ITN 262 MIDTERM STUDY
TEST BANK QUESTIONS
AND ANSWERS
Which of the following describes the effect of the Digital Millennium Copyright Act
(DMCA) on the investigation and publication of security flaws in commercial equipment?
- Answer-It restricts the publication of techniques to reverse-engineer copy protection
schemes.
Which of the following most often forbids people from performing trial-and-error attacks
on computer systems? - Answer-Acceptable use policies
Section 1.6.2 outlines a procedure for disclosing security vulnerabilities in a commercial
device or product. Assume that we have discovered a vulnerability in a commercial
product. The vendor has not acknowledged our initial vulnerability report or
communicated with us in any other way. They have not announced the vulnerability to
the public. We wish to warn the public of the vulnerability as soon as is ethically
defensible. Given the procedure in Section 1.6.2, which of the following is the best
course of action? - Answer-After 30 days, announce that the vulnerability exists, and
describe how to reduce a system's risk of attack through that vulnerability.
Given the vulnerability disclosure procedure in Section 1.6.2 and the story of Michael
Lynn's presentation of a Cisco router vulnerability at Black Hat 2005, which of the
following most accurately describes Lynn's action? - Answer-ynn acted ethically
because the vulnerability had already been reported and patched, and he did not
describe how to exploit the vulnerability.
A person skilled in attacking computer systems, who uses those skills as a security
expert to help protect systems, is a: - Answer-white-hat hacker
When disclosing a security vulnerability in a system or software, the manufacturer
should avoid: - Answer-including enough detail to allow an attacker to exploit the
vulnerability.
A risk assessment involves which of the following? - Answer-Prioritizing risks
Identifying risks
, True or False? People can be threat agents in some cases, but trustworthy in others. -
Answer-True
In a hierarchical file system directory, the topmost directory is called the: - Answer-root.
The character that separates directories in a Windows directory path is: - Answer-the
back slash (\)
True or False? Part of the unique identifier for every file on a hard drive, which includes
the list of directories from the root to that file, is called the directory path. - Answer-True
True or False? All modern computer-based file systems use a hierarchical directory to
organize files into groups. - Answer-True
True or False? Many users think of files as living in file folders instead of directories. -
Answer-True
True or False? When we click on a folder icon within a folder on our desktop, we go "up"
a level in the directory hierarchy. - Answer-True
True or False? File access rights may include create, read, update, and delete. -
Answer-True
Two mechanisms to apply initial access rights are: - Answer-default rights and inherit
rights.
True or False? Modern operating systems protect files according to user identity. -
Answer-True
True or False? An operating system provides six access rights for files. - Answer-False
The directory access right that allows a user to search for a name in a file's path, but not
examine the directory as a whole, is called: - Answer-seek.
True or False? Directories (folders) tie together files in different parts of the hard drive. -
Answer-False
True or False? Some systems provide very specific rights for managing directories,
while others provide minimal rights, like read, write, and seek. - Answer-True
Alice is using a system that uses very simple file and directory access rights. The
system doesn't have directory-specific access rights. Instead, it uses simple read and
write permissions to restrict what users can do to a directory. Alice has read-only
access to the "project" directory. Select which of the following operations Alice can
perform on that directory. - Answer-List files in the directory
Seek files in that directory
TEST BANK QUESTIONS
AND ANSWERS
Which of the following describes the effect of the Digital Millennium Copyright Act
(DMCA) on the investigation and publication of security flaws in commercial equipment?
- Answer-It restricts the publication of techniques to reverse-engineer copy protection
schemes.
Which of the following most often forbids people from performing trial-and-error attacks
on computer systems? - Answer-Acceptable use policies
Section 1.6.2 outlines a procedure for disclosing security vulnerabilities in a commercial
device or product. Assume that we have discovered a vulnerability in a commercial
product. The vendor has not acknowledged our initial vulnerability report or
communicated with us in any other way. They have not announced the vulnerability to
the public. We wish to warn the public of the vulnerability as soon as is ethically
defensible. Given the procedure in Section 1.6.2, which of the following is the best
course of action? - Answer-After 30 days, announce that the vulnerability exists, and
describe how to reduce a system's risk of attack through that vulnerability.
Given the vulnerability disclosure procedure in Section 1.6.2 and the story of Michael
Lynn's presentation of a Cisco router vulnerability at Black Hat 2005, which of the
following most accurately describes Lynn's action? - Answer-ynn acted ethically
because the vulnerability had already been reported and patched, and he did not
describe how to exploit the vulnerability.
A person skilled in attacking computer systems, who uses those skills as a security
expert to help protect systems, is a: - Answer-white-hat hacker
When disclosing a security vulnerability in a system or software, the manufacturer
should avoid: - Answer-including enough detail to allow an attacker to exploit the
vulnerability.
A risk assessment involves which of the following? - Answer-Prioritizing risks
Identifying risks
, True or False? People can be threat agents in some cases, but trustworthy in others. -
Answer-True
In a hierarchical file system directory, the topmost directory is called the: - Answer-root.
The character that separates directories in a Windows directory path is: - Answer-the
back slash (\)
True or False? Part of the unique identifier for every file on a hard drive, which includes
the list of directories from the root to that file, is called the directory path. - Answer-True
True or False? All modern computer-based file systems use a hierarchical directory to
organize files into groups. - Answer-True
True or False? Many users think of files as living in file folders instead of directories. -
Answer-True
True or False? When we click on a folder icon within a folder on our desktop, we go "up"
a level in the directory hierarchy. - Answer-True
True or False? File access rights may include create, read, update, and delete. -
Answer-True
Two mechanisms to apply initial access rights are: - Answer-default rights and inherit
rights.
True or False? Modern operating systems protect files according to user identity. -
Answer-True
True or False? An operating system provides six access rights for files. - Answer-False
The directory access right that allows a user to search for a name in a file's path, but not
examine the directory as a whole, is called: - Answer-seek.
True or False? Directories (folders) tie together files in different parts of the hard drive. -
Answer-False
True or False? Some systems provide very specific rights for managing directories,
while others provide minimal rights, like read, write, and seek. - Answer-True
Alice is using a system that uses very simple file and directory access rights. The
system doesn't have directory-specific access rights. Instead, it uses simple read and
write permissions to restrict what users can do to a directory. Alice has read-only
access to the "project" directory. Select which of the following operations Alice can
perform on that directory. - Answer-List files in the directory
Seek files in that directory
