Computer Security
Exam Solutions
Course Introduction
Computer Security is a comprehensive course that explores the principles, practices, and technologies used to safeguard computer systems and networks from cyber threats. The course covers foundational concepts such as cryptography, access control, authentication, and security policies, alongside practical aspects including malware analysis, intrusion detection, software vulnerabilities, and system hardening. Students will learn to identify potential security risks, implement protective measures, and develop strategies for responding to breaches. Through hands-on labs and case studies, participants gain practical experience in securing information assets and understanding the evolving landscape of cybersecurity challenges.
Recommended Textbook
Computer Security Principles and Practice 3rd Edition by William Stallings
Available Study Resources on Quizplus
24 Chapters
1076 Verified Questions
1076 Flashcards
Source URL: https://quizplus.com/study-set/3981
Page 2
Chapter 1: Computer Systems Overview
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79973
Sample Questions
Q1) The _________ prevents or inhibits the normal use or management of communications facilities.
A)passive attack
B)denial of service
C)traffic encryption
D)masquerade
Answer: B
Q2) An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n)__________.
A)risk
B)attack
C)asset
D)vulnerability
Answer: B
Q3) The first step in devising security services and mechanisms is to develop a security policy.
A)True
B)False
Answer: True
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Cryptographic Tools
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79962
Sample Questions
Q1) A _________ is a hardware device that sits between servers and storage systems and encrypts all data going from the server to the storage system and decrypts data going in the opposite direction.
Answer: back-end appliance
Q2) The original message or data that is fed into the algorithm is __________.
A)encryption algorithm
B)secret key
C)decryption algorithm
D)plaintext
Answer: D
Q3) The simplest approach to multiple block encryption is known as __________ mode,in which plaintext is handled b bits at a time and each block of plaintext is encrypted using the same key.
Answer: electronic codebook (ECB)
Q4) Some form of protocol is needed for public-key distribution.
A)True
B)False
Answer: True
Q5) Public-key encryption was first publicly proposed by __________ in 1976.
Answer: Diffie and Hellman
4
To view all questions and flashcards with answers, click on the resource link above.
Chapter 3: User Authentication
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79956
Sample Questions
Q1) The most common means of human-to-human identification are __________.
A)facial characteristics
B)retinal patterns
C)signatures
D)fingerprints
Answer: A
Q2) An individual's signature is not unique enough to use in biometric applications.
A)True
B)False Answer: False
Q3) User authentication is the fundamental building block and the primary line of defense.
A)True
B)False
Answer: True
Q4) A __________ is an individual to whom a debit card is issued. Answer: cardholder
Q5) The __________ is the pattern formed by veins beneath the retinal surface. Answer: retinal pattern
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Access Control
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79955
Sample Questions
Q1) __________ access control controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles.
Q2) A __________ access control scheme is one in which an entity may be granted access rights that permit the entity,by its own volition,to enable another entity to access some resource.
Q3) __________ is based on the roles the users assume in a system rather than the user's identity.
A)DAC
B)RBAC
C)MAC
D)URAC
Q4) A user program executes in a kernel mode in which certain areas of memory are protected from the user's use and certain instructions may not be executed.
A)True
B)False
Q5) The __________ user ID is exempt from the usual file access control constraints and has system wide access.
Q6) X.800 defines __________ as the prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner.
Page 6
To view all questions and flashcards with answers, click on the resource link above.
Chapter 5: Database and Cloud Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79954
Sample Questions
Q1) __________ includes people,processes,and systems that are used to manage access to enterprise resources by assuring that the identity of an entity is verified,and then granting the correct level of access based on this assured identity.
A)CSP
B)DLP
C)IAM
D)IPS
Q2) The __________ cloud infrastructure is operated solely for an organization.
Q3) In a relational database columns are referred to as _________.
Q4) The _________ model provides a predefined environment for the cloud subscriber that is shared with other tenants,typically through tagging data with a subscriber identifier.
Q5) A single countermeasure is sufficient for SQLi attacks.
A)True
B)False
Q6) An IDS is a set of automated tools designed to detect unauthorized access to a host system.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Malicious Software
Available Study Resources on Quizplus for this Chatper
44 Verified Questions
44 Flashcards
Source URL: https://quizplus.com/quiz/79953
Sample Questions
Q1) A __________ uses macro or scripting code,typically embedded in a document and triggered when the document is viewed or edited,to run and replicate itself into other such documents.
A)boot sector infector
B)file infector
C)macro virus
D)multipartite virus
Q2) E-mail is a common method for spreading macro viruses.
A)True
B)False
Q3) A __________ is a collection of bots capable of acting in a coordinated manner.
Q4) A Trojan horse is an apparently useful program containing hidden code that, when invoked,performs some harmful function.
A)True
B)False
Q5) The __________ is when the virus function is performed.
A)dormant phase
B)propagation phase
C)triggering phase
D)execution phase
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Denial-Of-Service Attacks
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79952
Sample Questions
Q1) Modifying the system's TCP/IP network code to selectively drop an entry for an incomplete connection from the TCP connections table when it overflows,allowing a new connection attempt to proceed is _______.
A)poison packet
B)slashdot
C)backscatter traffic
D)random drop
Q2) Requests and _______ are the two different types of SIP messages.
Q3) The best defense against broadcast amplification attacks is to block the use of _______ broadcasts.
Q4) ______ attacks are a variant of reflector attacks and also involve sending a packet with a spoofed source address for the target system to intermediaries.
Q5) _______ bandwidth attacks attempt to take advantage of the disproportionally large resource consumption at a server.
A)Application-based
B)System-based
C)Random
D)Amplification
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Intrusion Detection
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79951
Sample Questions
Q1) A ________ IDS monitors traffic at selected points on a network or interconnected set of networks.
Q2) Those who hack into computers do so for the thrill of it or for status.
A)True
B)False
Q3) __________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.
A)Profile based detection
B)Signature detection
C)Threshold detection
D)Anomaly detection
Q4) The _________ (RFC 4766)document defines requirements for the Intrusion Detection Message Exchange Format (IDMEF).
Q5) An IDS comprises three logical components: analyzers,user interface and _____.
Q6) Copying a database containing credit card numbers,viewing sensitive data without authorization,and guessing and cracking passwords are examples of _________ .
Q7) _________ simulate human brain operation with neurons and synapse between them that classify observed data
Page 10
To view all questions and flashcards with answers, click on the resource link above.
Chapter 9: Firewalls and Intrusion Prevention Systems
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79950
Sample Questions
Q1) A _________ consists of a set of computers that interconnect by means of a relatively unsecure network and makes use of encryption and special protocols to provide security.
A)proxy
B)UTM
C)VPN
D)stateful inspection firewall
Q2) Distributed firewalls protect against internal attacks and provide protection tailored to specific machines and applications.
A)True
B)False
Q3) A ________ uses encryption and authentication in the lower protocol layers to provide a secure connection through an otherwise insecure network,typically the Internet.
Q4) _________ control determines the direction in which particular service requests may be initiated and allowed to flow through the firewall.
A)Behavior
B)User
C)Direction
D)Service
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Buffer Overflow
Available Study Resources on Quizplus for this Chatper
44 Verified Questions
44 Flashcards
Source URL: https://quizplus.com/quiz/79972
Sample Questions
Q1) __________ is one of the best known protection mechanisms that is a GCC compiler extension that inserts additional function entry and exit code.
Q2) In 2003 the _________ exploited a buffer overflow in Microsoft SQL Server 2000.
A)Slammer worm
B)Morris Internet Worm
C)Sasser worm
D)Code Red worm
Q3) Gaps,or __________ ,are flagged in the MMU as illegal addresses,and any attempt to access them results in the process being aborted.
Q4) At the basic machine level,all of the data manipulated by machine instructions executed by the computer processor are stored in either the processor's registers or in memory.
A)True
B)False
Q5) _________ is a form of overflow attack.
A)Heap overflows
B)Return to system call
C)Replacement stack frame
D)All of the above
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Software Security
Available Study Resources on Quizplus for this Chatper
43 Verified Questions
43 Flashcards
Source URL: https://quizplus.com/quiz/79971
Sample Questions
Q1) Program _______ refers to any source of data that originates outside the program and whose value is not explicitly known by the programmer when the code was written.
Q2) Two key areas of concern for any input are the _______ of the input and the meaning and interpretation of the input.
Q3) To prevent XSS attacks any user supplied input should be examined and any dangerous code removed or escaped to block its execution.
A)True
B)False
Q4) _________ attacks are most commonly seen in scripted Web applications.
Q5) UNIX related systems provide the chroot system function to limit a program's view of the file system to just one carefully configured section that is known as a ________.
Q6) Injection attacks variants can occur whenever one program invokes the services of another program,service,or function and passes to it externally sourced,potentially untrusted information without sufficient inspection and validation of it.
A)True
B)False
Q7) Program input data may be broadly classified as textual or ______.
Page 13
To view all questions and flashcards with answers, click on the resource link above.
Chapter 12: Operating System Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79970
Sample Questions
Q1) __________ applications is a control that limits the programs that can execute on the system to just those in an explicit list.
A)Virtualizing
B)White listing
C)Logging
D)Patching
Q2) ______ are resources that should be used as part of the system security planning process.
A)Texts
B)Online resources
C)Specific system hardening guides
D)All of the above
Q3) Configuration information in Windows systems is centralized in the _______,which forms a database of keys and values.
Q4) ______ is a reactive control that can only inform you about bad things that have already happened.
Q5) ______ is the process of retaining copies of data over extended periods of time,being months or years,in order to meet legal and operational requirements to access past data.
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Trusted Computing and Multilevel Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79969
Sample Questions
Q1) Security classes are referred to as __________.
A)security clearances
B)security classifications
C)security levels
D)security properties
Q2) A subject can exercise only accesses for which it has the necessary authorization and which satisfy the MAC rules.
A)True
B)False
Q3) Inserting a new row at a lower level without modifying the existing row at the higher level is known as ________ .
A)polyinstantiation
B)ds-property
C)trust
D)MAC
Q4) A _______ is a collection of requirements that share a common focus or intent.
A)trust
B)family
C)class
D)component
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 14: It Security Management and Risk Assessment
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79968
Sample Questions
Q1) Maintaining and improving the information security risk management process in response to incidents is part of the _________ step.
A)act
B)plan
C)check
D)do
Q2) Detecting and reacting to incidents is not a function of IT security management.
A)True
B)False
Q3) Because the responsibility for IT security is shared across the organization,there is a risk of inconsistent implementation of security and a loss of central monitoring and control.
A)True
B)False
Q4) The use of the _________ approach would generally be recommended for small to medium-sized organizations where the IT systems are not necessarily essential to meeting the organization's business objectives and additional expenditure on risk analysis cannot be justified.
To view all questions and flashcards with answers, click on the resource link above. Page 16
Chapter 15: It Security Controls,plans,and Procedures
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79967
Sample Questions
Q1) _______ controls are pervasive,generic,underlying technical IT security capabilities that are interrelated with,and used by,many other controls.
A)Preventative
B)Supportive
C)Operational
D)Detection and recovery
Q2) Operational controls range from simple to complex measures that work together to secure critical and sensitive data,information,and IT systems functions.
A)True
B)False
Q3) _________ is a formal process to ensure that critical assets are sufficiently protected in a cost-effective manner.
A)Configuration management control
B)IT security management
C)Detection and recovery control
D)Security compliance
Q4) When the implementation is successfully completed,_______ needs to authorize the system for operational use.
To view all questions and flashcards with answers, click on the resource link above.
Chapter 16: Physical and Infrastructure Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79966
Sample Questions
Q1) ________ security provides perimeter security,access control,smoke and fire detection,fire suppression,some environmental protection,and usually surveillance systems,alarms,and guards.
A)Premises
B)Infrastructure
C)Logical
D)Physical
Q2) _______ threats encompass threats related to electrical power and electromagnetic emission.
Q3) _______ includes destruction of equipment and data.
A)Misuse
B)Vandalism
C)Theft
D)Unauthorized physical access
Q4) Physical security threats are organized into three categories: environmental threats,human-caused threats,and _________ threats.
Q5) ______ authentication is implemented by using a fingerprint or iris data object sent from the PIV card to the PACS.
Q6) The most essential element of recovery from physical security breaches is ____.
Page 18
To view all questions and flashcards with answers, click on the resource link above.
Chapter 17: Human Resources Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79965
Sample Questions
Q1) ________ is the process of receiving,initial sorting,and prioritizing of information to facilitate its appropriate handling.
A)Incident
B)Triage
C)Constituency
D)Handling
Q2) _______ are ways for an awareness program to promote the security message to employees.
A)Posters
B)Newsletters
C)Workshops and training sessions
D)All of the above
Q3) Security education is most often taught by outside sources.
A)True
B)False
Q4) A(n)_______ is a characteristic of a piece of technology that can be exploited to perpetrate a security incident.
Q5) The principal problems associated with employee behavior are errors and omissions,_______,and actions by disgruntled employees.
To view all questions and flashcards with answers, click on the resource link above. Page 19
Chapter 18: Security Auditing
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79964
Sample Questions
Q1) ______ is UNIX's general-purpose logging mechanism found on all UNIX variants and Linux.
Q2) Messages in the BSD syslog format consist of three parts: PRI,Header,and ___.
Q3) Protection of the audit trail involves both integrity and confidentiality.
A)True
B)False
Q4) Means are needed to generate and record a security audit trail and to review and analyze the audit trail to discover and investigate attacks and security compromises.
A)True
B)False
Q5) Severe messages,such as immediate system shutdown,is a(n)_____ severity.
A)alert
B)emerg
C)crit
D)warning
Q6) RFC 2196 (Site Security Handbook)lists three alternatives for storing audit records: read/write file on a host,write-once/read-many device,and ______.
Q7) The audit _______ are a permanent store of security-related events on a system.
Page 20
To view all questions and flashcards with answers, click on the resource link above.
Chapter 19: Legal and Ethical Aspects
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79963
Sample Questions
Q1) Privacy is broken down into four major areas: anonymity,unlinkability,unobservability,and _________.
Q2) Software is an example of real property.
A)True
B)False
Q3) The first comprehensive privacy legislation adopted in the United States was the Privacy Act of 1974.
A)True
B)False
Q4) _____ strengthens the protection of copyrighted materials in digital format.
A)HIPPA
B)DMCA
C)WIPO
D)DRM
Q5) The U.S.legal system distinguishes three primary types of property: real property,personal property,and _________ property.
Q6) ________ rights may be used to prevent others from using a confusingly similar mark,but not to prevent others from making the same goods or from selling the same goods or services under a clearly different mark.
Page 21
To view all questions and flashcards with answers, click on the resource link above.
Chapter 20: Symmetric Encryption and Message
Confidentiality
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79961
Sample Questions
Q1) If the analyst is able to get the source system to insert into the system a message chosen by the analyst,then a ________ attack is possible.
A)known-plaintext
B)chosen-plaintext
C)chosen ciphertext
D)chosen text
Q2) The most widely used encryption scheme is based on the _________ adopted in 1977 by the National Bureau of Standards.
A)AES
B)3DES
C)CES
D)DES
Q3) A brute-force approach involves trying every possible key until an intelligible translation of the ciphertext into plaintext is obtained.
A)True
B)False
Q4) For symmetric encryption to work the two parties to an exchange must share the same _____,which must be protected from access by others.
Q5) The three most important symmetric block ciphers are: 3DES,AES,and _____.
To view all questions and flashcards with answers, click on the resource link above. Page 22
Chapter 21: Public-Key Cryptography and Message
Authentication
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79960
Sample Questions
Q1) HMAC can be proven secure provided that the embedded hash function has some reasonable cryptographic strengths.
A)True
B)False
Q2) A hash function such as SHA-1 was not designed for use as a MAC and cannot be used directly for that purpose because it does not rely on a secret key.
A)True
B)False
Q3) SHA-2 shares the same structure and mathematical operations as its predecessors and this is a cause for concern.
A)True
B)False
Q4) Perhaps the most widely used public-key algorithms are _________ and Diffie-Hellman.
Q5) The security of any MAC function based on an embedded hash function depends in some way on the _________ strength of the underlying hash function.
Q6) The purpose of the __________ algorithm is to enable two users to exchange a secret key securely that can then be used for subsequent encryption of messages.
To view all questions and flashcards with answers, click on the resource link above. Page 23
Chapter 22: Internet Security Protocols and Standards
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79959
Sample Questions
Q1) SMTP is used between the message user agent and the mail submission agent.
A)True
B)False
Q2) The SSL record protocol provides two services for SSL connection: message integrity and _________.
Q3) At its most fundamental level the Internet mail architecture consists of a user world in the form of _________.
A)MHS
B)MSA
C)MUA
D)MDA
Q4) IP-level security encompasses three functional areas: authentication,confidentiality,and _________.
Q5) The _______ is a directory lookup service that provides a mapping between the name of a host on the Internet and its numerical address.
Q6) A signed data message can only be viewed by a recipient with __________ capability.
Q7) The _________ is used to convey SSL-related alerts to the peer entity.
Page 24
To view all questions and flashcards with answers, click on the resource link above.
Chapter 23: Internet Authentication Applications
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79958
Sample Questions
Q1) Federated identity management makes use of a number of standards that provide the building blocks for secure identity information exchange across different domains or heterogeneous systems.
A)True
B)False
Q2) _______ is an XML-based language for the exchange of security information between online business partners.
Q3) _____ is a markup language that uses sets of embedded tags or labels to characterize text elements within a document so as to indicate their appearance,function,meaning,or context.
A)HML
B)HTTP
C)XML
D)SOAP
Q4) X.509 provides a format for use in revoking a key before it expires.
A)True
B)False
Q5) In a generic identity management architecture a ________ is an identity holder.
To view all questions and flashcards with answers, click on the resource link above. Page 25
Chapter 24: Wireless Network Security
Available Study Resources on Quizplus for this Chatper
45 Verified Questions
45 Flashcards
Source URL: https://quizplus.com/quiz/79957
Sample Questions
Q1) The specification of a protocol,along with the chosen key length,is known as a ___.
A)distribution set
B)open system
C)cipher suite
D)realm
Q2) The association service enables transfer of data between a station on an IEEE 802.11 LAN and a station on an integrated IEEE 802.x LAN.
A)True
B)False
Q3) The purpose of the authentication phase is to maintain backward compatibility with the IEEE 802.11 state machine.
A)True
B)False
Q4) A wireless client can be _______.
A)a cell phone
B)a Wi-Fi enabled laptop
C)a Bluetooth device
D)all of the above
Q5) The lowest layer of the IEEE 802 reference model is the __________ layer.
To view all questions and flashcards with answers, click on the resource link above. Page 26