TRUE/FALSE QUESTIONS:
1) No cybercriminal databases exist which can point investigators to likely suspects.
2) Complying with regulations and contractual obligations is the benefit of security awareness, training, and education programs.
3) Deleting browsing history and cookies in the computer system can be the way to completely delete recently visited sites.
4) Malicious driver can potentially bypass many security controls to install malware
5) Stack overflow can result in some form of denial-of-service attack on the system
MULTIPLE CHOICES QUESTIONS
6) Broad categories of payloads which malware might carry include which of the following:
A. Corruption of system or data files
B. Theft of service in order to make system zombie agent of attack as part of a botnet
C. Theft of information from system, especially of logins, passwords or other personal details by keylogging or spyware programs;
D. All of the above
7) The _______ category is the transitional stage between awareness and training.
A. roles and responsibilities relative to IT systems
B. education and experience
C. security basics and literacy
D. security awareness
8) What is both benefit and a potentially harmful implication of multilayer protocols?
A. throughput
B. logical addressing
C. hash integrity checking
D. encapsulation
9) The World Wide Web (WWW) can be protected against risk of eavesdropping in the economical and convenient manner through use of which of the following?
A. link and document encryption
B. Secure Socket layer and secure HTTP
C. Link encryption and secure socket layer
D. Document encryption and secure HTTP
10) The effective way to run World Wide Web (WWW) service is not by.
A. Disabling automatic directory listings
B. Placing standard WWW computer outside firewall in the DMZ
C. Implementing encryption
D. Relying on third-party providers
11) Methods to avoid SQL injection include which of the following?
A. Providing functions to escape special characters
B. Techniques for automatic detection of database language in legacy code.
C. Techniques for automatic detection of SQL language in legacy code.
D. All of the above
12) __________ is when data in the SDB can be modified so as to produce statistics which can’t be used to infer values for individual records resource.
A. Data perturbation
B. Database access control
C. Inference channelling
D. Output perturbation
13) With __________ the records in the database are clustered into the number of mutually exclusive groups and the user might only query statistical properties of each group as a whole.
A. compromise
B. inference
C. partitioning
D. query restriction
14) __________ applications is the control which limits the programs which can execute on the system to just those in an explicit list..
A. virtualization
B. white listing
C. logging
D. patching
15) Matthew recently authored the innovative algorithm for solving mathematical problem which he would like to share with the world. Though, previous to publishing the software code in a technical journal, he would like to get some sort of intellectual property protection. Which kind of protection is best suited to his needs?
A. copyright
B. Trademark
C. patent
D. trade secrete
16) Richard received an encrypted message sent to him by Sue. Which key must he use to decrypt the message?
A. Richard’s public key
B. Richard’s private key
C. Sue’s public key
D. Sue’s private key
17) Which of the following malicious code objects may be inserted in an application by a disgruntled software developer with purpose of destroying system data after the developer’s account has been deleted (e.g. following his/her termination)
A. Virus
B. Logic bomb
C. Trojan horse
D. Worm