ITN 262 MIDTERM EXAM REVIEW
QUESTIONS AND ANSWERS
What does AUP stand for? - Answer-Acceptable Use Policy
Cyber vulnerabilities became a public issue in the __________ as new internet users
struggled to understand the technology's risks. - Answer-1990s
True or False? Victims can protect themselves against zero-day attacks. - Answer-False
True or False? A zero-day vulnerability is one that has been reported to the software's
vendor and the general public. - Answer-False
Which of the following describes the effect of the Digital Millennium Copyright Act
(DMCA) on the investigation and publication of security flaws in commercial equipment?
- Answer-It restricts the publication of techniques to reverse-engineer copy protection
schemes.
Which of the following most often forbids people from performing trial-and-error attacks
on computer systems? - Answer-Acceptable use policies
Section 1.6.2 outlines a procedure for disclosing security vulnerabilities in a commercial
device or product. Assume that we have discovered a vulnerability in a commercial
product. The vendor has not acknowledged our initial vulnerability report or
communicated with us in any other way. They have not announced the vulnerability to
the public. We wish to warn the public of the vulnerability as soon as is ethically
defensible. Given the procedure in Section 1.6.2, which of the following is the best
course of action? - Answer-After 30 days, announce that the vulnerability exists, and
describe how to reduce a system's risk of attack through that vulnerability
Given the vulnerability disclosure procedure in Section 1.6.2 and the story of Michael
Lynn's presentation of a Cisco router vulnerability at Black Hat 2005, which of the
following most accurately describes Lynn's action? - Answer-Lynn acted ethically
because the vulnerability had already been reported and patched, and he did not
describe how to exploit the vulnerability
A person skilled in attacking computer systems, who uses those skills as a security
expert to help protect systems, is a: - Answer-white-hat hacker
When disclosing a security vulnerability in a system or software, the manufacturer
should avoid: - Answer-including enough detail to allow an attacker to exploit the
vulnerability
, A risk assessment involves which of the following? - Answer-Identifying risks
Prioritizing risks
True or False? People can be threat agents in some cases, but trustworthy in others. -
Answer-True
The phrases below describe types of attacks on information. Match the type of attack
with its description. - Answer-Physical theft- The computing resource itself is removed
Denial of service (DoS)- The use of computing data or services is lost temporarily or
permanently, without damage to the physical hardware
Subversion- A program is modified to operate on the behalf of a threat agent
Masquerade- A person takes on the identity of another when using a computer
Disclosure- Data that should be kept confidential is disclosed
Forgery- Someone composes a bogus message and sends it to a computer
Chapter 2 questions - Answer-Chapter 2 questions
A security database that contains entries for users and their access rights for a specific
file or folder is a(n): - Answer-access control list (ACL)
Bob and Alice are typical users who share a computer. Which of the following are true
of a file sharing policy? Assume no tailoring takes place. Select all that apply. - Answer-
Bob can read Alice's files
Bob can create, read, and modify his own files
Bob and Alice are typical users who share a computer. The computer has an isolation
policy, but Bob and Alice have implemented a tailored policy for shared reading. Which
of the following are true? Select all that apply. - Answer-Bob can create, read, and
modify his own files
Bob and Alice can read particular files that others can't read
Bob and Alice are typical users who share a computer. Which of the following are true
of a user isolation policy? Assume no tailoring takes place. Select all that apply. -
Answer-Bob can create, read, and modify his own files
Bob and Alice are typical users who share a computer. The computer has a file sharing
policy, but Bob and Alice have implemented a tailored policy for shared updating. Which
of the following are true? - Answer-Bob can read typical files that Alice creates
Bob and Alice can share particular files (read and write) that others can't read
Bob can create, read, and modify his own files
QUESTIONS AND ANSWERS
What does AUP stand for? - Answer-Acceptable Use Policy
Cyber vulnerabilities became a public issue in the __________ as new internet users
struggled to understand the technology's risks. - Answer-1990s
True or False? Victims can protect themselves against zero-day attacks. - Answer-False
True or False? A zero-day vulnerability is one that has been reported to the software's
vendor and the general public. - Answer-False
Which of the following describes the effect of the Digital Millennium Copyright Act
(DMCA) on the investigation and publication of security flaws in commercial equipment?
- Answer-It restricts the publication of techniques to reverse-engineer copy protection
schemes.
Which of the following most often forbids people from performing trial-and-error attacks
on computer systems? - Answer-Acceptable use policies
Section 1.6.2 outlines a procedure for disclosing security vulnerabilities in a commercial
device or product. Assume that we have discovered a vulnerability in a commercial
product. The vendor has not acknowledged our initial vulnerability report or
communicated with us in any other way. They have not announced the vulnerability to
the public. We wish to warn the public of the vulnerability as soon as is ethically
defensible. Given the procedure in Section 1.6.2, which of the following is the best
course of action? - Answer-After 30 days, announce that the vulnerability exists, and
describe how to reduce a system's risk of attack through that vulnerability
Given the vulnerability disclosure procedure in Section 1.6.2 and the story of Michael
Lynn's presentation of a Cisco router vulnerability at Black Hat 2005, which of the
following most accurately describes Lynn's action? - Answer-Lynn acted ethically
because the vulnerability had already been reported and patched, and he did not
describe how to exploit the vulnerability
A person skilled in attacking computer systems, who uses those skills as a security
expert to help protect systems, is a: - Answer-white-hat hacker
When disclosing a security vulnerability in a system or software, the manufacturer
should avoid: - Answer-including enough detail to allow an attacker to exploit the
vulnerability
, A risk assessment involves which of the following? - Answer-Identifying risks
Prioritizing risks
True or False? People can be threat agents in some cases, but trustworthy in others. -
Answer-True
The phrases below describe types of attacks on information. Match the type of attack
with its description. - Answer-Physical theft- The computing resource itself is removed
Denial of service (DoS)- The use of computing data or services is lost temporarily or
permanently, without damage to the physical hardware
Subversion- A program is modified to operate on the behalf of a threat agent
Masquerade- A person takes on the identity of another when using a computer
Disclosure- Data that should be kept confidential is disclosed
Forgery- Someone composes a bogus message and sends it to a computer
Chapter 2 questions - Answer-Chapter 2 questions
A security database that contains entries for users and their access rights for a specific
file or folder is a(n): - Answer-access control list (ACL)
Bob and Alice are typical users who share a computer. Which of the following are true
of a file sharing policy? Assume no tailoring takes place. Select all that apply. - Answer-
Bob can read Alice's files
Bob can create, read, and modify his own files
Bob and Alice are typical users who share a computer. The computer has an isolation
policy, but Bob and Alice have implemented a tailored policy for shared reading. Which
of the following are true? Select all that apply. - Answer-Bob can create, read, and
modify his own files
Bob and Alice can read particular files that others can't read
Bob and Alice are typical users who share a computer. Which of the following are true
of a user isolation policy? Assume no tailoring takes place. Select all that apply. -
Answer-Bob can create, read, and modify his own files
Bob and Alice are typical users who share a computer. The computer has a file sharing
policy, but Bob and Alice have implemented a tailored policy for shared updating. Which
of the following are true? - Answer-Bob can read typical files that Alice creates
Bob and Alice can share particular files (read and write) that others can't read
Bob can create, read, and modify his own files
