Information Assurance and Security 1

UGRD-IT6205A Information Assurance and Security 1
(MidQ-1, 2 Midterm)


These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Select one:

Question text

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;

Select one:

Question text

Is it true or false. An additional risk occurs when personal information is stored in client accounts on commercial websites, which may become the target of cyber-attacks anytime, so stored data becomes vulnerable is some basic steps in storing personal data.

Select one:

Question text

Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

Select one:

Question text

Is a collection of all the trust  mechanisms of a computer system which collectively enforce the  policy.


Select one:

Question text

Is it true or false. Storage the minimum required data online and maximum discretion in providing them to a third party (users, companies) is some basic steps in storing personal data.

Select one:

Question text

Not performing an activity that would incur risk.

Select one:

Question text

Infecting a victim system with a computer trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment;


Question text

Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories: access security level and service security level.


Select one:

Question text

Is it true or false. Using encrypted versions of protocols when sensitive information is exchanged so as to ensure data confidentiality and prevent identity theft is some basic steps in storing personal data.

Select one:

Question text

Shift the risk to someone else.

Select one:

Question text

Taking actions to reduce the losses due to a risk;  many technical countermeasures fall into this  category.

Select one:

Question text

Seven Stages of lifecycle model

Select one:

Question text

Acceptance, avoidance, mitigation,  transfer—are with respect to a specific risk for a specific pary.

Select one:

Question text

Risk Management Procedure consists of six steps.

Select one:

Question text

After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Select one:

Question text

Is a generic term that implies a mechanism in place to  provide a basis for confidence in the reliability/security of the  system.

Select one:

Question text

What are the steps in intrusion model?

Select one:

Question text

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access control.


Select one:

Question text

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;


Select one:

Question text

Failure of the mechanism may destroy the basis for trust.


Select one:

Question text

Making a malware application (for example, a computer trojan) that, combined with an exploitable security breach, allows remote access. Moreover, PDF (Portable Document Format) files or Microsoft Office suite-specific files can be regarded as weapons available to the attacker;


Select one:

Question text

Is the process by which an asset is managed from its  arrival or creation to its termination or destruction.


Select one:

Question text

Transmitting the weapon to the target environment. 


Select one:

Question text

Acronym for TCB?

Select one:

Question text

Is it true or false. Encrypting all personal information when saved on different storage media is some basic steps in storing personal data.

Select one:

Question text

Is a measure of confidence that the security features,  practices, procedures, and architecture of a system accurately  mediates and enforces the security policy.


Select one:

Question text

Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;


Question text

Are the security features of a system that  provide enforcement of a security policy.


Select one:

Question text

The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;


Select one:

Question text

Is it true or false. The use of complex, unique, hard to guess or break passwords, consisting of numbers, upper/lower case letters and special characters is some basic steps in storing personal data.

Select one:

Question text

Research, target identification and selection: it may be looking for e-mail addresses, social relationships, or data about a particular technology, information displayed on various websites;


Select one:

Question text

Risks not avoided or transferred are retained by  the organization.

Select one:

Question text

Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;


Question text

Transmitting the weapon to the target environment. 


Select one:

Question text

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;

Select one:

Question text

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;


Select one:

Question text

Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories: access security level and service security level.


Select one:

Question text

What are the steps in intrusion model?

Select one:

Question text

After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Question text

Making a malware application (for example, a computer trojan) that, combined with an exploitable security breach, allows remote access. Moreover, PDF (Portable Document Format) files or Microsoft Office suite-specific files can be regarded as weapons available to the attacker;


Select one:

Question text

The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;


Select one:

Question text

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access control.


Select one:

Question text

Research, target identification and selection: it may be looking for e-mail addresses, social relationships, or data about a particular technology, information displayed on various websites;


Select one:

Question text

Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;


Question text

Infecting a victim system with a computer trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment;


Question text

These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Select one:

Question text

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;


Select one:

Question text

Infecting a victim system with a computer trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment;


Question text

Research, target identification and selection: it may be looking for e-mail addresses, social relationships, or data about a particular technology, information displayed on various websites;


Select one:

Question text

These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Select one:

Question text

Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories: access security level and service security level.


Select one:

Question text

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access control.


Select one:

Question text

After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Question text

Making a malware application (for example, a computer trojan) that, combined with an exploitable security breach, allows remote access. Moreover, PDF (Portable Document Format) files or Microsoft Office suite-specific files can be regarded as weapons available to the attacker;


Select one:

Question text

Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;


Question text

Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;


Question text

Transmitting the weapon to the target environment. 


Select one:

Question text

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;

Select one:

Question text

The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;


Select one:

Question text

What are the steps in intrusion model?

Select one:

Question text

Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;


Question text

Transmitting the weapon to the target environment. 


Select one:

Question text

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;

Select one:

Question text

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;


Select one:

Question text

Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories: access security level and service security level.


Select one:

Question text

What are the steps in intrusion model?

Select one:

Question text

After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Question text

Making a malware application (for example, a computer trojan) that, combined with an exploitable security breach, allows remote access. Moreover, PDF (Portable Document Format) files or Microsoft Office suite-specific files can be regarded as weapons available to the attacker;


Select one:

Question text

The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;


Select one:

Question text

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access control.


Select one:

Question text

Research, target identification and selection: it may be looking for e-mail addresses, social relationships, or data about a particular technology, information displayed on various websites;


Select one:

Question text

Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;


Question text

Infecting a victim system with a computer trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment;


Question text

These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Select one:

Question text

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;


Select one:

Question text

Infecting a victim system with a computer trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment;


Question text

Research, target identification and selection: it may be looking for e-mail addresses, social relationships, or data about a particular technology, information displayed on various websites;


Select one:

Question text

These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Select one:

Question text

Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories: access security level and service security level.


Select one:

Question text

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access control.


Select one:

Question text

After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Question text

Making a malware application (for example, a computer trojan) that, combined with an exploitable security breach, allows remote access. Moreover, PDF (Portable Document Format) files or Microsoft Office suite-specific files can be regarded as weapons available to the attacker;


Select one:

Question text

Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;


Question text

Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;


Question text

Transmitting the weapon to the target environment. 


Select one:

Question text

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;

Select one:

Question text

The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;


Select one:

Question text

What are the steps in intrusion model?

Select one:

Question text

Shift the risk to someone else.

Select one:

Feedback

Question text

Is a generic term that implies a mechanism in place to  provide a basis for confidence in the reliability/security of the  system.

Select one:

Feedback

Question text

Risk Management Procedure consists of six steps.

Select one or more:

Feedback

Question text

Acceptance, avoidance, mitigation,  transfer—are with respect to a specific risk for a specific pary.

Select one:

Feedback

Question text

Are the security features of a system that  provide enforcement of a security policy.


Select one:

Feedback

Question text

Not performing an activity that would incur risk.

Select one:

Feedback

Question text

Taking actions to reduce the losses due to a risk;  many technical countermeasures fall into this  category.

Select one:

Feedback

Question text

Risks not avoided or transferred are retained by  the organization.

Select one:

Feedback

Question text

Seven Stages of lifecycle model

Select one:

Feedback