Chapter 9

Review Questions

1. In information security a(n) _____ is the likelihood that a threat agent will exploit a vulnerability.

A. attack

B. threat

C. risk

D. exploitation

2. _____ is a systematic and structured approach to managing the potential for loss that is related to a threat.

A. Asset management

B. Risk assessment (RA)

C. Threat mitigation

D. Risk management

3. Each of the following is a step in risk management except ______.

A. vulnerability appraisal

B. threat identification

C. risk mitigation

D. attack assessment

4. Which of the following is NOT an asset classification?

A. data

B. software

C. physical assets

D. logical assets

5. A threat agent _____.

A. is limited to attacks using viruses and worms

B. does not include natural disasters

C. is something that cannot be determined in advance

D. is any person or thing with the power to carry out a threat against an asset

6. _____ constructs scenarios of the types of threats that assets can face in order to learn who the attackers are, why they attack, and what types of attacks may occur

A. Risk assessment

B. Attack stems

C. Vulnerability prototyping

D. Threat modeling

7. _____ is a current snapshot of the security of an organization.

A. Risk evaluation

B. Threat mitigation

C. Asset liability

D. Vulnerability appraisal

8. The _____ is the proportion of an asset’s value that is likely to be destroyed by a particular risk.

A. Annualized Rate of Occurrence (ARO)

B. Annualized Loss Expectancy (ALE)

C. Single Loss Expectancy (SLE)

D. Exposure Factor (EF)

9. Which of the following is NOT an option for dealing with risk?

A. diminish the risk

B. eliminate the risk

C. transfer the risk

D. accept the risk

10. TCP/IP port numbers ________.

A. are optional

B. can be used in place of IP numbers in some circumstances

C. identify the process that receives the transmission

D. range from 1024 to 65525

11. Each of the following is a state of a port that can be returned by a port scanner except _____.

A. Busy

B. Open

C. Closed

D. Blocked

12. Each of the following is true regarding TCP SYN port scanning except ______.

A. Instead of using the operating system's network functions, the port scanner generates IP packets itself and monitors for responses.

B. The scanner host closes the connection before the handshake is completed.

C. It uses FIN messages that can pass through firewalls and avoid detection.

D. This scan type is also known as "half-open scanning" because it never actually opens a full TCP connection.

13. Network mappers utilize the TCP/IP protocol _____.

A. Data Access Protocol (DAP)

B. Message Response Protocol (MRP)

C. IP Map Protocol (IPMP)

D. Internet Control Message Protocol (ICMP)

14. A protocol analyzer places the computer’s network interface card (NIC) adapter into _____ mode.

A. authenticator

B. promiscuous

C. stealth

D. supplicant

15. Each of the following is a function of a vulnerability scanner except ______.

A. Detect which ports are served and which ports are browsed for each individual system

B. Maintain a log of all interactive network sessions

C. Detect when an application is compromised or subverted

D. Alert users when a new patch cannot be found

16. Which of the following is true of the Open Vulnerability and Assessment Language (OVAL)?

A. It is anticipated to be available by 2012.

B. It contains six components.

C. It is a product of IBM.

D. It attempts to standardize vulnerability assessments.

17. A UNIX and Linux defense that does not store password hashes in a world-readable file is known as a _________.

A. shadow password

B. passwd restriction

C. master file relocation

D. locked psswrd file

18. _____ is a method of evaluating the security of a computer system or network by simulating a malicious attack.

A. Probing

B. Hacker simulation

C. Vulnerability assessment

D. Penetration testing

19. Protocol analyzers can _______.

A. evaluate patches after they have been applied

B. only be used by licensed security personnel

C. view all encrypted transmissions

D. fully decode application-layer network protocols

20. Network mappers _______.

A. perform the same function as protocol analyzers

B. are identical to port mappers

C. are only used by attackers

D. can send a request packet to each system within a range of IP addresses