Information Assurance and Security 1

UGRD-IT6205A Information Assurance and Security 1
(MidQ-1, 2 Midterm)

These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Select one:

a.

Installation

b.

Command and Control

c.

Action on objective

d.

Exploitation

Question text

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;

Select one:

a.

C2

b.

Recon

c.

Delivery

d.

Install

Question text

Is it true or false. An additional risk occurs when personal information is stored in client accounts on commercial websites, which may become the target of cyber-attacks anytime, so stored data becomes vulnerable is some basic steps in storing personal data.

Select one:

True

False

Question text

Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

Select one:

a.

Program Code

b.

Command and Control

c.

Command

d.

System Code

Question text

Is a collection of all the trust  mechanisms of a computer system which collectively enforce the  policy.

Select one:

a.

Trust

b.

Assurance

c.

TCB

d.

Lifecycle

Question text

Is it true or false. Storage the minimum required data online and maximum discretion in providing them to a third party (users, companies) is some basic steps in storing personal data.

Select one:

True

False

Question text

Not performing an activity that would incur risk.

Select one:

a.

Risk Acceptance

b.

Risk transfer

c.

Risk mitigation

d.

Risk Avoidance

Question text

Infecting a victim system with a computer trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment;

Answer: 

Question text

Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories: access security level and service security level.

Select one:

a.

System

b.

Prevent Cyber-Attacks

c.

Recon

d.

Install

Question text

Is it true or false. Using encrypted versions of protocols when sensitive information is exchanged so as to ensure data confidentiality and prevent identity theft is some basic steps in storing personal data.

Select one:

True

False

Question text

Shift the risk to someone else.

Select one:

a.

Risk Transfer

b.

Risk avoidance

c.

Risk mitigation

d.

Risk Acceptance

Question text

Taking actions to reduce the losses due to a risk;  many technical countermeasures fall into this  category.

Select one:

a.

Risk Acceptance

b.

Risk transfer

c.

Risk mitigation

d.

Risk Avoidance

Question text

Seven Stages of lifecycle model

Select one:

a.

Requirements, Trust, Coding, Testing, Deployment, Production and Decommission

b.

Requirements, Design, Coding, Testing, Deployment, Production and Decommission

c.

Requirements, Design, Trust Mechanism, Testing, Deployment, Production and Decommission

d.

Risk Transfer, Design, Coding, Testing, Deployment, Production and Decommission

Question text

Acceptance, avoidance, mitigation,  transfer—are with respect to a specific risk for a specific pary.

Select one:

a.

Risk transfer

b.

Trust

c.

Trust mechanism

d.

The risk treatment

Question text

Risk Management Procedure consists of six steps.

Select one:

a.

System, Assess threats, Assess vulnerabilities, Assess risks, Prioritize countermeasure options and Make risk management decisions

b.

Assess assets, Assess threats, Assess vulnerabilities, Assess risks, Prioritize countermeasure options and Make risk management decisions

c.

Assess assets, Assess threats, Assess vulnerabilities, Assess risks, Prioritize countermeasure options and System Unit

d.

Assess assets, Assess vulnerabilities, Assess risks, Prioritize countermeasure options and Make risk management decisions

Question text

After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Select one:

a.

Action on Objective

b.

System

c.

Trusted

d.

Program

Question text

Is a generic term that implies a mechanism in place to  provide a basis for confidence in the reliability/security of the  system.

Select one:

a.

The risk treatment

b.

Trust

c.

Risk transfer

d.

Trust mechanism

Question text

What are the steps in intrusion model?

Select one:

a.

Recon, Weaponise, Deliver, System, Install, C2 and Action

b.

Recon, Weaponise, Deliver, Exploit, Install, C2 and Action

c.

System, Weaponise, Deliver, Exploit, Install, C2 and Action

d.

Recon, Weaponise, Deliver, Exploit, Install, System and Action

Question text

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access control.

Select one:

a.

Prevent Cyber-Attacks

b.

Recon

c.

Install

d.

System

Question text

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

Select one:

a.

Exploitation

b.

Reconnaissance

c.

Delivery

d.

Weaponization

Question text

Failure of the mechanism may destroy the basis for trust.

Select one:

a.

Assurance

b.

TCB

c.

Trust

d.

System

Question text

Making a malware application (for example, a computer trojan) that, combined with an exploitable security breach, allows remote access. Moreover, PDF (Portable Document Format) files or Microsoft Office suite-specific files can be regarded as weapons available to the attacker;

Select one:

a.

Delivery

b.

Exploitation

c.

Reconnaissance

d.

Weaponization

Question text

Is the process by which an asset is managed from its  arrival or creation to its termination or destruction.

Select one:

a.

TCB

b.

System

c.

Assurance

d.

Lifecycle

Question text

Transmitting the weapon to the target environment. 

Select one:

a.

Weaponization

b.

Delivery

c.

Exploitation

d.

Reconnaissance

Question text

Acronym for TCB?

Select one:

a.

Trusting Computing Based

b.

Trusting Computer Based

c.

Trusted Computing Base

d.

Trusted Computer Based

Question text

Is it true or false. Encrypting all personal information when saved on different storage media is some basic steps in storing personal data.

Select one:

True

False

Question text

Is a measure of confidence that the security features,  practices, procedures, and architecture of a system accurately  mediates and enforces the security policy.

Select one:

a.

System

b.

TCB

c.

Assurance

d.

Lifecyle

Question text

Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

Answer: 

Question text

Are the security features of a system that  provide enforcement of a security policy.

Select one:

a.

Design

b.

Trust

c.

Coding

d.

Trust mechanism

Question text

The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

Select one:

a.

Exploitation

b.

Reconnaissance

c.

Weaponization

d.

Installation

Question text

Is it true or false. The use of complex, unique, hard to guess or break passwords, consisting of numbers, upper/lower case letters and special characters is some basic steps in storing personal data.

Select one:

True

False

Question text

Research, target identification and selection: it may be looking for e-mail addresses, social relationships, or data about a particular technology, information displayed on various websites;

Select one:

a.

Weaponization

b.

Reconnaissance

c.

Delivery

d.

Exploitation

Question text

Risks not avoided or transferred are retained by  the organization.

Select one:

a.

Risk Acceptance

b.

Risk Transfer

c.

Risk Avoidance

d.

Risk mitigation

Question text

Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

Answer: 

Question text

Transmitting the weapon to the target environment. 

Select one:

a.

Reconnaissance

b.

Weaponization

c.

Exploitation

d.

Delivery

Question text

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;

Select one:

a.

Install

b.

C2

c.

Recon

d.

Delivery

Question text

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

Select one:

a.

Delivery

b.

Exploitation

c.

Weaponization

d.

Reconnaissance

Question text

Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories: access security level and service security level.

Select one:

a.

Prevent Cyber-Attacks

b.

System

c.

Recon

d.

Install

Question text

What are the steps in intrusion model?

Select one:

a.

Recon, Weaponise, Deliver, System, Install, C2 and Action

b.

Recon, Weaponise, Deliver, Exploit, Install, System and Action

c.

System, Weaponise, Deliver, Exploit, Install, C2 and Action

d.

Recon, Weaponise, Deliver, Exploit, Install, C2 and Action

Question text

After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Answer: 

Question text

Making a malware application (for example, a computer trojan) that, combined with an exploitable security breach, allows remote access. Moreover, PDF (Portable Document Format) files or Microsoft Office suite-specific files can be regarded as weapons available to the attacker;

Select one:

a.

Reconnaissance

b.

Weaponization

c.

Delivery

d.

Exploitation

Question text

The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

Select one:

a.

Exploitation

b.

Reconnaissance

c.

Weaponization

d.

Installation

Question text

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access control.

Select one:

a.

Recon

b.

System

c.

Install

d.

Prevent Cyber-Attacks

Question text

Research, target identification and selection: it may be looking for e-mail addresses, social relationships, or data about a particular technology, information displayed on various websites;

Select one:

a.

Exploitation

b.

Delivery

c.

Weaponization

d.

Reconnaissance

Question text

Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

Answer: 

Question text

Infecting a victim system with a computer trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment;

Answer: 

Question text

These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Select one:

a.

Exploitation

b.

Action on objective

c.

Installation

d.

Command and Control

Question text

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

Select one:

a.

Reconnaissance

b.

Weaponization

c.

Exploitation

d.

Delivery

Question text

Infecting a victim system with a computer trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment;

Answer: 

Question text

Research, target identification and selection: it may be looking for e-mail addresses, social relationships, or data about a particular technology, information displayed on various websites;

Select one:

a.

Exploitation

b.

Reconnaissance

c.

Delivery

d.

Weaponization

Question text

These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Select one:

a.

Installation

b.

Action on objective

c.

Exploitation

d.

Command and Control

Question text

Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories: access security level and service security level.

Select one:

a.

Prevent Cyber-Attacks

b.

Recon

c.

System

d.

Install

Question text

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access control.

Select one:

a.

Install

b.

Recon

c.

System

d.

Prevent Cyber-Attacks

Question text

After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Answer: 

Question text

Making a malware application (for example, a computer trojan) that, combined with an exploitable security breach, allows remote access. Moreover, PDF (Portable Document Format) files or Microsoft Office suite-specific files can be regarded as weapons available to the attacker;

Select one:

a.

Reconnaissance

b.

Weaponization

c.

Exploitation

d.

Delivery

Question text

Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

Answer: 

Question text

Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

Answer: 

Question text

Transmitting the weapon to the target environment. 

Select one:

a.

Reconnaissance

b.

Weaponization

c.

Exploitation

d.

Delivery

Question text

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;

Select one:

a.

C2

b.

Recon

c.

Install

d.

Delivery

Question text

The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

Select one:

a.

Installation

b.

Weaponization

c.

Exploitation

d.

Reconnaissance

Question text

What are the steps in intrusion model?

Select one:

a.

System, Weaponise, Deliver, Exploit, Install, C2 and Action

b.

Recon, Weaponise, Deliver, Exploit, Install, C2 and Action

c.

Recon, Weaponise, Deliver, Exploit, Install, System and Action

d.

Recon, Weaponise, Deliver, System, Install, C2 and Action

Question text

Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

Answer: 

Question text

Transmitting the weapon to the target environment. 

Select one:

a.

Reconnaissance

b.

Weaponization

c.

Exploitation

d.

Delivery

Question text

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;

Select one:

a.

Install

b.

C2

c.

Recon

d.

Delivery

Question text

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

Select one:

a.

Delivery

b.

Exploitation

c.

Weaponization

d.

Reconnaissance

Question text

Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories: access security level and service security level.

Select one:

a.

Prevent Cyber-Attacks

b.

System

c.

Recon

d.

Install

Question text

What are the steps in intrusion model?

Select one:

a.

Recon, Weaponise, Deliver, System, Install, C2 and Action

b.

Recon, Weaponise, Deliver, Exploit, Install, System and Action

c.

System, Weaponise, Deliver, Exploit, Install, C2 and Action

d.

Recon, Weaponise, Deliver, Exploit, Install, C2 and Action

Question text

After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Answer: 

Question text

Making a malware application (for example, a computer trojan) that, combined with an exploitable security breach, allows remote access. Moreover, PDF (Portable Document Format) files or Microsoft Office suite-specific files can be regarded as weapons available to the attacker;

Select one:

a.

Reconnaissance

b.

Weaponization

c.

Delivery

d.

Exploitation

Question text

The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

Select one:

a.

Exploitation

b.

Reconnaissance

c.

Weaponization

d.

Installation

Question text

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access control.

Select one:

a.

Recon

b.

System

c.

Install

d.

Prevent Cyber-Attacks

Question text

Research, target identification and selection: it may be looking for e-mail addresses, social relationships, or data about a particular technology, information displayed on various websites;

Select one:

a.

Exploitation

b.

Delivery

c.

Weaponization

d.

Reconnaissance

Question text

Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

Answer: 

Question text

Infecting a victim system with a computer trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment;

Answer: 

Question text

These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Select one:

a.

Exploitation

b.

Action on objective

c.

Installation

d.

Command and Control

Question text

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

Select one:

a.

Reconnaissance

b.

Weaponization

c.

Exploitation

d.

Delivery

Question text

Infecting a victim system with a computer trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment;

Answer: 

Question text

Research, target identification and selection: it may be looking for e-mail addresses, social relationships, or data about a particular technology, information displayed on various websites;

Select one:

a.

Exploitation

b.

Reconnaissance

c.

Delivery

d.

Weaponization

Question text

These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Select one:

a.

Installation

b.

Action on objective

c.

Exploitation

d.

Command and Control

Question text

Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories: access security level and service security level.

Select one:

a.

Prevent Cyber-Attacks

b.

Recon

c.

System

d.

Install

Question text

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access control.

Select one:

a.

Install

b.

Recon

c.

System

d.

Prevent Cyber-Attacks

Question text

After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Answer: 

Question text

Making a malware application (for example, a computer trojan) that, combined with an exploitable security breach, allows remote access. Moreover, PDF (Portable Document Format) files or Microsoft Office suite-specific files can be regarded as weapons available to the attacker;

Select one:

a.

Reconnaissance

b.

Weaponization

c.

Exploitation

d.

Delivery

Question text

Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

Answer: 

Question text

Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

Answer: 

Question text

Transmitting the weapon to the target environment. 

Select one:

a.

Reconnaissance

b.

Weaponization

c.

Exploitation

d.

Delivery

Question text

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;

Select one:

a.

C2

b.

Recon

c.

Install

d.

Delivery

Question text

The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

Select one:

a.

Installation

b.

Weaponization

c.

Exploitation

d.

Reconnaissance

Question text

What are the steps in intrusion model?

Select one:

a.

System, Weaponise, Deliver, Exploit, Install, C2 and Action

b.

Recon, Weaponise, Deliver, Exploit, Install, C2 and Action

c.

Recon, Weaponise, Deliver, Exploit, Install, System and Action

d.

Recon, Weaponise, Deliver, System, Install, C2 and Action

Question text

Shift the risk to someone else.

Select one:

a.

Risk avoidance

b.

Risk Acceptance

c.

Risk mitigation

d.

Risk Transfer

Feedback

Question text

Is a generic term that implies a mechanism in place to  provide a basis for confidence in the reliability/security of the  system.

Select one:

a.

The risk treatment

b.

Trust mechanism

c.

Risk transfer

d.

Trust

Feedback

Question text

Risk Management Procedure consists of six steps.

Select one or more:

a.

Assess vulnerabilities

b.

Assess profitable

c.

Prioritize countermeasure options

d.

Give feedback to production

e.

Assess productivity

f.

Assess threats

g.

Assess assets

h.

Make risk management decisions

i.

Assess risks

Feedback

Question text

Acceptance, avoidance, mitigation,  transfer—are with respect to a specific risk for a specific pary.

Select one:

a.

Trust

b.

Trust mechanism

c.

Risk transfer

d.

The risk treatment

Feedback

Question text

Are the security features of a system that  provide enforcement of a security policy.

Select one:

a.

Design

b.

Trust mechanism

c.

Trust

d.

Coding

Feedback

Question text

Not performing an activity that would incur risk.

Select one:

a.

Risk transfer

b.

Risk Acceptance

c.

Risk Avoidance

d.

Risk mitigation

Feedback

Question text

Taking actions to reduce the losses due to a risk;  many technical countermeasures fall into this  category.

Select one:

a.

Risk transfer

b.

Risk Acceptance

c.

Risk mitigation

d.

Risk Avoidance

Feedback

Question text

Risks not avoided or transferred are retained by  the organization.

Select one:

a.

Risk Avoidance

b.

Risk Acceptance

c.

Risk Transfer

d.

Risk mitigation

Feedback

Question text

Seven Stages of lifecycle model

Select one:

a.

Requirements, Design, Coding, Testing, Deployment, Production and Decommission

b.

Risk Transfer, Design, Coding, Testing, Deployment, Production and Decommission

c.

Requirements, Trust, Coding, Testing, Deployment, Production and Decommission

d.

Requirements, Design, Trust Mechanism, Testing, Deployment, Production and Decommission

Feedback