Chapter 7 part 2, Security Management Concepts and Principles

1- In buffer overflow an attacker can attempt to disrupt the function of a software

application by providing more data to the application than it was designed to
handle.
a- True
b- False

2- A buffer overflow attack occurs when someone attempts to disrupt a program’s

operation in this manner.
a- True
b- False

3- In …….. , the program writes more data to a buffer located on the stack than was
allocated for it
a- Stack buffer overflow
b- NOP sled attack
c- Heap overflow
d- Jump-to-register attack

4- ……… is a specific stack overflow attack where the attacker overflows the stack
with harmless NOP (no-op) instructions
a- Stack buffer overflow
b- NOP sled attack
c- Heap overflow
d- Jump-to-register attack

5- ……. is the dynamically allocated memory space created by a program for

storage of variables
a- Stack buffer overflow
b- NOP sled attack
c- Heap
d- Jump-to-register attack

6- heap overflow attack will result in the corruption of other variables that are
already on the heap.
a- True
b- False
7- In ………………. the return pointer is overwritten with a value that will cause the
program to jump to a known pointer stored in a register that points to the input
buffer.
a- Stack buffer overflow
b- NOP sled attack
c- Heap overflow
d- Jump-to-register attack

8- To reduce buffer overflow attacks you can use

a- Choose a safe language
b- Use of safe libraries.
c- Executable space protection
d- Stack smashing protection
e- All of the above

9- Malicious software, also known as malicious code,

a- True
b- False

10- Propagation means spreading from system to system

a- True
b- False

11- Malware can delete or alter information and that is known as damage and
destruction of information
a- True
b- False

12- Malware can implant the means to record subsequent communications,

keystrocks and mouse click by the usage monitoring
a- True
b- False

13- Denial if services means that malware can consume all available resources on a
target system, rendering it essentially useless for its intended use.
a- True
b- False
14- Malware can implant a bot onto a target system that allows an attacker to control
your system via remote control
a- True
b- False

15- ……….. is a type of malicious software

a- Viruses
b- Worms
c- Trojan horses
d- Rootkits
e- Bots
f- Spam
g- Pharming
h- Spyware and Ad-ware
i- All of the above

16- …………….. are computer code fragments that attach themselves to a legitimate
program file on a computer
a- Viruses
b- Worms
c- Trojan horses
d- Rootkits

17- The virus can only run when the legitimate program is run.
a- True
b- False
18- viruses generally do not require human intervention to propagate
a- true
b- false
19- …….. is a type of virus
a- Master boot record
b- File infector virus
c- Macro virus
d- All of the mentioned
20- Viruses employ several methods to avoid detection by anti-virus programs. The
methods in use include:
a- Multipartite viruses
b- Stealth viruses
c- Polymorphic viruses
d- Encrypted viruses
e- All
21- ……………. Use some means to hide itself.
a- Multipartite viruses
b- Stealth viruses
c- Polymorphic viruses
d- Encrypted viruses
e- All
22- ……………. Can change themselves as they move from system to system in
order to avoid detection.
a- Multipartite viruses
b- Stealth viruses
c- Polymorphic viruses
d- Encrypted viruses
e- All

23- …………. Can encrypt most of their code, using a different key on each system
they infect, which makes most of the body of the virus different on each detected
system
a- Multipartite viruses
b- Stealth viruses
c- Polymorphic viruses
d- Encrypted viruses
e- All

24- Worms are like viruses but they usually require little human intervention to
spread.
a- True
b- False

25- Mass mailing worms propagate via e-mail.

a- True
b- False
26- A port scanning worm is not able to propagate with no human intervention at all
a- True
b- False

27- . If port scanning worms is able to infect a new system, it will install itself and
begin the scanning to look for new victims.
a- True
b- False

28- A ………………. Claims to be one thing but instead is something else-something

with more malicious intent
 a- Viruses
b- Worms
c- Trojan horses
d- Rootkits
29- ……………….. are malware programs that are designed to avoid detection by
being absolutely invisible to the operating system.
a- Viruses
b- Worms
c- Trojan horses
d- Rootkits
30- Rootkits can achieve their goal by deleting the OS itself so that its presence is
nearly impossible to detect.
a- True
b- False
31- Rootkits are used some methods like ……. To avoid detection
a- Process hiding
b- File hiding
c- Registry hiding
d- Running underneath the OS.
e- All

32- With …………….. Rootkits can hide their own process(es) from users by altering
the tools that are used to list processes on a system
a- Process hiding
b- File hiding
c- Registry hiding
d- Running underneath the OS
33- With ………. Rootkits can hide registry entries in an attempt to function without
being detected
a- Process hiding
b- File hiding
c- Registry hiding
d- Running underneath the OS

34- ………… is the owner of the bot and it is used remotely control the infected
computer for a variety of progress.
a- Bot
b- Bot herder
c- Replying spam
d- None
35- ………………… is a technique that spam blockers use to block spam by blocking
all e-mail from specific IP addresses.
 a- Replying spam
b- Hosting phishing sites
c- DOS
d- DDOS
36- Bot herders can launch ……………………. attacks from bot-controlled systems
by instructing those systems to launch thousands of network messages per
second to a target system.
a- Replying spam
b- Hosting phishing sites
c- DOS
d- DDOS
37- A bot herder can launch a ………………….. attack by directing hundreds,
thousands, or tens of thousands of bot-systems to attack the same target
simultaneously.
a- Replying spam
b- Hosting phishing sites
c- DOS
d- DDOS
38- Spam is unwanted e-mail
a- True
b- False
39- In …………. Attack an attacker directs all traffic destined for a particular web site
towards an imposter web site.
a- Phishing
b- Pharming
c- DOS
d- DDOS
40- In pharming, The attack diverts traffic by “poisoning” the organization’s DNS
servers or by changing the hosts file on individual users’ systems.
a- True
b- False
41- Spyware and adware encompass a wide variety of means that have been
developed to track the behavior of users’ Internet usage patterns
a- True
b- False
42- Spyware and adware take on many forms including
a- Tracking cookies
b- Web beacons
c- Browser helper objects
d- Key logger
e- All
43- A tracking cookies actually record a users’ keystrokes
a- True
 b- False
44- web beacons are tiny 20 pixel images that are embedded in web pages as a
means for tracking users’ Internet usage.
a- True
b- False
“11 pixel”
45- Anti-viruses are found in many places in an organization as part of a defense in
depth
a- True
b- False
46- The places where anti-virus software can be found include:
a- End user workstation
b- E-mail servers
c- File servers
d- Web proxy servers
e- Security applicance
f- All
47- Security appliances perform several functions including firewall, web content filter
and anti-virus
a- True
b- False
48- ……………. Used techniques to find hidden processes, hidden registry entries,
unexpected kernel hooks, and hidden files in order to find rootkits that may be
present on a system
a- Anti-virus
b- Anti-rootkit
c- Anti-spyware
d- None
49- ……………… it monitors incoming files and examines them against a collection
of signatures, and blocks those files that match known signatures
a- Anti-virus
b- Anti-rootkit
c- Anti-spyware
d- None
50- ………….. is responsible for blocking the majority of the unwanted e-mail tht
carries malware, phishing scams and porn
a- Anti-virus
b- Anti-rootkit
c- Anti-spyware
d- Anti-spam

51- There are …….. common spam blocking architectures in use

a- 3
 b- 4
c- 5
d- 2
52- In the ……………….. model, incoming e-mail is delivered to an off-site spam
blocking service provider that filters out the spam and delivers only legitimate e-
mail to corporate e-mail servers.
a- Client-based
b- E-mail server-based
c- Appliance-based
d- Spam blocking services.
53- …………….. are the time-tested and still-preferred means for blocking unwanted
network traffic from crossing a network boundary
a- Malwares
b- Firewalls
c- Anti-viruses
d- Anti-spams
54- Firewalls are typically used as perimeter devices, protecting organizations from
unwanted traffic that originates from the Internet.
a- True
b- False

55- When malware successfully breaks into a system and is executed by the user,
the malware usually is executing with a different privilege level as the user.
a- True
b- False
“same instead of different ”

56- A side benefit of reducing user privileges to end user level is an increased
number of tech support calls to repair uh-oh’s, when often-inexperienced end
users muddle up operating system configurations.
a- True
b- False
“decrease number of tech support.”
57- Penetration testing often known as pen tests.
a- True
b- False
58- The object of penetration testing is to discover and fix vulnerabilities before a
hacker is able to discover and exploit them.
a- True
b- False
59- Server operating systems are very simple and often are pre-configured for a wide
variety of tasks.
a- True
b- False
“complex.”
60- ………………. Is designed to exploit weakness in the application by causing
unexpected behavior
a- Input attacks
b- Injection attacks
c- Malformed input attacks
d- All
61- With ……….. the attacker will input specially coded data in an attempt to cause a
malfunction that will result in the attacker having a higher level of access or
privilege in the application.
a- Elevation of privileges
b- Execution of arbitrary code
c- Malfunction
d- Abort
62- With ……………… The attacker may wish to run specific commands on the
target system.
a- Elevation of privileges
b- Execution of arbitrary code
c- Malfunction
d- Abort
63- With ……….. The attacker may wish to cause the application to malfunction and
be in a disabled state for legitimate users
a- Elevation of privileges
b- Execution of arbitrary code
c- Malfunction
d- Abort
64- With …………… The attacker may wish to cause the application to completely
abort and thus be unavailable for any legitimate use
a- Elevation of privileges
b- Execution of arbitrary code
c- Malfunction
d- Abort
65- …………. Is a type of input attacks.
a- Integer overflow
b- SQL injection
c- Script injection
d- Cross-site injection (XSS)
e- Cross-site request forgery (XSRF)
f- All
66- Script injection is similar to SQL injection.
a- True
b- False
67- In SQL injection, the attacker inserts specially coded and delimited SQL
statements into an input field in the hopes that the injected SQL will be executed
on the back end.
a- True
b- False
68- In SQL injection an attacker inserts script language into an input field in the
hopes that the scripting language will be executed.
a- True
b- False
69- cross-site scripting is an attack where an attacker can inject a malicious script
into HTML content in order to steal session cookies and other sensitive
information.
a- True
b- False
70- cross-site request forgery is an attack where malicious HTML is inserted into a
Web page or e-mail that, when clicked, causes an action to occur on an
unrelated site where the user may have an active session.
a- True
b- False
71- Measures that can be used to prevent input attacks include …..
a- Effective input field filtering
b- Application firewall
c- Application vulnerability scanning
d- Developer training
e- All
72- Logic bombs, sometimes known as time bombs
a- True
b- False

73- ………. are instructions deliberately placed in application code that perform some
hostile action when a predetermined condition is met.
a- Logic bombs
b- Input attacks
c- Backdoor
d- None
74- …………. consists of code that performs some damaging action on a date in the
distant future
a- Logic bombs
b- Input attacks
c- Backdoor
d- None
75- Logic bombs and back doors are very similar and both contained unwanted code
in an application.
a- True
b- False
76- The countermeasure for logic bomb
a- code reviews
b- source code control
c- source code scanning
d- third party assessments.
e- All
77- Many system resources are shared in multiprocessing systems that is known as
a- Logic bomb
b- Object reuse
c- Input attacks
d- None
78- Object reuse countermeasure consists of
a- Application isolation
b- Server virtualization
c- Developer trainer
d- All of the above

79- Sometimes it is not feasible to isolate applications to one-per-machine. so,

virtualization technology may make it less cost-effective to isolate applications by
running them on virtual machines.
a- True
b- False
“more cost-effective”

80- mobile code can be downloaded or transferred from one system for execution on
another system.
a- true
b- false
81- example of mobile code include
a- active website content
b- downloaded software
c- both
d- none of them

82- downloaded software maybe a trojan horse problem and worse.

a- True
b- False

83- Mobile code countermeasure includes:

a- Anti-malware
b- Reduce user privileges
c- Mobile code accsess control
” ‫وال ال‬authorized ‫“علشان اشوف اليوزر اصال‬
d- Secure workstation configuration
e- All
84- …………………. Is an attack on the personnel in an organization
a- Social engineering attack
b- Logic bomb
c- Back door
d- None

85- the purpose of a social engineering attack is to gain secrets from individuals that
can later be used to gain unauthorized access to the organization’s systems
a- true
b- false

86- The best countermeasure against social engineering is education

a- True
b- False

87- ……………………. Is a mechanism that is deliberately planted in a system by an

application developer that allows the developer or other person to circumvent
security
a- Social engineering attack
b- Logic bomb
c- Back door
d- None
88- back doors can be activated by entering specific values that will cause the
program to enter an interactive debug mode.
a- True
b- False

89- Back doors can be difficult to find, particularly if they are inserted for disreputable
purposes
a- True
b- False

90- Routine functional testing and QA testing can always reveal back doors,
whatever their purpose
a- True
b- False