Scanner
A program that identifies known viruses and removes the viruses or repairs infected objects.
Heuristic Scanner
A program that intelligently analyzes unknown code to identify suspicious commands and code sections
Activity Monitor
A program that monitors systems and programs for suspicious activity.
Change detection software
A program that stores baseline system information and then periodically checks for suspicious changes from the baseline values.
What are 2 countermeasures for a brute force attack?
Implement strict access controls
keep password length to a minimum of 8 characters
Code that a specific event triggers and that destroys data stored on a system’s hard disk
logic bomb
Code that may simultaneously attack the book sector and the executable files of a system
virus
Code embedded in a program and often used to promote backdoor attacks to access system resources
trojan
Rapidly replicating code that takes control of a system consuming vital network resources
worm
What is the purpose of software forensics in protecting system and data security?
To analyze code for characteristics of authorship and intent used as evidence against attackers and to minimize damage in future attacks.
What characteristics of current software development make information security difficult?
Complexity of modern applications
increased sharing of code and other resources
Low level languages
first and second generation languages
High level languages
third through fifth generation
When programming with high level languages, which factors can contribute to security weaknesses?
Automatic memory allocation and deallocation
A security management system with limited options
Define hackers
individuals or organizations who attempt to gain unauthorized access to information systems and network resources
Define crackers
individuals or organizations who break into computer systems by breaching security. Often a crackers motive is altruistic.
What are the 6 types of DoS attacks?
smurf and fraggle SYN flood teardrop distributed DoS DNS DoS Cache poisoning
Define smurf attack
sends ICMP packets to multiple computers which in turn reply to the single computer
Define fraggle attack
smurf attack which uses UDP instead of ICMP
Defenses against smurf and fraggle attacks
setup a firewall to block all broadcast and ICMP messages
configure all computers to drop ICMP messages
turn off the directed broadcast capability of the router
implement an IDS
Install latest patches
Define SYN flood attack
Waged by not sending the final ACK message
Defenses against a SYN flood attack
setup a firewall to limit the number of connection requests
implement and IDS
use SYN cookies to avoid the allocation of resources to half opened connections
install latest patches
Define teardrop attack
exploits bug in OS routine to reassemble fragmented packets
Defenses against teardrop attack
merge all fragmented packets in a full packet before routing them to the target system
Implement IDS to detect fragmented packets
Defenses against DDoS attack
Scan the computers to identify if the attack software is installed
Access the log files on which the client attack software is installed to determine the location of the attacker
disable unused services on systems
install a firewall and IDS
Define DNS DoS
Attacker changes the IP of a host to a malicious host
Defenses against DNS DoS
Implement a secure DNS
Update DNS version
Configure DNS servers for internal and external public records
Define cache poisoning
Attacker can’t update DNS record, so false data is entered into the cache
Defenses against cache poisoning
configure DNS servers
Use DNSSecurity extensions DNSSEC
Use HTTPS to validate certificate
Defenses against brute force attacks
Keep the password length to a min of 8 characters
lock the account after a specified number of unsuccessful attempts
implement strict access controls to reduce the occurrence of such attacks
Defenses against dictionary attacks
use one-time password authentication
Use a password policy to enforce password rotation and hard to guess passwords
cracking tools to identify weak passwords
Implement and IDS
Defenses against spoofing attacks
configure the firewall to discard packets that contain private addressing
avoid using reserved IP addresses
use egress in ingress filtering
Implement an IPS
Defense against a buffer overflow attack
use the bound checking mechanism in program code to check the length of the input variable
Install latest updates
Define between the lines entry attack
An attacker taps the temporarily inactive terminal of a legitimate user in an unauthorized manner.
Define NAK negative acknowledgement attacks
an attacker capitalizes on an operating system’s failure to suitably handle NAK packets.
Define line disconnect attacks
An attacker accesses and uses the communication line of a user who is trying to terminate his communication session.
Define pseudo-flaw attacks
loopholes developers insert to trap attackers and track the source of an attack.
Define TOC/TOU attack
Time of Check
Time of Use
attack occurs when program checks access permissions in advance of a resource request.
Covert channel
a communication path that allows a process to transmit information in a way that violates system policy
File infector virus
attacks exe, com files
boot sector virus
attacks boot sector
multipartite
multi-part virus combines executable and boot sector viruses
script virus
written using script languages
encrypted virus
virus detection routine and encrypted virus body.
macro virus
attacks documents
polymorphic virus
virus body, decryption routine, mutation engine
companion virus
spawning virus creates a file of the same name in the same directory but with a different extension. The virus file will have an extension the system will open first.
Virus defenses
Anti-virus software
IDS
Don’t open unidentified email attachments
For which reasons is software forensics value for protecting information security?
It can help identify the authors of malicious code
The information it provides can be used to strengthen protection against future attacks
It can help prove intellectual ownership and assist in the recovery of lost source code.
Object Linking and Embedding
Links data objects into or from multiple files or sources on a computer and segregates data into interoperable components
eXtensible Markup Language
Displays the data in a standard format independently of the database or application.
ODBC
Tracks the required database driver for the application and translates the application requests into database commands.
JDBC
Allows you to connect to and access information from a database using java programs or ODBC
ADO ActiveX Data Objects
Helps users to write programs that access relational and non-relational database.
OLTP - Online transaction processing
Records all the business transactions of the organization as they occur and helps in the real-time processing of SQL transactions.
What are the characteristics of neural networks?
resembles a human nervous system
processes information simultaneously
Follows 5 main phases in sequence: changes are made only after process completion.
waterfall model
A rough system is created, tested, and evaluated to discover improvement possibilities
prototype model
Follows 5 sequential phases that contain planning, implementing, checking, and acting steps
Spiral model
Creates a system based on logical assumptions
exploratory model
previously created components are exported or modified to create a new system
reuse model
4 advantages of a neural network
adaptive learning
self-organization
real-time operation
fault-tolerance via redundant information coding
Expert System
follows rule based programming
draws an inference to derive a fact
7 stages of SDLC
project initiation defining functional objects defining system requirements developing and implementing recording and documenting testing and evaluating producing and installing
Follows sequential phases that include 4 in-built steps in each phase
spiral
Follows sequential steps where changes can only be made once the whole process is complete
waterfall
evaluates and authorizes the system at each sequential step
structured programming development
focuses on preventing inconsistencies in the initial planning so that time is saved in the testing phase
cleanroom
What kind of data model stores data in blocks?
object oriented
A child node has multiple parent nodes in what data model?
network
A child node has only 1 parent node in what data model?
hierarchical
Data is stored in tables in what data model?
relational
Data is stored in multiple databases across different locations in what data model?
distributed
polyinstantiation
an event that occurs when multiple rows in the same table have identical primary key elements but with each being distinguished by a different security level.
Uses for polyinstantiation
retain the integrity of all copies of the information in a database
store confidential data at multiple locations within the database
defend against some types of inference attacks
maintenance phase begins with constant revisions when the system is implemented in what model?
modified prototype
The key objective of application security is to ensure
A. that the software is hacker proof
B. the confidentiality, integrity, and availability of data
C. accountability of software and user activity
D. prevent data theft
B. the confidentiality, integrity, and availability of data
For an application security program to be effective within an organization, it is critical to
A. identify regulatory and compliance requirements
B. educate the software development organization the impact of insecure programming.
C. develop the security policy that can be enforced
D. properly test all the software that is developed by your organization for security vulnerabilities.
C. develop the security policy that can be enforced
The best defense against session hijacking and man in the middle attacks is to use which of the following in the development of software
A. unique and random identification
B. use prepared statements and procedures
C. database views
D encryption
A. unique and random identification
An important characteristic of bytecode is that is
A. has increased secure inherently due to sandboxing
B. manages memory operations automatically
C. is more difficult to reverse engineer
D. is faster than interpreted languages
D. is faster than interpreted languages
Two cooperating processes that simultaneously compete for a shared resource in such a way that they violate the system's security policy is commonly known as A. covert channel B. denial of service C. overt channel D. object reuse
A. covert channel
An organization has a website with a guest book feature, where visitors to the web site can input their names and comments about the organization. Each time the guest book page loads, a message box is prompted with the message "you have been powned' followed by redirection to a different website. Analysis reveals that no input validation or output encoding is being performed by the web application. This is the basis for which type of attack? A. denial of service B. cross site scripting C. malicious file execution D. injection flaws
B. cross site scripting
The art of influencing people to divulge sensitive information about themselves or their organization by either coercion or masquerading as a valid entity is known as A. dumpster diving B. shoulder surfing C. phishing D. social engineering
D. social engineering
An organization's server audit logs indicate that an employee that was terminated in the morning was still able to access certain sensitive resource on his system, on the internal network, that afternoon. The logs indicate that the employee had logged on successfully before he was terminated but there is no record of him logging off before he was terminated. This is an example of which type of attack? A. Time Of Check/Time Of Use B. Logic Bomb C. remote-access trojans D. phishing
A. Time Of Check/Time Of Use
The most effective defense against a buffer overflow attack is
A. disallowing dynamic construction of queries
B. bounds checking
C. encoding output
D. forced garbage collection
B. bounds checking
It is extremely important that as one follows a software development project, security activities are performed
A. before release to production, so that the project is not delayed
B. if a vulnerability is detected in your software
C. in each stage of the life cycle
D. when management mandates it
C. in each stage of the life cycle
Audit logs are which type of control? A. preventative B. detective C. compensating D. corrective
B. detective
Who can enforce the separation of duties by ensuring that programmers do not have access to production code? A. operations personnel B. software librarian C. management D. quality assurance personnel
B. software librarian
The technical evaluation of assurance to ensure that security requirements have been met is known as A. accreditation B. certification C. validation D. verification
B. certification
Defect prevention rather than defect removal is characteristic of which of the following software development methodology A. CASE B. Spiral C. Waterfall D. cleanroom
D. cleanroom
A security protection mechanism in which untrusted code, which is not signed is restricted from accessing system resources is known as A. sandboxing B. non-repudication C. separation of duties D. obfuscation
A. sandboxing
A program that does not reproduce itself but pretends to be performing a legitimate action, while actually performing malicious operations in the background is the characteristic of which of the following? A. Worms B. trapdoor C. virus D. trojan
D. trojan
A plot to take insignificant pennies from a user's bank account and move them to the attacker's bank account is an example of A. social engineering B. salami attack C. pranks D. hoaxes
B. salami attack
Role based access control to protect confidentiality of data in databases can be best achieved through the following? A. views B. encryption C. hashing D masking
A. views
The two most dangerous types of attacks against databases containing disparate non-sensitive information are
A. injection and scripting
B. session hijacking and cookie poisoning
C. aggregation and inference
D. bypassing authentication and insecure cryptography
C. aggregation and inference
A property that ensures only valid or legal transactions that do not violate any user defined integrity constraints in DBMS technologies is known as A. atomicity B. consistency C. isolation D. durability
B. consistency
expert systems are comprised of a knowledge base containing modeled human experience and which of the following? A. inference engine B. statistical models C. neural networks D. roles
A. inference engine
Data marts, databases, and data warehouses have distinct characteristics. Which of the following does not correctly describe a data warehouse?
A. It could increase the risk of privacy violations
B. It is developed to carry out analysis
C. It contains data from several different sources
D. It is created and used for project based tactical reasons.
D. It is created and used for project based tactical reasons.
Database software should meet the requirements of what is known as the ACID test. Why should database software carry out atomic transactions, which is one requirement of the ACID test when OLTP is used?
A. So the rules for database integrity can be established
B. So that the database performs transactions as a single unit without interruption
C. To ensure that rollbacks cannot take place.
D. To prevent concurrent processes from interacting with each other.
B. So that the database performs transactions as a single unit without interruption
What does the ACID stand for?
Atomicity
Consistency
Isolation
Durability
What does atomicity mean in relation to database software?
Divide transactions into units of work and ensures that all modifications take effect or none takes effect. Either the changes are committed or the database is rolled back.
What does consistency mean in relation to database software?
A transaction must follow the integrity policy developed for that particular database and ensure all data are consistent in the different database.
What does isolation mean in relation to database software?
Transactions execute in isolation until completed, without interacting with other transactions. The results of the modification are not available until the transaction is completed.
What does durability mean in relation to database software?
Once the transaction is verified as accurate on all systems, it is committed, and the databases cannot be rolled back.
Lisa has learned that most databases implement concurrency controls. What is concurrency and why must it be controlled?
A. Processes running in different levels, which can negatively affect the integrity of the database if not properly controlled.
B. The ability to deduce new information from reviewing accessible data, which can allow an inference attack to take place.
C. Processes running simultaneously, which can negatively affect the integrity of the database if not properly controlled.
D. Storing data in more than one place within a database, which can negatively affect the integrity of the database if not properly controlled.
C. Processes running simultaneously, which can negatively affect the integrity of the database if not properly controlled.
What is the name of the procedure which minimizes duplication and inconsistencies? A. Polymorphism B. Normalization C. Implementation of database views D. Constructing schema
B. Normalization
Which of the following correctly best describes an object-oriented database?
A. When an application queries for data, it receives both the data and the procedure.
B. It is structured similarly to a mesh network for redundancy and fast data retrieval.
C. Subject must have knowledge of the well-defined access path in order to access data.
D. The relationships between data entities provide the framework for organizing data.
A. When an application queries for data, it receives both the data and the procedure.
Fred has been told he needs to test a component of the new content management application under development to validate its data structure, logic, and boundary conditions. What type of testing should he carry out? A. Acceptance testing B. Regression testing C. Integration testing D. Unit testing
D. Unit testing
What is acceptance testing?
Testing to ensure code meets customer requirements.
What is regression testing?
Retesting a system after a change has taken place.
Which of the following is the best description of a component-based system development method?
A. Components periodically revisit previous stages to update and verify design requirements
B. Minimizes the use of arbitrary transfer control statements between components.
C. Uses independent and standardized modules that are assembled into serviceable programs
D. Implemented in module-based scenarios requiring adaptions to changing client requirements.
C. Uses independent and standardized modules that are assembled into serviceable programs
Which of the following is not a correct description of a polymorphic virus?
A. Intercepts antivirus’s call to the operating system for file and system information.
B. Varies the sequence of its instructions using noise, a mutation engine, or random number generator.
C. Can use different encryption schemes requiring different decryption routines.
D. Produces multiple, varied copies of itself.
A. Intercepts antivirus’s call to the operating system for file and system information.
Which of the following best describes the role of the Java Virtual Machine in the execution of Java applets?
A. Coverts the source code into bytecode and blocks the sandbox.
B. Coverts the bytecode into machine level code
C. Operates only on specific processors within specific operating systems
D. Develops the applets, which run in a user’s browser
B. Coverts the bytecode into machine level code
What type of database software integrity service guarantees that tuples are uniquely identified by primary key values? A. Concurrent integrity B. referential integrity C. Entity integrity D. Semantic integrity
C. Entity integrity
What is referential integrity?
Refers to all foreign keys referencing existing primary keys.
In computer programming, cohesion and coupling are used to describe modules of code. Which of the following is a favorable combination of cohesion and coupling? A. Low cohesion, low coupling B. High cohesion, high coupling C. low cohesion, high coupling D. High cohesion, low coupling
D. High cohesion, low coupling
What is cohesion in software programming?
Reflects how many different types of tasks a module can carry out. High cohesion means a module carries out 1 basic task.
What is coupling in software programming?
Reflects how much interaction one module requires to carry out its tasks.
When an organization is unsure of the final nature of the product, what type of system development method is most appropriate for them? A. Cleanroom B. Exploratory model C. Modified prototype method D. Iterative Development
C. Modified prototype method
Which of the following statements does not correctly describe SOAP and Remote Procedure Calls?
A. SOAP was designed to overcome the compatibility and security issues associated with Remote Procedure Calls.
B. Both SOAP and Remote procedure calls were created to enable application layer communication.
C. SOAP enables the use of Remote procedure calls for information exchange between applications over the internet.
D. HTTP was not designed to work with remote procedure calls, but SOAP was designed to work with HTTP.
C. SOAP enables the use of Remote procedure calls for information exchange between applications over the internet.
Computer programs that are based on human logic by using "if/then" statements and inference engines are called A. Expert systems B. artificial neural networks C. Distributed computing environment D. Enterprise java beans
A. Expert systems
Which of the following is a correct description of the pros and cons associated with third-generation programming languages?
A. The use of heuristics reduced programming effort, but the amount of manual coding fora specific task is usually more than the preceding generation.
B. The use of syntax similar to human language reduced development time, but the language is resource intensive.
C. The use of binary was extremely time consuming but resulted in fewer errors.
D. The use of symbols reduced programming time, but the language required knowledge of machine architecture.
B. The use of syntax similar to human language reduced development time, but the language is resource intensive.
Which of the following is considered the second generation of programming languages? A. Machine B. Very high level C. High level D Assembly
D Assembly
Mary is creating malicious code that will steal a user's cookies by modifying the original client-side java script. What type of cross-site scripting vulnerability is she exploiting? A. Second order B. DOM-based C. persistent D. non-persistent
B. DOM-based
Of the following steps that describe the development of a botnet, which best describes the step that comes first?
A. Infected server sends attach commands to the botnet
B. Spammer pays a hacker for use of the botnet
C. Controller server instructs infected systems to send spam to mail server.
D. Malicious code is sent out that has bot software as its payload.
D. Malicious code is sent out that has bot software as its payload.
Which of the following antivirus detection methods is the most recent to the industry and monitors suspicious code as it executes within the operating system? A. Behavior blocking B. fingerprint detection C. signature based detection D. heuristic detection
A. Behavior blocking
Which of the following describes object oriented programming deferred commitment?
A. autonomous objects, which cooperate through exchanges of messages
B. The internal components of an object can be refined without changing other parts of the system
C. Object oriented analysis, design, and modeling maps to business needs and solutions
D. Other programs using same objects
B. The internal components of an object can be refined without changing other parts of the system
_________ provides a machine readable description of the specific operations provided by a specific web service. ________ provides a method for web services to be registered by service providers and located by consumers.
A. Web service description language, universal description, discovery and integration
B. Universal description, discovery and integration, web services description language
C. web services description language, simple object access protocol
D. Simple Object Access Protocol
A. Web service description language, universal description, discovery and integration
