UPDATED 2024/2025 CSCE 3550 MIDTERM REVISION QUESTIONS WITH VERIFIED ANSWERS

UPDATED 2024/2025 CSCE 3550 MIDTERM REVISION QUESTIONS WITH VERIFIED ANSWERS A __________ is a set of instructions designed to bypass the normal authentication mechanism and allow access to the system to anyone who knows the vulnerability exists - ANSWER-Back door A ___________ is a type of malicious code that performs some system-damaging action when a specific condition occurs. - ANSWER-logic bomb A common approach for creating polymorphic viruses uses encryption technology. - ANSWER-True A logic bomb is malware that is set to go off when a particular system event occurs, such as a particular date and time. - ANSWER-True A loss of ________ is the unauthorized disclosure of information. - ANSWER-Confidentiality A program with both an expected and unexpected effect is a __________. - ANSWER-Trojan horse A sender not being able to deny sending a message that he/she, in fact, did send, is known as message ___________. - ANSWER-Non-repudiation A threat can be defined as a ____________. - ANSWER-set of circumstances that could cause harm or loss Address Space Layout Randomization (ASLR) is a protection mechanism implemented to prevent buffer overflows at what level of computer systems? - ANSWER-the Operating System Amy changing the amount on Bill's check from $100 to $1,000 is a violation of which computer security property? - ANSWER-Integrity Amy secretly copying Bill's homework is a violation of which computer security property? - ANSWER-Confidentiality An access control system that grants users only those rights necessary for them to perform their work is operating on which security principle? - ANSWER-Least privilege An advantage of behavior-base protection over signature-based protection is that they are likely to have a lower false positive rate. - ANSWER-True An advantage of behavior-base protection over signature-based protection is the ability to potentially detect novel attacks. - ANSWER-True An exploited utilizing a buffer overflow in Microsoft's IIS web server (for which a patch had been available for a month) that infected 250,000 systems in nine hours. - ANSWER-The Code Red Worm An object (usually a 1x1 pixel transparent image) embedded in a web page, which is fetched from a different server from the one that served the web page itself allowing a third party to gather information about you without your knowledge or consent. - ANSWER-Web Bug Bill using a denial of service attack (DoS) to crash Amy's operating system is a violation of which computer security property? - ANSWER-Availability Client-side mediation is an effective way for web sites to validate user input and maintain the client-side state. - ANSWER-False Computer viruses, worms, and Trojan horses are classified as __________, which are programs that act without a user's knowledge and deliberately alter the computer's operations. - ANSWER-malware CryptoLocker is considered what type of malware? - ANSWER-Ransomware Detecting unauthorized or unintentional changes to data - ANSWER-Integrity Given the following listing from a Linux operating system, what access rights does the user jane have to thefile? -r---w---x 1 jane staff thefile - ANSWER-Read only How a virus spreads can be completely independent of the payload it executes on each system it infects. - ANSWER-True In Linux operating systems, what does setuid do and why is it considered dangerous? - ANSWER-It changes the permissions of a process to be the permissions of the owner of the program rather than those of the user. This is dangerous because if the process can be hijacked, then the user has all of the owner's permissions. Insuring that information is accessible within a reasonable expectation of time - ANSWER-Availability Malware focused on Middle Eastern countries' energy sectors using cyber espionage to collect sensitive information such as taking screenshots, sniffing network passwords, and recording Skype conversations. - ANSWER-Flame Malware targeting Siemens SCADA systems installed on Windows affecting functions such as the application of the operation of centrifuges allegedly created by the US and Israeli intelligence agencies targeting the Iranian uranium enrichment program. - ANSWER-Stuxnet Malware that requires user actions to spread is more likely to be a virus than a worm. - ANSWER-True One way to implement the ________ design principle for security is to "always validate inputs". - ANSWER-Complete mediation Preventing the unauthorized access of information - ANSWER-Confidentiality The first Internet worm, launched by a graduate student at Cornell in 1988 - ANSWER-The Morris Worm The following are typical characteristics of a computer virus except ______. - ANSWER-Self-propagating The purpose for putting a "canary" value in the stack is to detect _________. - ANSWER-a stack smashing attack Viruses can spread to systems even if they have no Internet connectivity. - ANSWER-True Which of the following best describes the term "asset" in the context of computer security? - ANSWER-Anything that has value to the organization Which of the following terms best describes the assurance that data has not been changed unintentionally due to an accident or malice? - ANSWER-Integrity Which of the following terms best describes the weakness in a system that may possibly be exploited? - ANSWER-Vulnerability