Answered You can hire a professional tutor to get the answer.

QUESTION

INFA 610 Foundations of Information Security and Assurance Quiz 2 TRUE/FALSE QUESTIONS:

INFA 610

Foundations of Information Security and Assurance

Quiz 2

TRUE/FALSE QUESTIONS:

There is a problem anticipating and testing for all potential types of non-standard inputs that might be exploited by an attacker to subvert a program.

2. Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values.

3. The biggest change of the nature in Windows XP SP2 was to change all anonymous remote procedure call (RPC) access to require authentication.

4. The Zotob worm, which took advantage of a vulnerability in Microsoft Plug and Play (PnP) and which was accessible through RPC, did not affect Windows XP SP2, even the coding bug was there.

5. Key issues from a software security perspective are whether the implemented algorithm correctly solves the specified problem, whether the machine instructions executed correctly represent the high level algorithm specification, and whether the manipulation of data values in variables is valid and meaningful.

6. C's designers placed much more emphasis on space efficiency and performance considerations than on type safety.

7. An effective method for protecting programs against classic stack overflow attacks is to instrument the function entry and exit code to setup and then check its stack frame for any evidence of corruption.

8. From the attacker's perspective, the challenge in cracking a Linux system therefore boils down to gaining root privileges.

9. AppArmor is built on the assumption that the single biggest attack vector on most systems is application vulnerabilities. If the application's behavior is restricted, then the behavior of any attacker who succeeds in exploiting some vulnerability in that application will also be restricted.

10. A very common configuration fault seen with Web and file transfer servers is for all the files supplied by the service to be owned by the same "user" account that the server executes as.

11. Programmers use trapdoors legitimately to debug and test programs.

12. If the compromised machine uses encrypted communication channels, then just sniffing the network packets on the victim's computer is useless because the appropriate key to decrypt the packets is missing.

13. Packet sniffers are seldom used to retrieve sensitive information like usernames and passwords.

14. Buffer overflows can be found in a wide variety of programs.

15. EFS allows files and directories to be encrypted and decrypted transparently for authorized users. All versions of Windows since Windows 2000 support Encryption File System.

16. A bot propagates itself and activates itself, whereas a worm is initially controlled from some central facility.

17. The correct implementation in the case of an atomic operation is to test separately for the presence of the lockfile and to not always attempt to create it.

18. Kernel space is swapped to hard disk in order to obtain quick access.

19. Performing regular backups of data on a system is a critical control that assists with maintaining the integrity of the system and user data.

20. Backup and archive processes are often linked and managed separately.

MULTIPLE CHOICE QUESTIONS:

1. ______ systems should not run automatic updates because they may possibly introduce instability.

A. Change controlled

Show more
LEARN MORE EFFECTIVELY AND GET BETTER GRADES!
Ask a Question