ITN 262 -END TERM EXAM QUESTIONS
WITH CORRECT ANSWERS.
A security analyst is performing a security assessment. The analyst should not:
take actions to mitigate a serious risk.
Which of the following yields a more specific set of attacks tied to our particular threat
agents?
Attack matrix
Which of the following produces a risk to an asset?
A threat agent and an attack the agent can perform
Which of the following describes the effect of the Digital Millennium Copyright Act
(DMCA) on the investigation and publication of security flaws in commercial equipment?
It restricts the publication of techniques to reverse-engineer copy protection schemes.
Which of the following most often forbids people from performing trial-and-error attacks
on computer systems?
Acceptable use policies
Section 1.6.2 outlines a procedure for disclosing security vulnerabilities in a commercial
device or product. Assume that we have discovered a vulnerability in a commercial
product. The vendor has not acknowledged our initial vulnerability report or
communicated with us in any other way. They have not announced the vulnerability to the
public. We wish to warn the public of the vulnerability as soon as is ethically defensible.
Given the procedure in Section 1.6.2, which of the following is the best course of action?
After 30 days, announce that the vulnerability exists, and describe how to reduce a system's risk
of attack through that vulnerability.
, Given the vulnerability disclosure procedure in Section 1.6.2 and the story of Michael
Lynn's presentation of a Cisco router vulnerability at Black Hat 2005, which of the
following most accurately describes Lynn's action?
Lynn acted ethically because the vulnerability had already been reported and patched, and he did
not describe how to exploit the vulnerability.
When disclosing a security vulnerability in a system or software, the manufacturer should
avoid:
including enough detail to allow an attacker to exploit the vulnerability.
A risk assessment involves which of the following?
Identifying risks, Prioritizing Risks
The character that separates directories in a Windows directory path is:
the back slash (\).
Bob has set up three user IDs on his computer. Match his login with what happens when he
creates a file.
Files belong to "Superbob"
Files belong to "Suitemates"
Files belong to "Bob"
Logged in as "Superbob"
Logged in as "Suitemates"
Logged in as " Bob "
Two mechanisms to apply initial access rights are:
default rights and inherit rights.
WITH CORRECT ANSWERS.
A security analyst is performing a security assessment. The analyst should not:
take actions to mitigate a serious risk.
Which of the following yields a more specific set of attacks tied to our particular threat
agents?
Attack matrix
Which of the following produces a risk to an asset?
A threat agent and an attack the agent can perform
Which of the following describes the effect of the Digital Millennium Copyright Act
(DMCA) on the investigation and publication of security flaws in commercial equipment?
It restricts the publication of techniques to reverse-engineer copy protection schemes.
Which of the following most often forbids people from performing trial-and-error attacks
on computer systems?
Acceptable use policies
Section 1.6.2 outlines a procedure for disclosing security vulnerabilities in a commercial
device or product. Assume that we have discovered a vulnerability in a commercial
product. The vendor has not acknowledged our initial vulnerability report or
communicated with us in any other way. They have not announced the vulnerability to the
public. We wish to warn the public of the vulnerability as soon as is ethically defensible.
Given the procedure in Section 1.6.2, which of the following is the best course of action?
After 30 days, announce that the vulnerability exists, and describe how to reduce a system's risk
of attack through that vulnerability.
, Given the vulnerability disclosure procedure in Section 1.6.2 and the story of Michael
Lynn's presentation of a Cisco router vulnerability at Black Hat 2005, which of the
following most accurately describes Lynn's action?
Lynn acted ethically because the vulnerability had already been reported and patched, and he did
not describe how to exploit the vulnerability.
When disclosing a security vulnerability in a system or software, the manufacturer should
avoid:
including enough detail to allow an attacker to exploit the vulnerability.
A risk assessment involves which of the following?
Identifying risks, Prioritizing Risks
The character that separates directories in a Windows directory path is:
the back slash (\).
Bob has set up three user IDs on his computer. Match his login with what happens when he
creates a file.
Files belong to "Superbob"
Files belong to "Suitemates"
Files belong to "Bob"
Logged in as "Superbob"
Logged in as "Suitemates"
Logged in as " Bob "
Two mechanisms to apply initial access rights are:
default rights and inherit rights.