Question 1
Logging is a proactive mechanism to prevent
attacks.
True
False
Question 2
Address Space Randomization is yet another compile time technique to thwart buffer overflow attacks.
True
False
Question 3
The access control model of Linux is primarily a
Mandatory Access Control model.
True
False
Question 4
In Linux, the purpose of the sticky bit is to allow only owner of a file or owner of the directory in which the file is located and super user from deleting or renaming the file.
True
False
Question 5
The GC C compiler StackGuard and Microsoft Visual C++ compiler switch /GS mechanisms are defense against a buffer overflow attack.
Question 5 options:
True
False
Question 6
An insufficiently validated environment variable is a source for untrusted data to enter a program and can be exploited by an attacker.
Question 6 options:
True
False
Question 7
One reason for increased security risk in hosted virtualization systems is due to an additional layer in hypervisor in these systems.
True
False
Question 8
Windows (since 2000) have earned Common Criteria EAL4.
True
False
Question 9
(Input) Fuzzing is a technique used both by hackers and testers to discover vulnerabilities in a system.
True
False
Question 10
From a security perspective, not installing a
service or application is preferable to installing it and then disabling it.
True
False
Question 11
Routine backup does not thwart an attack but
facilitates recovering from it.
True
False
Question 12
The principle of least privilege is a good
security concept in that it minimizes privilege escalation by attackers.
True
False
Question 13
Rootkit attacks are annoyance and not
particularly dangerous because they are stealthy.
True
False
Question 14
The JAVA programming language is extremely vulnerable to buffer overflows.
True
False
Question 15
Paige Howard's token look like this on her Windows system:
User: SomeCorporationPaigeHoward
Groups: Everyone; Authenticated Users; Developers
That is, she belongs to three groups: Everyone, Authenticated Users and Developers.
Her program attempts to open a file that is not owned by for RWX (Read, Write, Execute) access, and the file has the following ACL:
Administrators: Full Control; Authenticated Users: RW; Developers: RWD
Paige (Paige's program) be allowed to access the file. T F
True
False
Question 16
A __________ is code inserted into malware that lies dormant until a predefined condition, which triggers an unauthorized act, is met.
Logic Bomb
Trojan horse
Worm
Trapdoor
Question 17
A ______ is a structure where data are usually saved on the stack.
guard page
stack frame
heap
NOP sled
Question 18
An essential component of many buffer overflow attacks is the transfer of execution to code, known as _______, supplied by the attacker and often saved in the buffer being overflowed.
Question 18 options:
NOP code
stack code
heap code
shellcode
Question 19
What is the most effective defense against cross-site scripting attack?
Limiting account privileges
Input validation
Encryption
User authentication
Question 20
__________ applications is a control that limits the programs that can execute on the system to just those in an explicit list.
Virtualizing
White listing
Logging
Patching
Question 21
The range of logging data acquired should be determined _______.
during security testing
as a final step
after monitoring average data flow volume
during the system planning stage
Question 22
1. Describe the similarities and differences between a virus, a Trojan horse, and a worm.
2. Explain controls or steps one can take to mitigate their threat.
(Note: This question will be graded by the professor.)