22. Which of the following situations provides no security protection?

a. Controls that are designed and implemented

b. Controls that are developed and implemented

c. Controls that are planned and implemented

d. Controls that are available, but not implemented

22. d. Controls that are available in a computer system, but not implemented, provide no protection.

23. A computer system is clogged in which of the following attacks?

a. Brute force attack

b. Denial-of-service attack

c. IP spoofing attack

d. Web spoofing attack

23. b. The denial-of-service (DoS) type of attack denies services to users by either clogging the system with a series of irrelevant messages or sending disruptive commands to the system. It does not damage the data. A brute force attack is trying every possible decryption key combination to break into a computer system. An Internet Protocol (IP) spoofing attack means intruders creating packets with spoofed source IP addresses. The intruder then takes over an open-terminal and login-connections. In a Web spoofing attack, the intruder sits between the victim user and the Web, thereby making it a man-in-the-middle attack. The user is duped into supplying the intruder with passwords, credit card information, and other sensitive and useful data.

24. Which of the following is not an effective, active, and preventive technique to protect the integrity of audit information and audit tools?

a. Backing up the audit records

b. Using a cryptographic-signed hash

c. Protecting the key used to generate the hash

d. Using the public key to verify the hash

24. a. Backing up the audit records is a passive and detective action, and hence not effective in protecting integrity. In general, backups provide availability of data, not integrity of data, and they are there when needed. The other three choices, which are active and preventive, use cryptographic mechanisms (for example, keys and hashes), and therefore are effective in protecting the integrity of audit-related information.

25. Regarding a patch management program, which of the following should not be done to a compromised system?

a. Reformatting

b. Reinstalling

c. Restoring

d. Remigrating

25. d. In most cases a compromised system should be reformatted and reinstalled or restored from a known safe and trusted backup. Remigrating deals with switching between using automated and manual patching tools and methods should not be performed on a compromised system.

26. Which of the following is the most malicious Internet-based attack?

a. Spoofing attack

b. Denial-of-service attack

c. Spamming attack

d. Locking attack

26. b. Denial-of-service (DoS) attack is the most malicious Internet-based attack because it floods the target computer with hundreds of incomplete Internet connections per second, effectively preventing any other network connections from being made to the victim network server. The result is a denial-of-service to users, consumption of system resources, or a crash in the target computer. Spoofing attacks use various techniques to subvert IP-based access control by masquerading as another system by using its IP address. Spamming attacks post identical messages to multiple unrelated newsgroups. They are often used in cheap advertising to promote pyramid schemes or simply to annoy people. Locking attack prevents users from accessing and running shared programs such as those found in Microsoft Office product.

27. Denial-of-service attacks can be prevented by which of the following?

a. Redundancy

b. Isolation

c. Policies

d. Procedures

27. a. Redundancy in data and/or equipment can be designed so that service cannot be removed or denied. Isolation is just the opposite of redundancy. Policies and procedures are not effective against denial-of-service (DoS) attacks because they are examples of management controls. DoS requires technical controls such as redundancy.

28. Which of the following denial-of-service attacks in networks is least common in occurrence?

a. Service overloading

b. Message flooding

c. Connection clogging

d. Signal grounding

28. d. In denial-of-service (DoS) attacks, some users prevent other legitimate users from using the network. Signal grounding, which is located in wiring closets, can be used to disable a network. This can prevent users from transmitting or receiving messages until the problem is fixed. Signal grounding is the least common in occurrence as compared to other choices because it requires physical access.

Service overloading occurs when floods of network requests are made to a server daemon on a single computer. It cannot process regular tasks in a timely manner.

Message flooding occurs when a user slows down the processing of a system on the network, to prevent the system from processing its normal workload, by “flooding” the machine with network messages addressed to it. The system spends most of its time responding to these messages.

Connection clogging occurs when users make connection requests with forged source addresses that specify nonexistent or unreachable hosts that cannot be contacted. Thus, there is no way to trace the connection back; they remain until they time out or reset. The goal is to use up the limit of partially open connections.

29. Smurf is an example of which of the following?

a. IP address spoofing attack

b. Denial-of-service attack

c. Redirect attack

d. TCP sequence number attack

29. b. Smurf attacks use a network that accepts broadcast ping packets to flood the target computer with ping reply packets. The goal of a smurf attack is to deny service.

Internet Protocol (IP) address spoofing attack and transmission control protocol (TCP) sequence number attack are examples of session hijacking attacks. The IP address spoofing is falsifying the identity of a computer system. In a redirect attack, a hacker redirects the TCP stream through the hacker’s computer. The TCP sequence number attack is a prediction of the sequence number needed to carry out an unauthorized handshake.

30. The demand for reliable computing is increasing. Reliable computing has which of the following desired elements in computer systems?

a. Data integrity and availability

b. Data security and privacy

c. Confidentiality and modularity

d. Portability and feasibility

30. a. Data integrity and availability are two important elements of reliable computing. Data integrity is the concept of ensuring that data can be maintained in an unimpaired condition and is not subject to unauthorized modification, whether intentional or inadvertent. Products such as backup software, antivirus software, and disk repair utility programs help protect data integrity in personal computers (PCs) and workstations. Availability is the property that a given resource will be usable during a given time period. PCs and servers are becoming an integral part of complex networks with thousands of hardware and software components (for example, hubs, routers, bridges, databases, and directory services) and the complex nature of client/server networks drives the demand for availability. System availability is increased when system downtime or outages are decreased and when fault tolerance hardware and software are used.