22. Which of the following situations provides no security protection?
a. Controls that are designed and implemented
b. Controls that are developed and implemented
c. Controls that are planned and implemented
d. Controls that are available, but not implemented
22. d. Controls that are available in a computer system, but not implemented, provide no protection.
23. A computer system is clogged in which of the following attacks?
a. Brute force attack
b. Denial-of-service attack
c. IP spoofing attack
d. Web spoofing attack
23. b. The denial-of-service (DoS) type of attack denies services to users by either clogging the system with a series of irrelevant messages or sending disruptive commands to the system. It does not damage the data. A brute force attack is trying every possible decryption key combination to break into a computer system. An Internet Protocol (IP) spoofing attack means intruders creating packets with spoofed source IP addresses. The intruder then takes over an open-terminal and login-connections. In a Web spoofing attack, the intruder sits between the victim user and the Web, thereby making it a man-in-the-middle attack. The user is duped into supplying the intruder with passwords, credit card information, and other sensitive and useful data.
24. Which of the following is not an effective, active, and preventive technique to protect the integrity of audit information and audit tools?
a. Backing up the audit records
b. Using a cryptographic-signed hash
c. Protecting the key used to generate the hash
d. Using the public key to verify the hash
24. a. Backing up the audit records is a passive and detective action, and hence not effective in protecting integrity. In general, backups provide availability of data, not integrity of data, and they are there when needed. The other three choices, which are active and preventive, use cryptographic mechanisms (for example, keys and hashes), and therefore are effective in protecting the integrity of audit-related information.
25. Regarding a patch management program, which of the following should not be done to a compromised system?
a. Reformatting
b. Reinstalling
c. Restoring
d. Remigrating
25. d. In most cases a compromised system should be reformatted and reinstalled or restored from a known safe and trusted backup. Remigrating deals with switching between using automated and manual patching tools and methods should not be performed on a compromised system.
26. Which of the following is the most malicious Internet-based attack?
a. Spoofing attack
b. Denial-of-service attack
c. Spamming attack
d. Locking attack
26. b. Denial-of-service (DoS) attack is the most malicious Internet-based attack because it floods the target computer with hundreds of incomplete Internet connections per second, effectively preventing any other network connections from being made to the victim network server. The result is a denial-of-service to users, consumption of system resources, or a crash in the target computer. Spoofing attacks use various techniques to subvert IP-based access control by masquerading as another system by using its IP address. Spamming attacks post identical messages to multiple unrelated newsgroups. They are often used in cheap advertising to promote pyramid schemes or simply to annoy people. Locking attack prevents users from accessing and running shared programs such as those found in Microsoft Office product.
27. Denial-of-service attacks can be prevented by which of the following?
a. Redundancy
b. Isolation
c. Policies
d. Procedures
27. a. Redundancy in data and/or equipment can be designed so that service cannot be removed or denied. Isolation is just the opposite of redundancy. Policies and procedures are not effective against denial-of-service (DoS) attacks because they are examples of management controls. DoS requires technical controls such as redundancy.
28. Which of the following denial-of-service attacks in networks is least common in occurrence?
a. Service overloading
b. Message flooding
c. Connection clogging
d. Signal grounding
