Introduction and Security Trends

Multiple-Choice Quiz
1. Each of the following is a reason why it is difficult to defend against todays attackers
except
.
A. Simplicity of attack tools
B. Increased speed of attacks
C. greater sophistication of attacks
D. Regular patching and update of software products
2. In a general sense security is
.
A. protection from only direct actions
B. the steps to protect a person or property from harm
C. an action to inflict damage or suffering
D. to guard digital information
3.
A.
B.
C.
D.

ensures that only authorized parties can alter the information.

Confidentiality
Availability
Integrity
Authorization

A.
B.
C.
D.

ensures that the individual is who they claim to be and not an imposter.
Authentication
Authorization
Identification
Accounting

4.

5. By definition a(n)
.
A. vulnerability
B. exploit
C. threat
D. asset

is a weakness that allows a threat agent to bypass security

6. Each of the following is a goal of information security except

A. Foil cyberterrorism
B. Prevent data and identity theft
C. Avoid legal consequences
D. Decrease user productivity
7.
A.
B.
C.
D.

are individuals who want to break into computers but have limited skills.
Script kiddies
Hackers
Cybercriminals
Spies
Page 1

8. Before an attacker penetrates any defence, the initial step is to

A. paralyze networks and devices
B. circulate to other systems
C. probe a network for information
D. modify security settings
9. An example of
A. obscurity
B. limiting
C. diversity
D. layering

is allowing only those who must use the data to have access to it.

10. The act of deliberately accessing computer systems and networks without authorization is
generally known as:
A. Computer intrusions
B. Hacking
C. Cracking
D. Probing
Essay Questions
1.
Answer:
A ping sweep sends a ping (an ICMP echo request) to the target machine. If the
machine responds, it is reachable.
Port scans actually look at a machine that is alive and scan for an open port. Once the
open port is found, it scans the port to find the service it is running.
These activities can easily be done by script kiddies and so may not result in an actual
attack. However, they may be pre-cursors to an impending attack.
2.
Answer:
Insiders are more dangerous because:
They have the access and knowledge necessary to cause significant damage to an
organization.
As most security setups are designed to protect against outsiders. With their knowledge,
they are better able to avoid detection.

3.
Answer:

Security through limiting uses the approach of limiting what a person needs to know. ie, only
those who must use data should have access to it
i.
Separate the duties between two or more individuals.
ii. Each user should be given only the minimal amount of privileges necessary
to perform his or her job function
Security through diversity uses the approach of having different variety of layers where
breaching one security layer does not compromise the whole system.
i.
Use a variety of physical protection such as fencing, RFID, mantrap, etc
ii.
Implement a variety of network equipment made by different vendors.
iii.
Install different operating systems for different servers.
Security through obscurity uses the approach of protecting something by hiding it.
i.
Hiding a house key under a doormat or in a planter, or pushing your favorite ice cream
to the back of the freezer so that everyone else thinks it is gone.
ii.
hiding money in a coffee can and burying it,
iii.
administrator moves a service from its default port to a more obscure port,
4.
Answer:
i.
Make sure all patches for the operating systems and applications are installed. Many
security problems could have been avoided if patches are installed in a timely manner.
ii.
Limit the services that are running on the systems. This means that we should only
run services that are required and nothing more. Hackers are known to take
advantage of vulnerabilities that exist in unneeded services that are running.
iii.
To prevent social engineering by providing as little information as possible about the
organization and its computing resources.