1. Tamper-evident system components
2. Parity checks
3. Cyclical redundancy checks
4. Cryptographic hashes
a. 2 only
b. 2 and 3
c. 3 and 4
d. 1, 2, 3, and 4
2. d. Organizations employ integrity verification mechanisms to look for evidence of tampering, errors, and omissions. Software engineering techniques such as parity checks, cyclical redundancy checks, and cryptographic hashes are applied to the information system. In addition, tamper-evident system components are required to ship from software vendors to operational sites, and during their operation.
3. Effective configuration change controls for hardware, software, and firmware include:
1. Auditing the enforcement actions
2. Preventing the installation of software without a signed certificate
3. Enforcing the two-person rule for changes to systems
4. Limiting the system developer/integrator privileges
a. 1 only
b. 3 only
c. 2 and 4
d. 1, 2, 3, and 4
3. d. All four items are effective in managing configuration changes to hardware, software, and firmware components of a system.
4. An information system can be protected against denial-of-service (DoS) attacks through:
1. Network perimeter devices
2. Increased capacity
3. Increased bandwidth
4. Service redundancy
a. 2 only
b. 3 only
c. 4 only
d. 1, 2, 3, and 4
4. d. Network perimeter devices can filter certain types of packets to protect devices on an organization’s internal network from being directly affected by denial-of-service (DoS) attacks. Employing increased capacity and increased bandwidth combined with service redundancy may reduce the susceptibility to some type of DoS attacks. A side-benefit of this is enabling availability of data, which is a good thing.
5. What is the major purpose of conducting a post-incident analysis for a computer security incident?
a. To determine how security threats and vulnerabilities were addressed
b. To learn how the attack was done
c. To re-create the original attack
d. To execute the response to an attack
5. a. The major reason for conducting a post-incident analysis is to determine whether security weaknesses were properly and effectively addressed. Security holes must be plugged to prevent recurrence. The other three choices are minor reasons.
6. Which of the following is an example of a reactive approach to software security?
a. Patch-and-patch
b. Penetrate-and-patch
c. Patch-and-penetrate
d. Penetrate-and-penetrate
6. b. Crackers and hackers attempt to break into computer systems by finding flaws in software, and then system administrators apply patches sent by vendors to fix the flaws. In this scenario of penetrate-and-patch, patches are applied after penetration has occurred, which is an example of a reactive approach. The scenario of patch-and patch is good because one is always patching, which is a proactive approach. The scenario of patch-and-penetrate is a proactive approach in which organizations apply vendor patches in a timely manner. There is not much damage done when crackers and hackers penetrate (break) into the computer system because all known flaws are fixed. In this scenario, patches are applied before penetration occurs. The scenario of penetrate-and-penetrate is bad because patches are not applied at all or are not effective.
7. Regarding a patch management program, which of the following is an example of vulnerability?
a. Misconfigurations
b. Rootkits
c. Trojan horses
d. Exploits
7. a. Misconfiguration vulnerabilities cause a weakness in the security of a system. Vulnerabilities can be exploited by a malicious entity to violate policies such as gaining greater access or permission than is authorized on a computer. Threats are capabilities or methods of attack developed by malicious entities to exploit vulnerabilities and potentially cause harm to a computer system or network. Threats usually take the form of exploit scripts, worms, viruses, rootkits, Trojan horses, and other exploits.
8. An information system initiates session auditing work at system:
a. Restart
b. Shutdown
c. Startup
d. Abort
8. c. Information system transitional states include startup, restart, shutdown, and abort. It is critical to initiate session audit work at system startup time so that the system captures and logs all the content related to a user system. These audit logs can be locally or remotely reviewed for later evidence.
9. The major reason for retaining older versions of baseline configuration is to support:
a. Roll forward
b. Rollback
c. Restart
d. Restore
9. b. A rollback is restoring a database from one point in time to an earlier point. A roll forward is restoring the database from a point in time when it is known to be correct to a later time. A restart is the resumption of the execution of a computer system using the data recorded at a checkpoint. A restore is the process of retrieving a dataset migrated to offline storage and restoring it to online storage.
10. Which of the following updates the applications software and the systems software with patches and new versions?
a. Preventive maintenance
b. Component maintenance
c. Hardware maintenance
d. Periodic maintenance
10. a. The scope of preventive maintenance includes updating applications software and systems software with patches and new versions, replacing failed hardware components, and more.
The other three choices are incorrect because they can be a part of corrective maintenance (fixing errors) or remedial maintenance (fixing faults).
11. Regarding incident handling, dynamic reconfiguration does not include changes to which of the following?
a. Router rules
b. Access control lists
c. Filter rules
d. Software libraries
11. d. Software libraries are part of access restrictions for change so changes are controlled. Dynamic reconfiguration (i.e., changes on-the-fly) can include changes to router rules, access control lists, intrusion detection and prevention systems (IDPS) parameters, and filter rules for firewalls and gateways.
12. Prior to initiating maintenance work by maintenance vendor personnel who do not have the needed security clearances and access authorization to classified information, adequate controls include: