Question

TRUE/FALSE QUESTIONS:  Foundations of Information Security and Assurance

1. There is a problem anticipating and testing for all potential types of non-standard inputs that might be exploited by an attacker to subvert a program.

2. Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values.

3. The biggest change of the nature in Windows XP SP2 was to change all anonymous remote procedure call (RPC) access to require authentication.

4. The Zotob worm, which took advantage of a vulnerability in Microsoft Plug and Play (PnP) and which was accessible through RPC, did not affect Windows XP SP2, even the coding bug was there.

5. Key issues from a software security perspective are whether the implemented algorithm correctly solves the specified problem, whether the machine instructions executed correctly represent the high level algorithm specification, and whether the manipulation of data values in variables is valid and meaningful.

6. C’s designers placed much more emphasis on space efficiency and performance considerations than on type safety.

7. An effective method for protecting programs against classic stack overflow attacks is to instrument the function entry and exit code to setup and then check its stack frame for any evidence of corruption.

8. From the attacker’s perspective, the challenge in cracking a Linux system therefore boils down to gaining root privileges.

9. AppArmor is built on the assumption that the single biggest attack vector on most systems is application vulnerabilities. If the application's behavior is restricted, then the behavior of any attacker who succeeds in exploiting some vulnerability in that application will also be restricted.

10. A very common configuration fault seen with Web and file transfer servers is for all the files supplied by the service to be owned by the same “user” account that the server executes as.

11. Programmers use trapdoors legitimately to debug and test programs.

12. If the compromised machine uses encrypted communication channels, then just sniffing the network packets on the victim’s computer is useless because the appropriate key to decrypt the packets is missing.

13. Packet sniffers are seldom used to retrieve sensitive information like usernames and passwords.

14. Buffer overflows can be found in a wide variety of programs.

15. EFS allows files and directories to be encrypted and decrypted transparently for authorized users. All versions of Windows since Windows 2000 support Encryption File System.

16. A bot propagates itself and activates itself, whereas a worm is initially controlled from some central facility.

17. The correct implementation in the case of an atomic operation is to test separately for the presence of the lockfile and to not always attempt to create it.

18. Kernel space is swapped to hard disk in order to obtain quick access.

19. Performing regular backups of data on a system is a critical control that assists with maintaining the integrity of the system and user data.

20. Backup and archive processes are often linked and managed separately.

MULTIPLE CHOICE QUESTIONS:

1. ______ systems should not run automatic updates because they may possibly introduce instability.

A. Change controlled B. Policy controlled

C. Configuration controlled D. Process controlled

E. None of the above

2. _________ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves.

A. Race conditions B. Deadlocks

C. Privileges D. all of the above

E. None of the above

3. Windows Vista and later add two other functions. The first is that the firewall is a ______________ of the rewritten TCP/IP networking stack. Second, the firewall supports optionally blocking outbound.

A. fully integrated component B. 50% integrated component model

C. partially integrated component D. None of the above

4. ___________ does its business (covering the tracks of attackers) in kernel space, intercepting system calls pertaining to any user’s attempts to view the intruder’s resources.

A. A MKLKM rootkit B. A MKLKM sourcekit

C. An LKM rootkit D. None of the above

5. SELinux is a ____________ implementation that doesn't prevent zero-day attacks, but it's specifically designed to contain their effects.

A. mandatory access B. fully access control

C. mandatory access control D. None of the above

6. ________ involve buffers located in the program’s global (or static) data area.

A. Heap overflows B. Stack buffer overflows

C. Global Data Area Overflows D. Position overflows

7. In SELinux objects include not only files and directories but also other processes and various system resources in ______________.

A. kernel space only

B. both kernel space and userland

C. remote RAID, USB flash memory and network storage.

D. None of the above

8. __________ will integrate with the operating system of a host computer and monitor program behavior in real time for malicious actions.

A. Fingerprint-based scanners B. Action-blocking scanners

C. Generic decryption technology D. Heuristic scanners

E. None of the above

9. A ___________ is a root-owned program with its setuid bit set; that is, a program that runs as root no matter who executes it.

A. setgid root program B. setsid root program

C. setuid root program D. None of the above

10. A __________ attack is a bot attack on a computer system or network that causes a loss of service to users.

A. spam B. phishing

C. DDoS D. sniff

E. None of the above

11. Due to a history of abuse against setuid root programs, major Linux distributions no longer ship with unnecessary setuid-root programs. But ______________ for them.

A. system attackers still could not scan B. system attackers still scan

C. system attackers still embed D. None of the above

12. SELinux implements different types of MAC: ________________________.

A. Style Enforcement, and Role Based Access Controls,

B. Multi Level Security, Role Based Access Controls and Type Enforcement,

C. Multi Task Level Security

D. None of the above

13. __________ is malware that encrypts the user’s data and demands payment in order to access the key needed to recover the information.

A. Trojan horse B. Ransomware

C. Crimeware D. Polymorphic

E. None of the above

14. The most common variant of injecting malicious script content into pages returned to users by the targeted sites is the _________ vulnerability.

A. PHP file inclusion B. chroot jail

C. atomic bomb D. XSS reflection

E. None of the above

15. Versions of Windows based on the Windows 95 code base, including Windows 98, Windows 98 SE, and Windows Me, had ____________, in contrast to the Windows NT code base, on which all current versions of Windows are based.

A. security model B. token model

C. two security models D. None of the above

16. In Linux system, a vulnerability is a specific weakness or security-related bug in an application or operating system. A threat is the combination of a vulnerability, an attacker, and _________________.

A. None of the above B. a weakness vector

C. an attack and vulnerability vector D. an attack vector

17. A runtime technique that can be used is to place ________ between critical regions of memory in a processes address space.

A. guard pages B. library functions

C. shellcodes D. MMUs

E. None of the above

18. _______ defenses involve changes to the memory management of the virtual address space of processes that act to either alter the properties of regions of memory or to make predicting the location of target buffers sufficiently difficult to thwart many types of attacks.

A. Run-time B. Position independent

C. Buffer D. Compile-time

E. None of the above

19. Windows Vista and later changes the default; all user accounts are users and not administrators. This is referred to as ______________

1. User Control Account (UCA.)

2. Tolerance User Account Control (TUAC.)

3. Preventive User Account Control (PUAC.)

D. None of the above

20. ______ are resources that should be used as part of the system security planning process.

A. Texts

B. Online resources

C. Specific system hardening guides

D. All of the above

E. None of the above

Answer 1

Please note: I have answered the First four Questions according to the Chegg Answering Guidelines. Please Re-post for the rest of the Questions.

1. There is a problem anticipating and testing for all potential types of non-standard inputs that might be exploited by an attacker to subvert a program. – This is True

2. Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values. - True

3. The biggest change of the nature in Windows XP SP2 was to change all anonymous remote procedure call (RPC) access to require authentication. - True

4. The Zotob worm, which took advantage of a vulnerability in Microsoft Plug and Play (PnP) and which was accessible through RPC, did not affect Windows XP SP2, even the coding bug was there. – True, this is because the attacker should be authenticated first