2. Which of the following detects unauthorized changes to software and information for commercial off-the-shelf integrity mechanisms?
1. Tamper-evident system components
2. Parity checks
3. Cyclical redundancy checks
4. Cryptographic hashes
a. 2 only
b. 2 and 3
c. 3 and 4
d. 1, 2, 3, and 4
2. d. Organizations employ integrity verification mechanisms to look for evidence of tampering, errors, and omissions. Software engineering techniques such as parity checks, cyclical redundancy checks, and cryptographic hashes are applied to the information system. In addition, tamper-evident system components are required to ship from software vendors to operational sites, and during their operation.
3. Effective configuration change controls for hardware, software, and firmware include:
1. Auditing the enforcement actions
2. Preventing the installation of software without a signed certificate
3. Enforcing the two-person rule for changes to systems
4. Limiting the system developer/integrator privileges
a. 1 only
b. 3 only
c. 2 and 4
d. 1, 2, 3, and 4
3. d. All four items are effective in managing configuration changes to hardware, software, and firmware components of a system.
4. An information system can be protected against denial-of-service (DoS) attacks through:
1. Network perimeter devices
2. Increased capacity
3. Increased bandwidth
4. Service redundancy
a. 2 only
b. 3 only
c. 4 only
d. 1, 2, 3, and 4
4. d. Network perimeter devices can filter certain types of packets to protect devices on an organization’s internal network from being directly affected by denial-of-service (DoS) attacks. Employing increased capacity and increased bandwidth combined with service redundancy may reduce the susceptibility to some type of DoS attacks. A side-benefit of this is enabling availability of data, which is a good thing.
5. What is the major purpose of conducting a post-incident analysis for a computer security incident?
a. To determine how security threats and vulnerabilities were addressed
b. To learn how the attack was done
c. To re-create the original attack
d. To execute the response to an attack
5. a. The major reason for conducting a post-incident analysis is to determine whether security weaknesses were properly and effectively addressed. Security holes must be plugged to prevent recurrence. The other three choices are minor reasons.
6. Which of the following is an example of a reactive approach to software security?
a. Patch-and-patch
b. Penetrate-and-patch
c. Patch-and-penetrate
d. Penetrate-and-penetrate
6. b. Crackers and hackers attempt to break into computer systems by finding flaws in software, and then system administrators apply patches sent by vendors to fix the flaws. In this scenario of penetrate-and-patch, patches are applied after penetration has occurred, which is an example of a reactive approach. The scenario of patch-and patch is good because one is always patching, which is a proactive approach. The scenario of patch-and-penetrate is a proactive approach in which organizations apply vendor patches in a timely manner. There is not much damage done when crackers and hackers penetrate (break) into the computer system because all known flaws are fixed. In this scenario, patches are applied before penetration occurs. The scenario of penetrate-and-penetrate is bad because patches are not applied at all or are not effective.
7. Regarding a patch management program, which of the following is an example of vulnerability?
a. Misconfigurations
b. Rootkits
c. Trojan horses
d. Exploits
7. a. Misconfiguration vulnerabilities cause a weakness in the security of a system. Vulnerabilities can be exploited by a malicious entity to violate policies such as gaining greater access or permission than is authorized on a computer. Threats are capabilities or methods of attack developed by malicious entities to exploit vulnerabilities and potentially cause harm to a computer system or network. Threats usually take the form of exploit scripts, worms, viruses, rootkits, Trojan horses, and other exploits.
8. An information system initiates session auditing work at system:
a. Restart
b. Shutdown
c. Startup
d. Abort
