Module 9 Flashcards

1
Q

SCADA systems controlling critical infrastructure are usually completely separated from the Internet by which of the following?

A

air gap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is a common Linux rootkit?

A

Linux Rootkit 5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following source code is now available to the public and was considered a trimmed down version of the Windows desktop OS?

A

Windows CE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Embedded OSs are usually designed to be small and efficient so they do not have some of the functions that general-purpose OSs have. (True or False)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is an SELinux OS security mechanism that enforces access rules based on privileges for interactions between processes, files, and users?

A

Mandatory Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of malicious code could be installed in a system’s flash memory to allow an attacker to access the system at a later date?

A

BIOS-based rootkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Rootkits containing Trojan binary programs that are ready to install are more dangerous than typical Trojan programs. (True or Flase)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What programming languages are vulnerable to buffer overflow attacks?

A

C and C++

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is often found within an embedded OS that can cause a potential vulnerability to an attack?

A

Web server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the most serious shortcoming of Microsoft’s original File Allocation Table (FAT) file system?

A

no ACL support

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is considered to be the most critical SQL vulnerability?

A

null SA password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When using the Common Internet File System (CIFS), which security model does not require a password to be set for the file share?

A

Share-level security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Ubuntu and Debian Linux use what command to update and manage their RPM packages?

A

apt-get

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Rootkits that pose the biggest threat to any OS are those that infect what part of the targeted device?

A

firmware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which one of the following, if compromised might allow attackers the ability to gain complete access to network resources?

A

router

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following systems should be used when equipment monitoring and automation is critical?

17
Q

When using the Common Internet File System (CIFS), which security model will require network users to have a user name and password to access a specific resource?

A

User-level security

18
Q

What is the current file system that Windows utilizes that has strong security features?

19
Q

What type of viruses and code has been created by security researchers and attackers that could infect phones running Google’s Android, Windows Mobile, and the Apple iPhone OS?

A

Java-based

20
Q

Which of the following is an advantage of Windows CE over other Windows embedded OSs?

A

Its source code is available to the public.

21
Q

Which of the following describes an RTOS?

A

An embedded OS capable of multitasking and responding predictably

22
Q

Which of the following is a major challenge of securing embedded OSs?

23
Q

The lack of a familiar interface, such as CD/DVD-ROM drives, contributes to the difficulty of updating embedded OSs. True or False?

24
Q

SCADA systems are used for which of the following?

A

Monitoring equipment in large-scale industries

25
Multifunction devices (MFDs) are rarely which of the following?
Scanned for vulnerabilities
26
A common vulnerability of routers and other network devices with built-in Web management interfaces is which of the following?
authentication vulnerability
27
Which of the following can modify part of the OS or install themselves as kernel modules, drivers, libraries, and even applications?
rootkit
28
Which of the following doesn't use an embedded OS?
A workstation running Windows Vista Business
29
If the time and money required to compromise an embedded system exceeds the value of the system's information, a security tester might recommend not fixing the vulnerability. True or False?
True
30
One reason that some vendors of embedded OSs are using open-source software more is that the cost of developing and patching an OS is shared by the entire open-source community. True or False?
True
31
Which of the following is considered a good defense against low-level rootkits?
Trusted Platform Module (TPM)
32
An embedded OS must be developed specifically for use with embedded systems. True or False?
False
33
*nix embedded OSs are most likely to be found on which of the following devices?
Cisco switches and routers
34
Most printers now have only TCP/IP enabled and don't allow default administrator passwords, so they're inherently more secure. True or False?
False
35
VxWorks is which of the following?
A proprietary embedded OS