find out what someone is doing or has done in the past on their computer.
Spyware that tracks user activity usually uses information sources other than the log files on the user's machine.
Only government authorities have the right to find out what someone is doing or has done in the past on their computer.
99
Assume that according to a company's new security policy, workstations may only handle work matters and all communications (including work-related) and personal use must be handled through computers in a separate room. Then, in accordance with the policy and co-operation procedure, spyware is installed on employees' workstations, which records keyboard and pointing device operations. What is the most likely consequence?
The security of the company will be improved but only if the employees believe that the recorded data will also be monitored.
Employee privacy will be violated if the recorded data is also monitored.
The security of the company is deteriorating as employees continue to take care of personal matters at their work desks using their own equipment.
The extra load greatly reduces the efficiency of the workstation.
The security of the company will be improved but only if the employees believe that the recorded data will also be monitored.
100
Adware has started to mean advertising-supported software and it is very common in smart phones. An earlier meaning to the word adware and a still valid concept is
software that installs itself without the user's knowledge and displays ads while the user browses the Internet.
an invisible element on a web page, revealing user's presence on that page to its home site.
visualization of the source sites of web page elements.
software for augmented awareness, for instance of security threats.
software that installs itself without the user's knowledge and displays ads while the user browses the Internet.
101
Information security policy is a management-approved view of the _______ of information security.
costs, responsibilities and implementation
status, resources and ways of implementation
significance, responsibilities and implementation plan
goals, principles and implementation
goals, principles and implementation
102
The organization's security policy should take a position on
when the next policy update is made.
who decides on the allocation of resources to implement the policy.
how to organize the ownership of the information systems to be secured.
who is responsible for responding to security breaches.
who is responsible for responding to security breaches.
103
What is the relationship between Security Policy and Security Plan? (S. Plan is also called S. Program.)
Policy contains Plan.
Plan contains Policy.
Policy is an annually updated version of Plan.
Policy is made on the basis of Plan.
Plan contains Policy.
104
A large organization can have several security policies (=p.), and a common way to categorize them is:
standards, guidelines, and procedures
compliance p., obligatory p., recommended p.
program p., issue-specific policy, system-specific p.
internet p., data-protection p., acceptable-use p.
program p., issue-specific policy, system-specific p.
105
What is the correct order when building security?
security mechanisms - threat survey - security policy - risk analysis
security policy - threat survey - risk analysis - security mechanisms
threat survey - risk analysis - security policy - security mechanisms
security policy - security mechanisms - threat survey - risk analysis
threat survey - risk analysis - security policy - security mechanisms
106
When outsourcing IT systems,
security services cannot be outsourced with the exception of physical security, like guards.
regulatory and compliance requirements must be passed on to the provider.
the provider can take up ownership of all devices, software and data while the outsourcing organization concentrates on physical production.
security services cannot be outsourced except auditing.
regulatory and compliance requirements must be passed on to the provider.
107
To deserve the attribute "effective" the security management in an enterprise must
achieve full security at the lowest cost.
prioritize security for new products and send prompt answers to questions concerning the security of old products.
reduce risk to an acceptable level.
install software and hardware updates and patches as soon as they become vailable.
reduce risk to an acceptable level.
108
```
The primary security goal of ____ management is to ensure that changes to the hardware, software or networking in the organization's information system do not unintentionally or unknowingly diminish security.
document
policy
user
configuration
```
configuration
109
There are two main types of information system security requirements - in general, but especially according to the Common Criteria standard, namely
functional and assuring.
emphasizing either integrity and availability, or confidentiality and privacy.
related to intentional and unintentional security breaches.
active and passive.
functional and assuring.
110
Which of the following is less useful as a basis when determining the value of an asset during risk analysis?
The asset's price in an external marketplace.
The initial and outgoing costs of purchasing, licensing and supporting the asset.
The asset's importance to the organization's production operations.
The level of insurance required to cover the asset.
The level of insurance required to cover the asset.
111
Organization impact analysis
is just a different term to describe risk analysis.
calculates the probability of disruptions to the organization.
establishes the effect of disruptions on the organization.
is critical to development of a business continuity plan.
establishes the effect of disruptions on the organization.
112
Assume you have been contracted as a security consultant to a growing medium-sized firm, where there is still no full-time security staff. One of your tasks will be business impact analysis. Which of the following should you do before the others?
Evaluate the impact of disruptive events.
Identify all business units within the organization.
Estimate the criticality of business functions.
Determine the objectives for recovery time, i.e. the allowed down-time.
Identify all business units within the organization.
113
The risk analysis as part of an information security process includes identification of what is valuable. Which of the following values is most relevant for this subtask?
The replacement value of its production and office equipment.
Financial assets and liabilities.
Intangible assets.
Investments in maintaining the working capacity of staff.
Intangible assets.
114
Pick the correct combinations of the alternate phrases: An organization will conduct a risk assessment to evaluate (i) threats to its assets, (ii) vulnerabilities {present|possible} in the environment, (iii) the likelihood that a threat will be realized by taking advantage of an {exposure|attack}, (iv) the impact that the {exposure|attack} being realized will have on the organization, (v) countermeasures {available|in use}, (vi) {total|residual} risk.
possible - exposure - exposure - in use - residual
present - exposure - exposure - available - residual
present - exposure - exposure - in use - total
present - attack - attack - available - total
present - exposure - exposure - available - residual
115
When assessing the risks associated with residual data in an information system, it is important to
note that a careless user may replace an existing document with an older version.
first perform overwriting on all seemingly empty space on the storage media.
understand the security requirements any data in the system.
evaluate vulnerabilities found in applications that handle sensitive files.
understand the security requirements any data in the system.
116
What is characteristic of qualitative risk assessment?
Difficulty of implementation unless you are very experienced with the risk assessment process.
Ease of implementation and possibility to complete by personnel that has only limited understanding of the risk assessment process.
Ease of implementation by partly automated and reasonably detailed metrics for calculation of risk.
Possiblity to complete by inexperienced personnel by using laborious but detailed metrics for calculation of risk.
Ease of implementation and possibility to complete by personnel that has only limited understanding of the risk assessment process.
117
```
Escrow is a useful concept in many contexts, but what cannot be escrowed?
money
public key certificates
decryption keys
software source code
```
public key certificates
118
What is meant by threat trees?
A specific biological metaphor for "what-if" -type scenario work in threat assessment.
A specific method of classifying threats and vulnerabilities that progresses and branches through user feedback.
Certain physical threats to information security or public safety.
A certain hierarchical, comprehensive approach to structuring threats.
A certain hierarchical, comprehensive approach to structuring threats.
119
When modelling threats to a system and trying to identify attack vectors, attack trees can be used. Which combination of the following is true for attack trees:
The root of the tree is the
(1) goal of an attack.
(2) first thing the attacker must do to get access.
Branches are attached to a node in the tree when there are different options that
(i) the attacker
(ii) the defender
can choose from in relation to that node.
Branching
(x) can
(y) cannot
involve an AND-condition (=all ANDed options must happen), in addition to OR (=any ORed option suffices).
1-i-x
2-i-x
1-ii-y
2-ii-y
1-i-x
120
When reviewing access rights of a user the security professional must be most aware of
identity management and business continuity management.
the organizational tenure of the user requesting rights.
automated processes which grant users access to resources.
business or organizational processes and access aggregation.
business or organizational processes and access aggregation.
121
Consider an ongoing and important task with information systems that does not require special training. If only one person is in charge of this task and the organization is not at all prepared to the situation where he or she falls sick, the operation of the organization may be severely disrupted. What is the most cost-effective way of getting prepared?
Divide the work for two or more permanent workers who perform other tasks part-time.
Introduce a few other employees as deputies and maintain their expertise.
Recycle tasks from time to time, allowing employees to accumulate skills for multiple tasks.
Accurately document the task and ensure that the person in question keeps the documentation up to date and available.
Accurately document the task and ensure that the person in question keeps the documentation up to date and available.
122
```
The threat of a collusion attack by employees is best mitigated by applying
the principle of least privilege.
data classification.
defined job sensitivity levels.
job rotation.
```
job rotation.
123
Personnel safety does not, by conventional definitions, cover everyone who comes into contact with an organization. Which of the following does it not cover?
A customer in a department store.
A remote worker who does not visit any company premises.
A subcontractor of a company who visits the company.
A plumber making repairs in company premises.
A customer in a department store.
124
```
Which of the following best covers the two sides of personnel security? Care must be taken to ensure that those working in the company
do not (i) through negligence or (ii) intentionally cause damage.
do not (i) suffer from attackers or damages and do not (ii) cause damage themselves.
do not cause (i) data leakage or (ii) compromise of integrity or availability.
do no cause harm while (i) at work or (ii) at other times (including after employment).
```
do not (i) suffer from attackers or damages and do not (ii) cause damage themselves.
125
In an organization security awareness training should include
security objectives that the organization has a legal obligation to comply with.
the high-level outcome of vulnerability assessments.
security roles and responsibilites for staff.
specialized curriculum assignments, coursework and an accredited training institution.
security roles and responsibilites for staff.
126
Besides reducing departmental turf battles, setting clear security roles in an organization has two of the following benefits: It (i) reducing requirements for cross-training (=same task to several) (ii) enables continuous improvement of personnel, (iii) simplifies identity and access management, (iv) establishes personal accountability. Which two?
(ii) and (iv)
(i) and (ii)
(i) and (iii)
(i) and (iv)
(ii) and (iv)
127
By assigning key tasks and responsibilities to different people,
the need for security training is reduced.
the company is no longer dependent on any one person.
there are fewer opportunities for abuse than before.
a social engineering attack by an outsider is no longer possible
there are fewer opportunities for abuse than before.
128
```
Access control can be built in several ways that follow the general principles of one of few AC models. Which listing contains only such models.
MAC, TCP/IP, OSI
ABAC, DAC, RBAC
RBAC, HMAC, CBC-MAC
HVAC, DAC, MAC
```
ABAC, DAC, RBAC
129
Identity management is a set of technologies and processes
ensuring that people in an organization have the appropriate access to technology resources.
focused on the provisioning and decommissioning of user credentials.
aimed both at defending against and recovering from identity theft.
that actually does little more than role-based access control.
ensuring that people in an organization have the appropriate access to technology resources.
130
```
Security information and event management (SIEM) system differs from a log management system mainly in that SIEM can be used for log collection, collation and analysis
also for historical purposes.
in real time.
to discern patterns.
for admissibility in a court.
```
in real time.
131
In the context of PKI certificates the CRL is a list of certificates that
are close to their expiry and need to be renewed before that to stay valid.
have been put in doubt by some relying party and need to be revalidated by the owner to stay valid.
have been revalidated until a new expiry date.
have been revoked and are no more valid.
have been revoked and are no more valid.
132
```
Which of the following is not part of key management in a symmetric cryptosystem ?
setting the key to a revocation list
controlling the purpose of the key usage
forced escrow of the key
backing up / restoring the key
```
setting the key to a revocation list
133
```
Key management is required even if there is no communication relationship between different parties. If a key is used to encrypt the hard drive of an employee's personal computer, then which of the following key management steps is not relevant?
update
distribution
backup
key escrow
```
distribution
134
When a PKI certificate is revoked in an organization the proper procedure is to
set up new key expiry dates.
update the certificate revocation list.
notify all employees of the revoked keys.
remove the private key from all directories.
update the certificate revocation list.
135
By applying her private key, the key holder can establish a connection between the corresponding public key K and her own identity. This connection
is the basis for others to gain trust in who holds the private key corresponding to K.
may have the advantage that others know that the originator of the connection knows the private key corresponding to K.
is necessary to indicate who is in possession of that private key.
allows others to trust claims about who holds K.
may have the advantage that others know that the originator of the connection knows the private key corresponding to K.
136
A public key infrastructure usually has one or more CAs that guarantee that a client's public key K is associated with the identity C of that particular client. Denote by S the private key corresponding to K. The CAs accomplished the key-to-identity binding
by marking both C and K in a public but secure database.
by storing C publicly and S secretly in a secured database, from which the CA, when asked for the validity of K, shall certify it with a signature using S as the key.
with a signature that the CA calculates from C and K using its own private key.
by storing both C and K on a smart card from which they can only be read but not changed - at least without breaking the card and the usability of S.
with a signature that the CA calculates from C and K using its own private key.
137
Which of the following statements is false?
The public key system can extend beyond national borders or it can be limited to a single organization.
Digital signing of certificates is not a necessary part of a public key system.
The public key infrastructure can be built on a single certificate authority.
A certificate chain can also be formed by iterating the following (by different signers of course): create the first certificate by signing just a public key, then make each new one by signing the previous certificate together with its associated identity.
A certificate chain can also be formed by iterating the following (by different signers of course): create the first certificate by signing just a public key, then make each new one by signing the previous certificate together with its associated identity.
138
How are PIN codes and private keys associated with the use of the Finnish electronic identity card?
There are two PINs and one key: if the key is used for signing both codes are needed, otherwise only one.
There are two PINs and each corresponds to a different key, one is for signing and the other for other purposes.
There are three PINs and each corresponds to a different key and usage.
There are three PINs for the three different purposes and two keys, one key for signing and the other key for authentication and decryption.
There are two PINs and each corresponds to a different key, one is for signing and the other for other purposes.
139
Which problem is more difficult to fix than the others in a system where the user must type his or her user id and password?
The user can forget the password.
To reduce the memorizing and typing effort, the user can choose a password that is too easy to guess.
The target system to which the user tells the password may misuse it.
The password can be revealed to outsiders as the user enters it or when it travels to the target system.
To reduce the memorizing and typing effort, the user can choose a password that is too easy to guess.
140
In the early days a password may have been a word that let you pass. In the current days it is usually quite different from a word, but even now something would not be considered a password if it is
a PIN.
a geometric structure that you swipe on your phone to unlock it.
an iris scan of your eye providing you access to a facility.
a character string that would be too complicated to memorize but an application in your gadget does it for you.
an iris scan of your eye providing you access to a facility.
141
The password file salt
changes each time the password is used.
prevents checking the correctness of password guesses.
slows down finding a particular user's password by guessing.
forces the password guesser to work separately for most usernames.
forces the password guesser to work separately for most usernames.
142
If one could be sure that the password file would not fall into the wrong hands,
ordinary users would not be able to change their password.
passwords could be stored in plaintext.
salt bits would still be needed to ensure that no two users have the same password.
passwords would not need to be encrypted during the transfer.
passwords could be stored in plaintext.
143
Storing the users' passwords on a server
in plaintext is neither necessary nor reasonable, because the passwords are already encrypted in the connection requests from users.
is natural to do in a hashed form, because a hash function has already been applied to the passwords in the connection requests from users.
includes so-called salt bits, determined by the location from where the user is connecting.
is usually implemented in hashed form and in such a way that only the login program (or equivalent) can read them.
is usually implemented in hashed form and in such a way that only the login program (or equivalent) can read them.
144
A disadvantage of single-sign-on is
enforcement of consistent time-out across platforms.
the need to manage multiple passwords.
that a compromised credential exposes all authorized resources.
the difficulty of password change control.
that a compromised credential exposes all authorized resources.
145
Which of the following is the correct order for access control?
granting of rights - authentication - identification - separation mechanisms
authentication - identification - separation mechanisms - granting of rights
granting of rights - identification - authentication - separation mechanisms
identification - separation mechanisms - authentication - granting of rights
granting of rights - identification - authentication - separation mechanisms
146
Which of the following is not a natural content for a cell in an access control matrix?
information about the grouping of the subject and the object
denying access
information about several types of access
empty
information about the grouping of the subject and the object
147
```
If the access list of an object is a row in the table presenting the totality of access control, then a column in the table represents the
access types.
capability list of subjects.
identifiers of objects.
identifiers of subjects
```
capability list of subjects.
148
At the core of access control are the mechanisms by which a certain kind of triad can be solved as right or wrong. What kind?
{actor, history of action, continuation of action}
{requester, request, justification of request}
{subject, action, object}
{author, intended action, actual action}
{subject, action, object}
149
Each cell of the access control matrix
has an indication of whether a particular type of access is allowed or not.
may contain information about several types of access.
presents a list of items to which a particular subject has a certain type of access right.
lists the subjects entitled to access a particular object in a particular way.
may contain information about several types of access.
150
Suppose that a certain group structure for subjects and objects has already been created for access control: all entities belong to one or more groups. Which of the following models allows the most access? Subject is allowed to access an object if the
subject belongs to at least one of the groups of the object.
subject belongs to exactly the same groups as the object.
groups of the subject is a subset of the groups of the object.
groups of the object is a subset of the groups of the subject.
subject belongs to at least one of the groups of the object.
151
What does it mean to harden your computer as part of securing your computer network?
A separate network segment with precisely adjusted access lists is formed for each server machine.
Each machine on the network are taken under centralized maintenance and all new security updates are immediately installed on them.
Programs other than those related to the computer's purpose will be uninstalled and a wrapper program will be installed around the remaining ones.
Installing the most restricted and secure configurations and software versions possible.
Installing the most restricted and secure configurations and software versions possible.
152
```
It may happen that malicious software gets started instead of the intended program, or even when no program at all was intended to start. Which of the following has the least to do with this?
filenames
a vulnerability in web server code
failure of the operating system
opening a document file
```
failure of the operating system
153
The home directory should not be in the search path. The reason is that otherwise
log information is also stored in the root directory and usability is reduced.
instead of a utility program, the user may launch a program written by an attacker.
file retrieval always has to go through all subdirectories and availability is reduced.
an eavesdropping attacker can more easily track user activity.
instead of a utility program, the user may launch a program written by an attacker.
154
Prior to a software update in production systems, it is most important that
the production systems are backed up.
the patching process is documented.
an independent third party attests the validity of the patch.
full information is available about the threat that the patch addresses
the production systems are backed up.
155
You should never reply to spam. What is the fundamental reason for this?
Often the purpose of an advertising message is just to cheat customers of money in one way or another.
The purpose of the senders is simply to confirm for later use that the email address is working.
The spammers do not have a real business, at least not what the spam message is about.
All the other claims can be true in many cases, but none of them can be considered fundamental.
All the other claims can be true in many cases, but none of them can be considered fundamental.
156
A web beacon, or web bug, is
malware that is hidden in HTML comments of a web page.
an invisible image loaded within a web page that cannot be associated with the use of cookies.
a web page element that the user is not supposed to notice.
a web cookie that comes from another server than the main content.
a web page element that the user is not supposed to notice.
157
A web bug is
a programming error in the client-side code of a web page.
a vulnerability in the server-side code of a web site.
mobile code that is roaming web sites to gather their update status.
an invisible element on a web page, revealing user’s presence on that page to its home site.
a vulnerability in the server-side code of a web site.
158
```
When sensitive information that once was high in its need of secrecy is no longer so critical, that information is best
destroyed.
sanitized.
released.
re-classified.
```
re-classified.
159
The idea of classifying data is to
structure the data so that it is easier to make automatic decisions about the requirements for access control and other processing.
mark materials in terms of confidentiality, freshness, integrity and availability.
express concisely the requirements for access control and other processing of the files.
structure information so that it is easier for people to make decisions about how to handle its content.
express concisely the requirements for access control and other processing of the files.
160
Security classification of data in terms of both confidentiality and availability
does not make sense because, based on the nature of the data, only one of the security objectives is important.
is natural to do together, i.e. use the same level for both, so that the number of combinations and the processing rules that accompany them remain small.
is possible, but these objectives are in two different dimensions, which means that all combinations of classes are available.
does not make sense unless a classification is also made for integrity.
is possible, but these objectives are in two different dimensions, which means that all combinations of classes are available.
161
```
All of the following have something to do with redundancy. What has the least to do with the sort of redundancy that is used to protect integrity?
metadata, i.e. data about data
hash function computed from data
backup
entropy
```
entropy
162
Sanitization is
a way to use artificial intelligence to prune unreasonable or false content from social media.
removal of sensitive data from a collection of measurements or responses before releasing it.
a general term for actions that an attacker might do when removing traces of the attack.
a way to use artificial intelligence to prune erroneous or intentionally misleading content from survey data.
removal of sensitive data from a collection of measurements or responses before releasing it.
163
To protect the confidentiality of important information, you should sometimes
use a shredder.
save only the hash value instead of the data.
hide material from the public among countless other similar data.
sign the data with your private key.
use a shredder.
164
The avalanche effect appears in cryptography. Is it a (i) desired or (ii) non-desired property in the (x) algorithm level or the (y) implementation level?
(i) + (y)
(i) + (x)
(ii) + (y)
(ii) + (x)
(i) + (x)
165
Cryptographic algorithms have an information-theoretical goal called confusion. How does that manifest itself in practice?
It compresses the ciphertext into a shorter bit string than the original plaintext was.
It scatters plaintext distributions into the entire cryptotext using permutations.
It blurs the relation between cleartext and ciphertext by making substitutions.
It obscures the connection between clear and ciphertext by adding extra so-called "salt bits" to the ciphertext.
It blurs the relation between cleartext and ciphertext by making substitutions.
166
Symmetric key cryptography applies several general principles by doing certain operations on the input data. Pick the alternative where the couplings (principle: operation) are correct .
(difference: substitution), (coherence: replacement)
(collision: exchange), (collusion: substitution)
(exchange: replacement), (randomizing: fuzzing)
(diffusion: transposition), (confusion: substitution)
(diffusion: transposition), (confusion: substitution)
167
Elliptic curve cryptography means
cryptosystems that are based on analog, i.e. non-discrete, computations.
a software approximation to quantum cryptography.
using special algebraic structures to achieve good security with relative short key lengths.
very fast but fault-prone computations that need special hardware.
using special algebraic structures to achieve good security with relative short key lengths.
168
```
Which of the following is not a well-known type of cryptanalytical methods?
physical
linear
incremental
differential
```
incremental
169
What does a cryptanalyst usually do (i.e. when performing cryptanalysis)?
Breaks cryptographic texts or keys.
Examines the use of public keys statistically.
Develops algorithms to be more efficient or stronger.
Compares the strength of various encryption and signing algorithms.
Breaks cryptographic texts or keys.
170
The known-plaintext scenario means that the cracker of a cryptotext
can encrypt the texts he wants with the same key as the text he is trying to crack.
acquires the corresponding plaintext through some other means than analysing the cryptotext.
gets hold of other cryptotexts encrypted with the same key and their corresponding plain texts.
can affect the plaintext from which the text to be broken is made.
gets hold of other cryptotexts encrypted with the same key and their corresponding plain texts.
171
The chosen-plaintext scenario means that the cracker of a cryptotext
acquires the corresponding plaintext through some other means than analysing the cryptotext.
can affect the plaintext from which the text to be broken is made.
gets hold of other cryptotexts encrypted with the same key and their corresponding plain texts.
can encrypt the texts he wants with the same key as the text he is trying to crack.
can encrypt the texts he wants with the same key as the text he is trying to crack.
172
If a cryptanalyst wants to crack a ciphertext, which of the following helps him the most?
A set of other plaintexts and corresponding cryptotexts with the same key.
Other texts encrypted with the same key, the cleartext of which he does not know.
The same plaintext encrypted with a different key he doesn't know.
The same plaintext encrypted with a stronger algorithm, but with the same key.
A set of other plaintexts and corresponding cryptotexts with the same key.
173
What does a cryptanalyst use statistical analysis for?
To determine the distribution of keys selected for a particular algorithm.
To study the prevalence of different cryptographic algorithms and protocols.
For studying the distribution of possible plaintexts related to a specific cryptotext.
To reduce redundancy in cryptographic text.
For studying the distribution of possible plaintexts related to a specific cryptotext.
174
If a one-time key is unique like its name indicates and has not been revealed to any outsider, then one-time key encryption
is still inferior to cryptanalytic encryption methods in both integrity and confidentiality.
provides as good protection for confidentiality as any encryption can provide, but the same is not true of Integrity.
also provides the best possible protection for integrity.
can also be implemented by "stretching the" key with some algorithm.
provides as good protection for confidentiality as any encryption can provide, but the same is not true of Integrity.
175
Key escrow
means an attacker's method of cracking encryption without cryptologic means.
is also possible in the public key system.
is what happens if the key owner stores it encrypted with his own master key.
improves the confidentiality of the key owner's information.
is also possible in the public key system.
176
```
Only one of the following may need to be negotiated when agreeing on symmetric encryption. What?
algorithm version
key modifying salt value
padding length
initialization vector
```
algorithm version
177
How much bigger is the key space of AES-128 than the address space of a 64-bit operating system?
Two times larger.
The key space size equals the address space size squared.
64 times larger.
It is not bigger but just 1/4 of the address space because the 64-bit memory consists of 8-bit bytes.
The key space size equals the address space size squared.
178
Updating encryption keys quite often is important. The main reason is
to make a chosen-plaintext attack impossible.
to keep the amount of text encrypted with the same key reasonable.
to make it more difficult for a cracker to derive a new key based on an already revealed old key.
to prevent the updated encryption program from using the same key as the old one.
to keep the amount of text encrypted with the same key reasonable.
179
What is not true of a session key?
It cannot be a public key.
It is a symmetric key but it need not be the same to both directions, i.e. one party may use it only for encryption and the other one for decryption.
Its purpose is to protect those keys that are changed for each message of the communications.
A leaked session key should not expose the keys of any previous or subsequent sessions.
Its purpose is to protect those keys that are changed for each message of the communications.
180
```
How many more encryption keys must be distributed to a group of 100 users for pairwise confidential communication if the keys are symmetric instead of asymmetric?
no difference
99 more
4850 more
9900 more
```
4850 more
181
```
How many more encryption keys does each member of a group of 100 users need for pairwise confidential communication with all others if the keys are symmetric instead of asymmetric?
no difference
99 more
4850 more
9900 more
```
no difference
182
A pseudorandom number
is a random sequence of bits taken from some physical source, transformed to a number without filtering that would balance the set of such numbers to be evenly distributed.
is a bit sequence intended for cryptographic use but originating from a forged or accidentally false source that has destroyed its statistical properties.
is a binary number whose bits have been computed with a known algorithm from some initial value in such a way that the set of such numbers passes certain statistical tests.
is a number taken from a long bit sequence, which is apparently a result of computation, but the algorithm is not known.
is a binary number whose bits have been computed with a known algorithm from some initial value in such a way that the set of such numbers passes certain statistical tests.
183
Which of the following 64-bit strings is more likely to be generated by random.org, whose bits are very genuinely random? Strictly speaking, they are all equally probable, but judge on the basis of ordinary statistical properties that are used to evaluate generators of pseudorandomness.
00001101 00000101 01000100 01011001 11101110 01011000 10001011 11111111
11001000 11010101 01010101 01011011 01101101 10110110 01100110 01100110
10001111 00011111 10110001 11101100 00011110 11011000 11110001 10111100
00001101 00000101 01000100 01000010 01101010 10011000 00001010 01010100
00001101 00000101 01000100 01011001 11101110 01011000 10001011 11111111
184
Is 154585821 a random number?
No, if the number appeared publicly somewhere else and the author of this question took it from there. Otherwise yes.
No, because it uses only 5 different digits although it is nine digits long.
No, because it repeats the digits 5 and 8 in such a way that is extremely improbable for this short a sequence of digits.
The question cannot be answered, because randomness is not a property of a single number without a context.
The question cannot be answered, because randomness is not a property of a single number without a context.
185
In the self-test of a random bit generator it needs to pass some statistical properties. What features are common?
The generator is started twice and the correlation of the generated queues must be within certain limits.
The generator is started from several specified initial states and the generated queues must be the same as the reference data.
The generated bits are correlated with previously stored queues and the results must be within certain limits.
The number of ones must be within certain limits as well as the number of runs of certain lengths.
The number of ones must be within certain limits as well as the number of runs of certain lengths.
186
What is a digital envelope?
An envelope otherwise ordinary but with a paper inside written through the envelope
A data package of a tunneled communication.
A communication package in which the payload is encrypted.
A symmetric key encrypted with a public key and a message encrypted with the former
A symmetric key encrypted with a public key and a message encrypted with the former
187
```
A block cipher is usually not operated in the simple mode of an Electronic Code Book. What can NOT be achieved with the other modes in contrast to the ECB?
message authentication
resilience against frequency analysis
recovery from transmission errors
faster speed
```
faster speed
188
```
Symmetric encryption mode ECB comes from the words
Electronic Code Book.
Electronic Cipher Block.
Encrypting Chain of Blocks.
Encrypting Code Block.
```
Electronic Code Book.
189
How do the symmetric encryption modes ECB and CBC differ?
One uses a different key for decryption than for encryption, the other does not.
In one the cryptotext is longer than the plaintext, in the other not.
One can only be used for block and the other for stream algorithms.
In one, a certain bit of plaintext affects more bits of cryptotext than in the other.
In one, a certain bit of plaintext affects more bits of cryptotext than in the other.
190
Most symmetric ciphers are length-preserving. Sometimes it is motivated in the course of encryption to produce a longer result than the plaintext. Which is the poorest motivation for this?
Sending the initialisation vector of CBC mode along with the cryptotext.
Including a separately computed MAC to the cryptotext.
Improving the ECB mode by inserting a random byte at each block to be encrypted.
Including in the message the symmetric key in a public-key-encrypted "envelope".
Improving the ECB mode by inserting a random byte at each block to be encrypted.
191
Most symmetric ciphers are length-preserving. Sometimes it is motivated in the course of encryption to produce a longer result than the plaintext. Which is the poorest motivation for this?
Sending the initialisation vector of CBC mode along with the cryptotext.
Including a separately computed MAC to the cryptotext.
Including a recognizable header to the plaintext to allow checking that the decryption key was correct.
Including in the message the symmetric key in a public-key-encrypted "envelope".
Including a recognizable header to the plaintext to allow checking that the decryption key was correct.
192
The RSA signature is simple based on the RSA encryption formula because
it only exchanges the roles of the decryption exponent and the encryption exponent.
the modulus becomes the private key and both exponents become the public key.
it only replaces squaring with taking a square root.
both exponents become the private key and the prime factors of the modulus become the public key.
it only exchanges the roles of the decryption exponent and the encryption exponent.
193
Why is a typical symmetric encryption-decryption algorithm not good for signatures?
The keys are too short for long-term use.
Verifying the signature would be too laborious.
It cannot be used to create a digital envelope.
Verification would be done with the same key as the signature.
Verification would be done with the same key as the signature.
194
The concept of a trapdoor in a public key cryptosystem refers to
the decryption key or the signature generation key.
a structure in a public key that would be easy to check if you knew components that are only known by the creator of the key.
an algorithm for calculating discrete logarithms modulo n when n is a product of two large primes.
a way to perform public key encryption operations without knowing the keys.
a structure in a public key that would be easy to check if you knew components that are only known by the creator of the key.
195
A common trapdoor in public key cryptosystems is
the ability to compute a discrete logarithm with respect to a large prime number.
the ability to calculate a discrete logarithm with respect to the product of two prime numbers.
to know the factors of a large integer, which is a product of two different primes.
to know the square root of a large integer, which is a square of a prime number.
to know the factors of a large integer, which is a product of two different primes.
196
When two very large prime numbers are multiplied, the product can be published without revealing the prime numbers,
as long as the product is first reduced by taking its remainder with respect to a third prime number.
but the least significant bits up to the first zero should be omitted.
even if you know how many bits there are in those primes.
even if the square of the second prime number were also made public.
even if you know how many bits there are in those primes.
197
```
Which of the following hacking methods is mainly related to a keyless crypto algorithm?
differential analysis
birthday attack
integer factoring
frequency analysis
```
birthday attack
198
What is the role of condensation (squeezing a large number of bits into a small number in some way) in a digital signature?
A one-way hash is calculated as the last step of producing a signature.
Compression is not usually used for signing.
The asymmetric signature algorithm is not applied to a document but to its one-way hash.
Documents are always subjected to reversible compression before signing.
The asymmetric signature algorithm is not applied to a document but to its one-way hash.
199
```
Which of the following is a more secure hash algorithm?
MD-256
SHA-256
SHA1
MAC-3
```
SHA-256
200
The message authentication code, MAC, is computed
by applying symmetric encryption to a random challenge.
by applying a hash function to a random challenge.
by applying a keyed hash function to the message.
by applying asymmetric encryption to the message
by applying a keyed hash function to the message.
201
What is a property of the Diffie-Hellman key exchange protocol?
Both parties raise the base g to a power modulo p, and the result is communicated to the other, but neither one will come to know what the exponent used by the other party was.
One party invents a prime p and the other a prime q. The product n of these large numbers is the public key that acts as the key exchange modulus.
If calculating discrete logarithms modulo a large prime number is indeed a difficult problem (as is generally believed), the DH protocol provides the protocol participants with the same key that no one else knows.
In order to include authentication, the parties must first secretly agree on the modulus p and the base g.
Both parties raise the base g to a power modulo p, and the result is communicated to the other, but neither one will come to know what the exponent used by the other party was.
202
Diffie-Hellman is the name of
a powerful method of breaking ciphers prior to AES.
a protocol for remotely creating a mutual digital signature on a document.
the first public key encryption method.
a method to create keys for symmetric encryption between two remote parties.
a method to create keys for symmetric encryption between two remote parties.
203
Hiding a copyright notice on data can be done either (i) fragile or (ii) strongly. The nature of the mark can be (x) an integrity checker, (y) a "fingerprint", or (z) a watermark. Which of the following classifies these correctly?
(i) -> x, (ii) -> y & z
(i) -> y, (ii) -> x & z
(i) -> z, (ii ) -> x & y
(i) -> x & y, (ii) -> z
(i) -> x, (ii) -> y & z
204
If dust and dirt need to be taken into account in any way when surveying security threats, which of the following has the least to do with it?
Jamming of mechanical parts of computer equipment
Traffic analysis
Overheating
Absences due to dust allergies
Traffic analysis
205
Consider the claim: "Even an IT work environment produces dust that, when accumulated, can cause short circuits in computing devices." The claim is
true because there are people in the work environment and therefore dust that conducts electricity.
false because dust in a normal work environment does not conduct electricity.
false because the hardware fans are built to prevent dust from accumulating in the wrong places.
true because the static electricity of IT equipment collects dust specifically in the wrong places.
false because dust in a normal work environment does not conduct electricity.
206
When developing preparedness for serious fires it is good to assign tasks to personnel. Which of the following is a more important task than others in this respect?
Preparation of applications for compensation to an insurance company.
Various tasks of informing customers and authorities.
Actions to drive down or move computer equipment and media to safety.
Clearance actions to be taken as soon as the fire department has given permission.
Actions to drive down or move computer equipment and media to safety.
207
This course covers a set of natural, somewhat human-independent threats to information security. They do not deserve a very extensive treatment, at least on a basic course, because
the control mechanisms required are remarkably complex.
combating such threats or their effects is usually necessary also for reasons other than security.
only human-dependent security threats can be handled properly.
the risk level of such threats to security is quite low.
combating such threats or their effects is usually necessary also for reasons other than security.
208
Consider the claim: "A key way to combat water hazards for computing is the water insulation of hardware rooms." The claim is
false, because the hardware does not work properly in too dry air.
true, because there are not even other ways to combat the effect of water.
true, because waterproofing is the easiest way to protect equipment in a room from water.
false, because other means are more effective and cheaper.
false, because other means are more effective and cheaper.
209
Water can be thought of coming into contact with equipment from four directions: bottom, side, top and diffusely in air. How many of these should be considered in security planning and how?
All but the same control mechanism does not work for all.
Only the most serious direction, as the probability is very small anyway.
Three, each with a different security mechanism.
None, as water should not get anywhere near the equipment.
All but the same control mechanism does not work for all.
210
Which of the following is least true when considering information in physical (non-electronic) form held by a user and how it is protected from alteration (falsification) by the user? Protecting
does not help keep copies of information intact.
is more about safeguarding integrity than availability.
is usually easier than if the same information were in electronic form.
does not help in maintaining reliability of authentication based on that information.
does not help in maintaining reliability of authentication based on that information.
211
```
If a data-processing device is to be able to operate in a hostile environment, the most important data to be protected - if present -
are access control lists.
are cryptographic keys.
are web addresses.
is configuration information.
```
are cryptographic keys.
212
Which of the following applies?
From the perspective of a computing device alone, power outages are not among attacks to be prevented.
Enclosing a shared computer does not prevent spying on the user of the machine.
It is easier to protect against breaking an IT device than against stealing it.
To prevent unauthorized use, it is sometimes advisable to use a mechanism that makes the device useless also to the legitimate user.
To prevent unauthorized use, it is sometimes advisable to use a mechanism that makes the device useless also to the legitimate user.
213
```
If a data-processing device is to be able to operate in a hostile environment, the most important data to be protected - if present -
is personal information.
are cryptographic keys.
are web addresses.
is configuration information.
```
are cryptographic keys.
214
Assume that the properties of secure hardware are condensed into two requirements. If one requires that the user can be convinced of the authenticity of the hardware, then the second requirement concerns that the hardware
is able to distinguish whether the person maintaining it remotely is authentic.
can assure the user that it has not been affected by any action that deviates from the allowed ones.
can assure the user that it has not been affected by any specifically prohibited activity.
is able to distinguish whether actions towards it are allowed or not.
is able to distinguish whether actions towards it are allowed or not.
215
```
An operating system together with the underlying hardware can provide a controlled and un-intercepted interface into privileged user functions by
ring protection.
anti-malware.
trusted paths.
maintenance hooks.
```
trusted paths.
216
All of the following can be trusted more than most others in their categories, but which is called a trusted platform in information security?
A social media platform where users are identified and accountable for their postings.
A specially designed microchip that has passed standardized testing.
A hardened operating system running on hardware that is used only for dedicated purposes.
A computer that has uninterruptible power supply and is not connected to the Internet.
A specially designed microchip that has passed standardized testing.
217
The smart card also has a file system,
where the names of directories and files are changed from time to time to make attacks more difficult.
that includes different permissions.
where all the files are in the same directory.
where filenames were originally drawn randomly to make attacks more difficult.
that includes different permissions.
218
Concerning the connection pins on a smart card,
the card is capable of public key cryptology only if all pins are enabled.
one of them is for transferring cryptographic keys from/to the card when a crypto operation is performed outside the card.
if short-circuited, they can damage the processor on the card.
a different pin is used for communication than for the supplying the voltage.
a different pin is used for communication than for the supplying the voltage.
219
How do smart cards relate to symmetric key cryptography? Their processors
are capable of it, but data transfer is impractically slow for a large amount of data to be encrypted.
are usually not versatile enough for that.
are capable of it, but cannot stand encrypting large amounts of data without becoming too hot.
are usually not fast enough to think of sensible use for encryption.
are capable of it, but data transfer is impractically slow for a large amount of data to be encrypted.
220
```
How do smart card processors relate to (i) operations and (ii) key generation in a public key cryptosystem?
They cannot do either.
They are capable of (ii) but not of (i).
They are capable of both.
They are capable of (i) but not (ii).
```
They are capable of both.
221
If an attacker who stole a smart card also gets its PIN,
he may still not be able to do all the same actions on the card as the real owner of the card.
in a normal operating environment, he can read the secret keys on the card.
he is guilty of stealing a card and (possibly) the PIN, but using the card itself is not criminal.
he cannot test functionality of the PIN elsewehere than in the normal operating environment.
he may still not be able to do all the same actions on the card as the real owner of the card.
222
Pick the correct ones among the following four claims: The production of a smart card is governed by (i) the general security principle that more than one person is required for a given activity, and (ii) separation of duties so that no manufacturing worker can later trace which cards he or she made. (iii) In addition, burning a fuse at a certain stage prevents logical memory references, after which only a physical reference is possible. (iv) In general, one of the key principles of smart card security are is that its proper functioning cannot be falsified from outside.
(ii) & (iv)
(i) & (iv)
(ii) & (iii)
(i) & (iii)
(i) & (iv)
223
Pick the correct ones among the following claims: In the production of a smart card, (i) segregation of duties is applied so that more than one person is required at some stage in the work, and (ii) contrary to normal security principles, randomness is applied to the structure of the card. (iii) In addition, burning a fuse at a certain stage prevents logical memory references, after which only a physical reference is possible. (iv) In general, one of the key principles of smart card security is that its proper functioning cannot be falsified from outside.
(ii) & (iii)
(i) & (iv)
(ii) & (iv)
(i) & (iii)
(i) & (iv)
224
The use of a Trojan horse to attack a smart card is most likely
in the card's ROM as part of the operating system.
on the hardware of the reading device.
in the card's RAM as one of the applications.
on a workstation that uses the reading device.
on a workstation that uses the reading device.
225
What is the worst problem with biometric authentication that should work over an insecure network like the internet?
It is not known whether the input of the authentication data is made by the same person as the one to which it belongs.
The proportion of erroneous approvals cannot be reduced by renewals.
The integrity or encryption of data can be broken during transmission through the network.
Someone can get hold of the comparison data on the server.
It is not known whether the input of the authentication data is made by the same person as the one to which it belongs.
226
What is the worst problem with biometric authentication that should work over an insecure network like the internet?
The biometric feature must be modified each time so that it cannot be reproduced by an attacker.
Someone can get hold of the comparison data on the server.
The integrity or encryption of data can be broken during transmission through the network.
It is difficult to make sure that the authentication data provided has been entered as intended.
It is difficult to make sure that the authentication data provided has been entered as intended.
227
```
Which is the least significant issue when considering taking biometrics into use?
Resistance to counterfeiting.
Novelty of the technology.
User acceptance.
Reliability and accuracy.
```
Novelty of the technology.
228
In addition to an appropriate physical feature reliable biometric authentication requires from the person
knowledge of something.
presence in the authentication situation.
possession of an object.
more than one measurement also in the authentication situation.
presence in the authentication situation.
229
What is a fundamental property of biometrics posing challenges to any technique it will use?
The storage of the biometric data is vulnerable.
Weaknesses in the communications between the reader and server.
The credentials cannot be revoked because they remain essentially the same.
Degradation of the credentials while people are aging.
The credentials cannot be revoked because they remain essentially the same.
230
Which of the following is least important when the design of data network structures follows restrictions and limits as a general security principle?
Keeping administrative and production data channels separate.
Placing web and database servers on different subnets.
Placing the server collecting logs on its own subnet.
Placing a DNS and NTP server on different subnets.
Placing a DNS and NTP server on different subnets.
231
The purpose of a packet sniffer is to
capture (copy) network traffic for later analysis.
remove irrelevant packets from network traffic.
trace network connections to external destinations.
scan network segments for cabling damage.
capture (copy) network traffic for later analysis.
232
If a VPN connection has been properly configured from a teleworker's home computer to the workplace network, then which of the following is the least likely vulnerability?
Someone in the workplace network could use the home computer without permission.
Poor home security is a threat to some part of the workplace network.
The workplace network could infect a virus to the home computer.
The security of the entire workplace network is at the same level as that of the home computer.
The security of the entire workplace network is at the same level as that of the home computer.
233
What is the most likely reason if a firewall installed between an internal and external network allows an attack from the exterior to systems on the intranet?
The intranet policy is incorrectly configured in the firewall.
The intranet policy allows such attacks.
An error has occurred in the manufacture of the hardware or software of the firewall.
The integrity of the hardware or software of the firewall is broken .
The intranet policy is incorrectly configured in the firewall.
234
What should a firewall most commonly do when it rejects a packet for a reason other than that it does not conform to the standard?
Send an alert to the intrusion detection system.
Treat the next packet with a different rule.
Write packet tags to a log file.
Give the user a warning.
Write packet tags to a log file.
235
The "state" in a stateful packet filter is to store (instead of possibly only logging)
addresses for opened connections to allow legitimate callback from those addresses.
source addresses of frequent connection attempts that have been blocked implicitly (i.e. not by explicit rules) - but which would not cause a DoS.
statistics of traffic both inward and outward.
the source IP addresses of DoS attacks to block them automatically in future.
source addresses of frequent connection attempts that have been blocked implicitly (i.e. not by explicit rules) - but which would not cause a DoS.
236
Investigate the claim: "The certificate sent by a server can be installed in the browser so that TLS can use it to verify the private key of the same server in the future." The claim is
true and does not require a browser restart.
true, but the browser needs to be shut down and restarted.
false, because you can install public keys but not certificates in your browser.
false, as TLS does not verify the server's private key but the signature made with that private key.
false, as TLS does not verify the server's private key but the signature made with that private key.
237
Because TLS works below the application layer, it does not know what kind of data it protects. Nevertheless,
both server and browser authentication are always part of the security services it provides.
it is not suitable for communication between more than two parties.
it does not provide protection for the identity of the user of the client machine.
it can protect a bank transfer on an e-commerce site without a new key exchange.
it is not suitable for communication between more than two parties.
238
The domain name system, DNS,
is necessary for the operation of the web.
is constantly under DoS and spoofing attacks which cause the majority of downtime for internet users.
has the security extension DNSSEC, but even that does not provide confidentiality to the DNS queries.
has the shortcoming that it cannot be implemented within a single organization for internal use.
has the security extension DNSSEC, but even that does not provide confidentiality to the DNS queries.
239
Suppose someone has installed SSH on her own machine and has already used it to log on to the target machine. Which of the following is necessary in all cases to allow the next login with SSH? She or her own machine must have
her own private key or her own password for the target machine.
the private or public key of the target machine.
her own private or public key.
the private key of her own or of the target machine.
her own private key or her own password for the target machine.
240
In Kerberos, the user's password
need only be sent to the ticket service instead of multiple destination services.
acts as an encryption key when the client program sends a ticket to the destination services.
is sent to the destination services encrypted by the ticket service.
decrypts the encryption key received from the ticket service for use by the client program.
decrypts the encryption key received from the ticket service for use by the client program.
241
What is the difference between the security needs of remote access to (i) a host computer and (ii) a server?
In one of them the user has access to resources only through a limited process, in the other more broadly.
In one of them, users rarely have such resources of their own that several other users would not also have access to.
One of them seldom requires such encryption, where the key is different for different users.
The difference in use is so small that it does not make sense to differentiate between protection needs.
In one of them the user has access to resources only through a limited process, in the other more broadly.
242
Assume that one employee of a company needs to access files and programs on a mainframe computer from his home computer. Which of the following is a better design for this than the others?
Implementing work via a TLS-secured web server instead of a terminal connection.
The current-day PC's are powerful enough. So, set up the programs and files on the employee's home computer locally.
A network that has been made private with virtualization.
Authentication and encryption between endpoints.
Authentication and encryption between endpoints.
243
Tunnels securing remote connections can be established
only at the network or link layer, and the usual network connection protocols are not sufficient for this.
both at the application layer within network connections and at the network level around application layer messages.
only below the application layer on the transport or network layer.
with the same protocols as the network connections between your own machine and the service provider, i.e. with PPP, for example.
both at the application layer within network connections and at the network level around application layer messages.
244
```
The idea of a network proxy server can be applied for good in many contexts, but one type of proxy that is often abused is
content-filtering proxy.
open proxy.
reverse proxy.
caching proxy.
```
open proxy.
245
What is replayed in a replay attack, at least in such cases that have been successful?
The content of earlier video in the monitors of a surveillance room.
A few seconds old GPS signal toward the receivers of military vehicle or aircraft.
Earlier messages of an authentication protocol in an attempt to get authenticated without proper credentials.
An earlier successfully broken DRM signal in an attempt to get access to new media content.
Earlier messages of an authentication protocol in an attempt to get authenticated without proper credentials.
246
```
When a user authenticates to a server, the ensuing service will use some identifiers. If these are not protected well, it may happen that someone else takes them into use and drops the user out. What is this situation called?
man-in-the-middle
replay attack
denial of service
session hijacking
```
session hijacking
247
When the cell phone network (2/3/4G) authenticates a caller outside the area of the caller's home location register (HLR), it uses the mobility management service local to the caller. Let us denote this service by VLR (visitor location register, as in 2/3G). What is then known about the key K on the SIM card?
A hash computed from it and the timestamp is available to the VLR for a certain time.
The VLR uses K to check the response to the challenge it sent to the caller's phone.
A copy of the key is known to the VLR, but the key is changed for the next call.
The VLR checks the response from the caller's phone to the authentication challenge by comparing the response to a value calculated in advance using K.
The VLR checks the response from the caller's phone to the authentication challenge by comparing the response to a value calculated in advance using K.
248
In a software program the application programming interface, API, is
the place attackers first test for vulnerabilities in case of new versions of widely spread programs.
the common point to attach physical DRM dongles.
the channel through which the program can access security services.
the channel through which other programs can access the services provided by the program.
the channel through which other programs can access the services provided by the program.
249
Device drivers that are installed by the end-user must be designed securely, because they usually
become integrated as part of the operating system.
operate in the unrestricted, or kernel, mode.
have the same access rights as the end-user.
are configured by software without human interaction.
operate in the unrestricted, or kernel, mode.
250
Dynamic-link library, DLL, is
a set of subroutines that are shared by different applications and OS processes.
a common name for such utilities in operating systems that malware writers most often link to their code.
a complex software construct notorious for its tendency to get out of date and cause vulnerabilites to the applications that depend on it.
a collection of executable codes that programmers can embed in their source code.
a set of subroutines that are shared by different applications and OS processes.
251
Assume you are using a multi-user computer running Unix or Linux. What happens when you issue the command 'logout'?
A lot more data will be deleted from the system than your username from the list of active users.
You will be wiped away from the list of the active users, but other non-admin users could not find this out.
All your processes will be terminated and you cannot run any commands on the computer before you login again.
Other users get a notification that you have left the system.
A lot more data will be deleted from the system than your username from the list of active users.
252
Virtualization as an extension to physical reality can be good for security purposes. This is especially true when
extending the RAM memory space of a computer to secondary storage.
moving monetary transactions away from traditional currencies.
creating a simulated environment to act as a hardware platform.
using virtual routers to create separate local area networks within an organization's network.
creating a simulated environment to act as a hardware platform.
253
One of the most common software security flaws is "incomplete mediation", meaning inadequate flow control from one processing routine to another. An example of this is
writing outside the boundaries of a memory area.
inadequate error handling.
information undergoing changes after being read but before being used.
calling a subroutine without parameters.
inadequate error handling.
254
A man-in-the-browser is
the browser plug-in program that acts as the client for the TOR network.
the term used by XSS attackers of their cross-site scripts when they are in action on an unknowing user's browser.
is an attack that can alter for instance bank transfer amounts and account numbers even if the bank sees the connection as secure.
is a useful but privacy-sensitive program that gets plugged into a browser, collects usage data and sends it to web services.
is an attack that can alter for instance bank transfer amounts and account numbers even if the bank sees the connection as secure.
255
Which of the following has the least to do with the security threats that can result from having too long a time between verification of rights and actions that require them?
The rights have changed and they would no longer allow such activities.
A signature gets accepted even if it was not made by the person in whose name it was made.
A terminal session gets used by someone other than the one who was logged in.
The information is no longer relevant to the person who has access to it, and indifference makes him or her careless about its confidentiality.
The information is no longer relevant to the person who has access to it, and indifference makes him or her careless about its confidentiality.
256
Address space layout randomization is
one of the methods used by polymorphic viruses to evade detection.
a method of ransomware making the victim's files useless, allowing gradual and verifiable selling back of recovery data.
a protection of hosts in a LAN against targeted attacks.
a protection used by operating systems against exploiting memory vulnerabilities, e.g. buffer overflow.
a protection used by operating systems against exploiting memory vulnerabilities, e.g. buffer overflow.
257
Data execution prevention, DEP, is a class of methods
that the compiler uses to mark parts of compiled software code as non-executable and non-mutable.
to mark parts of the binary code loaded in memory as non-executable data but still allowing its content to be modified.
used by the operating systems to mark some memory segments non-executable.
to restrict the capability of programs that render media or document files not to run any executable content from those files.
used by the operating systems to mark some memory segments non-executable.
258
Which of the following statements is true?
Testing does not make software under construction completely secure because it is virtually impossible to go through all the options.
Good programming methods, testing, and proving have very little effect on the security of complex software.
Testing does not help in making software under construction completely secure because some vulnerabilities do not appear in any kind of testing.
Secure programs can be proven to be such using formal verification methods.
Testing does not make software under construction completely secure because it is virtually impossible to go through all the options.
259
Which among the following is the best guarantee that software is secure?
The software matches its specification accurately and fulfills its intended task.
The software has been designed and developed in accordance with best practices and using adequate resources.
The designed modes of operation of the software have all been tested, i.e. tried out and found to be safe.
The software specification has been formally proven safe.
The software has been designed and developed in accordance with best practices and using adequate resources.
260
```
Fuzzing is a method for software
obfuscation.
testing.
quarantining.
licensing.
```
testing.
261
A new version of software can have both advantages and disadvantages in terms of information security. Which of the following is the best example or interpretation of this truth?
Everyone should install the new version, but only after independent reports on the security of the version have been published.
Some users should install the new version, while others should not.
The manufacturer can release new versions (patches) so often that, despite improvements, availability suffers when hardware needs to be restarted frequently.
If someone installs a new version on their machine and someone else uses the old version, the programs can interfere with each other.
Some users should install the new version, while others should not.
262
Obfuscation means the methods
by which a sandbox is created around untrusted software.
that code writers use while attempting to make reverse engineering more difficult.
that malware writers use to cause their code to modify itself in the course of replications, to evade detection.
that malware writers use to make their code versions to look different, to evade detection.
that code writers use while attempting to make reverse engineering more difficult.
263
```
Software testing is important also for other reasons than security, but some basic rules are the same. Which of these are rules for software testing? (i) Testers and coders use the same tools, (ii) the expected test outcome is unknown, (iii) a successful test is one that finds an error, (iv) examining the most usual cases is sufficient.
(i) and (ii)
(ii) and (iii)
only (iii)
(iii) and (iv)
```
only (iii)
264
Bytecode, the pseudo-object code that is translated from a source code but must still be interpreted to execute,
is faster than interpreted source codes.
reserves and releases memory automatically, thus blocking many attacks and programming errors.
is less prone to reverse engineering than object code.
has a built-in sandbox that makes it more secure to download an run than executable code.
is faster than interpreted source codes.
265
```
The kernel mode is a status that certain processes have during their operation. It is called with several different names, but not with term
unrestricted mode.
superuser mode.
privileged mode.
supervisor mode.
```
superuser mode.
266
The role of a reference monitor in trusted computing is to
to make a log entry for communications that violate the security policy.
manage address tables for indirect memory references.
set user rights to resources into access control tables.
mediate all interaction between users and resources.
mediate all interaction between users and resources.
267
```
A Java sandbox can block many things from a Java applet. If any, which of the following is worth blocking for security reasons?
reading from local disk
floating point operations
writing to screen
receiving input from user
```
reading from local disk
268
Which of the following statements is true?
Sandbox and wrapper implementations assist the operating system in access control by occasionally asking the user for a password.
Proxy and wrapper implementations have nothing to do with access control.
The Java sandbox is the runtime environment of a program and can prevent it from working properly.
The Java sandbox is a programming method that makes Java programs reliable also in terms of security.
The Java sandbox is the runtime environment of a program and can prevent it from working properly.
269
```
Wrapper programs (such as tcpwrapper) mainly implement
signatures.
filtering.
encryption.
authentication.
```
filtering.
270
Depending on how a program is written and what it needs to do, it may require more or less access rights than its user has. How should the programmer deal with administrator privileges?
If the program needs them, the program must be entirely based on them.
If needed, they should be used only during the startup phase of the program.
It is not recommended that they be required.
For those parts of the program that need them, formal verification is recommendable.
It is not recommended that they be required.
271
Depending on how a program is written and what it needs to do, it may require more or less access rights than its user has. How should the programmer deal with administrator privileges?
It suffices that non-administrators are able to use the program.
They are never needed at run-time, but they can be temporarily used in access control during the compilation and testing phase.
If a program has components that need them, it is recommended that the other components be protected with wrapper technology.
It is recommended that the program be built to operate with lesser rights.
It is recommended that the program be built to operate with lesser rights.
272
Trusting user input is detrimental. This is one of the fundaments for secure programming. Among the following five rules, which two are applications of it? (i) Protect against buffer overflows. (ii) Disable web site scripting. (iii) Do not require administrator privileges. (iv) Leave the generation of the encryption code to professionals. (v) Reduce attack targets.
(iv) & (v)
(i) & (ii)
(iii) & (iv)
(ii) & (iii)
(i) & (ii)
273
One fundamental rule of secure programming is "Reduce attack targets." It mainly means that
the program is able to operate with as few different levels of privileges as possible.
minimal number of names and addresses of other programs, services and sites are stored in the program.
the program receives as little input from the user as possible.
little-used features of the program are inactive by default.
little-used features of the program are inactive by default.
274
Some features of downloaded software can be verified by signatures provided by Verisign, for example, but these only guarantee that the
code manufacturer takes responsibility for any security issues.
software corresponds to its specifications.
code passed a virus scan, albeit by several different methods.
code origin and integrity are correct.
code origin and integrity are correct.
275
```
What is the strongest method to assure users that the update of their existing program that they are downloading originates from where it should?
TLS
code signing
MAC (message authentication code)
fingerprinting
```
code signing
276
A bastion host is
a computer that has only an outbound connection to the internet.
a workstation that has no services installed for remote use except possibly the administrative connection.
another name for the edge router of an organization network in case it has been equipped with DoS protection.
a hardened single-purpose server at the outer edge of the organization's network.
a hardened single-purpose server at the outer edge of the organization's network.
277
```
TCB or Trusted Computing Base contains
only hardware.
only software.
only software and hardware.
also trusted operating staff.
```
only software and hardware.
278
A trusted platform module is is important for secure programming,
but its security depends on the environment being able to run its encrypted code.
but it does not itself contain any code or data.
but it is often used to provide trust for others against the user as part of DRM.
but its user can easily corrupt its trustworthiness.
but it is often used to provide trust for others against the user as part of DRM.
279
Destroying a file with multiple overwrites does not necessarily guarantee that the information contained in the file could not yet be obtained by unauthorized persons. If a leak occurs, which of the following is the most likely cause?
An attacker has inserted a Trojan horse to the overwrite program that copies and sends the data before its normal operation.
An attacker first obtains a file name from an archived list and then manages to find a copy of the file on some other storage medium.
The overwrite program does not reach all the file storage blocks on the disk due to a malfunction of the file manager.
Even when overwritten, the magnetic field used to store the original data is exposed by special devices.
An attacker first obtains a file name from an archived list and then manages to find a copy of the file on some other storage medium.
280
```
There are three degrees in getting rid of a file, depending on what is needed to still access the file: a file manager, a special system program, or an electronics lab. Which of these can access information that is called residual data?
not any
just a lab or a system program
all
just a lab
```
just a lab or a system program
281
The type of overwriting that is related to erasing data
does not apply to valid data but applies to residual data.
prevents any data from becoming residual data.
uses residual data as its input.
produces residual data.
prevents any data from becoming residual data.
282
Bit rot
is another name of ransomware.
is exemplified by degradation of electric charge on solid-state memories like flash-memories.
is a special case of software decay, which is about non-updated software starting to malfunction when its environment changes.
is a type of malware that spreads only slowly and only to computers nearby.
is exemplified by degradation of electric charge on solid-state memories like flash-memories.
283
The "track changes" feature of a word processor with its change logs is good for integrity, but can produce problems, the most dangerous of which is a threat relating to
performance.
file size.
confidentiality.
clarity of the text and thus its correctness.
confidentiality
284
Which of the following is the worst answer to the question: "Do databases need more fine-grained access control than that offered by the operating system of the machine containing the database?"?
No, if you don't need to differentiate between database users.
No, if all database information is public.
Yes, if user separation at the file permissions level is not enough.
Usually needed.
No, if all database information is public.
285
The purpose of the operating system is NOT to combat the integrity problem that threatens the database in the situation, where
a user level process of a hacker attempting to write to the memory area used by the database manager.
two users updating the database read the same information from the database at the same time.
simultaneous users start the database management program in two or more separate processes.
the data transfer gets out of sync between the main memory of the database machine and the peripheral memory.
two users updating the database read the same information from the database at the same time.
286
Historically encryption was invented to protect data in transit, i.e. messages. To protect data in storage
the same procedures apply by replacing the transmission channel with the storage media and equalling recipient = sender.
stronger and faster cryptography is needed because of the high volume of data.
various new questions arise, like whether to encrypt files, file systems or whole storage media.
simpler algorithms with shorter key lengths suffice because there is no real-time demand and the attack surface is smaller.
various new questions arise, like whether to encrypt files, file systems or whole storage media.
287
What can go wrong more likely than the other options if your computer automatically saves your data files in a cloud service?
If your computer breaks down, you cannot access your files any more.
If you lose your computer, somebody else can boot it from external media and access your files.
The service provider cracks the encryption on your files.
You lose your credentials to access the files.
You lose your credentials to access the files.
288
What is injected in an injection attack?
Fake users and their profiles into a user database.
Program code to places that allow non-executable input but end up by running the code.
One or more digits to monetary values, or just new digits to some existing positions in numbers.
Malicious plug-ins into web browsers without the user being notified.
Program code to places that allow non-executable input but end up by running the code.
289
```
An injection is a generic type of attack where code is "smuggled" to a place where it shouldn't go, at least to be run. Which of the following is not a type of this attack?
SQL injection
Cross site scripting
OS command injection
Macro recording
```
Macro recording
290
```
In database management systems, ACID is an important set of properties. Which one is to allow no partial transactions to be visible before the whole transactions is completed?
Atomicity
Isolation
Durability
Consistency
```
Isolation
291
```
In database management systems, ACID is an important set of properties. Which one is to allow only valid transactions that do not violate any user-defined integrity constraints?
Atomicity
Isolation
Consistency
Durability
```
Consistency
292
```
Rollback is analogous to users' ctrl-Z or oops facility, but the term is used in the context of
spreadsheets.
SCADA.
military cyber operations.
database management systems
```
database management systems
293
```
Updating database records not only in the active database but in a copy at a remote location is called
archiving.
backuping.
shadowing.
mirroring.
```
shadowing.
294
Which of the following would be the most stringent requirement when a wide variety of summary information can be retrieved from a database of persons, but a field is sensitive at the individual level? "The search results must not reveal even
whether the value of that field for a particular person is different from what is given in the search criteria."
a rough range in which the value of that field is for a particular person."
a list of those who have an entry at all in that field."
the average of that field if less than half of the records in the database are included in its calculation."
the average of that field if less than half of the records in the database are included in its calculation."
