Save
Upgrade to remove ads
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CSI 325 Exam 3

QuestionAnswer
What is the easiest control against malicious code? Hygiene — avoiding behavior that allows malicious code contamination.
What are the two components of computer hygiene? (1) Avoid points of contamination and (2) Block avenues of vulnerability.
Give examples of good computer hygiene practices. Use commercial software from reliable vendors, test new software on isolated systems, scan with up-to-date antivirus, and make multiple write-protected backups.
What is a system image, and why is it important? A recoverable copy of system files that can be restored after infection; it allows a secure reboot and recovery.
How can you block vulnerabilities? By patching as soon as possible once updates are released.
What is a zero-day attack? An exploit of a previously unknown vulnerability before a patch exists.
What is a virus detector? A tool that searches for signs (signatures) of malicious code infection.
What are the two main limitations of virus detectors? 1) They only find known infections. 2) Their detection patterns are static.
Why must virus detectors be constantly updated? Because attackers create new code that avoids known signatures.
What is the “herd immunity” concept in malware detection? The more systems are protected and updated, the less chance malware has to spread effectively.
Why is antivirus still useful even if it detects only 45% of malware? It provides an essential first layer of defense, catching many common infections early.
What is a virus signature? A unique pattern of instructions or data that identifies a specific virus.
Define modularity in software design. Dividing a task into independent subtasks or components that each perform a single function.
What are the four main characteristics of modular components? Single purpose, small size, simplicity, and independence.
What are the benefits of modularity? Easier maintenance, reuse, testing, and improved correctness.
What do cohesion and coupling mean? Cohesion = how closely related elements of a module are; Coupling = how dependent modules are on each other. High cohesion + low coupling = better design.
What is encapsulation? Hiding a component’s internal details while exposing only necessary functionality.
Name three types of software testing. Unit testing, integration testing, and regression testing.
What are James Whittaker’s seven key ingredients for testing? Product expertise, coverage, risk analysis, domain expertise, common vocabulary, variation, and boundaries.
What percentage of faults are typically found during integration testing? About 29.4%.
What are two main limitations of testing? (1) It can only show the presence of defects, not their absence. (2) Testing the full input space is impossible.
Why can testing itself be risky? Testing the internal structure might require modifying code, which can introduce new vulnerabilities.
What is the goal of secure design principles? To reduce vulnerabilities and improve system integrity through correct coding and architecture.
List six key design principles for security. Least privilege, economy of mechanism, open design, complete mediation, separation of privilege, and least common mechanism.
What is the principle of least privilege? Give users and programs only the minimum access necessary to perform their tasks.
What is complete mediation? Every access to every object must be checked for authorization.
What are CERT’s Top 10 Secure Coding Practices (name at least four)? Validate input, heed compiler warnings, keep it simple, default to deny, practice defense in depth, and adopt a secure coding standard.
What is penetration testing? Authorized ethical hacking to find and report vulnerabilities using attacker-like methods.
What are limitations of penetration testing? It’s time-consuming, may not find all flaws, and can give a false sense of complete safety.
Why are formal proofs of correctness rarely used? They are extremely complex, often infeasible (NP-complete), and hard to scale.
Why is “penetrate and patch” ineffective? It’s reactive—fixing only after attacks occur and often introducing new bugs.
Why does “security by obscurity” fail? Hidden mechanisms will eventually be discovered; true security relies on robust design, not secrecy.
What is a shared secret? A secret known only to two entities used to verify identity.
What is a one-time password (OTP)? A unique password valid for one session or transaction only.
What is out-of-band communication? Using separate channels for parts of authentication, like sending a PIN via mail separate from a card.
What is continuous authentication? Ongoing identity verification throughout a session, often through encryption or biometrics.
What is false or misleading content? Digital information that’s been altered or forged to deceive users.
What is Cross-Site Scripting (XSS)? An attack where malicious scripts are injected into trusted web content.
What is a persistent XSS attack? When malicious scripts are stored on the target server and executed for every user who accesses it.
How do you prevent XSS? Sanitize user input, encode output, and enforce content security policies.
What is SQL injection? Inserting malicious SQL into a query to manipulate a database.
What does “OR ‘1’=‘1’” do in a SQL injection? It returns all records because the condition always evaluates to true.
What is a dot-dot-slash (../) attack? A directory traversal that accesses files outside the intended directory.
Name five OS functions related to security. Enforced sharing, interprocess communication, protection of OS data, user authentication, and memory protection.
What is fair service in an OS? Ensuring all users receive CPU time and resources without starvation.
What is memory protection? Preventing one process from accessing another’s memory space.
What is the kernel in an OS? The core component that performs low-level functions supporting all higher-level processes.
What is a honeypot? A fake system or environment designed to attract attackers and study their behavior safely.
Why are honeypots often run in virtual machines? To isolate attacker activity and prevent risk to real systems.
What are the four types of separation in OS security? Physical, temporal, logical, and cryptographic.
What is temporal separation? Running processes with different security levels at different times.
What is logical separation? Making processes believe they’re the only ones running (isolated virtual environment).
What are four sharing policies an OS can use? Do not protect, isolate, share all/share nothing, and share but limit access.
What is packet sniffing? Capturing network packets traveling over a LAN to view data.
How can attackers wiretap without touching a cable? Through inductive radiation interception.
Why is optical fiber harder to tap? Requires optical tuning; light doesn’t emit electromagnetic radiation like copper cables.
What is microwave communication’s main vulnerability? Easy interception along its wide line-of-sight path.
What is a replay attack? Reusing intercepted legitimate data, like resubmitting a valid transaction.
How can replay attacks be prevented? Use nonces or timestamps to ensure message uniqueness.
What is the main function of a firewall? To filter traffic between trusted and untrusted networks according to a security policy.
What are the two main firewall policies? Default permit and default deny.
What qualities make a firewall a reference monitor? Always invoked, tamperproof, small, and simple enough for analysis.
What are types of firewalls? Packet-filtering gateway, stateful inspection, proxy, circuit-level gateway, and guard.
What does “default deny” mean? Anything not explicitly permitted is blocked.
What is an Intrusion Detection System (IDS)? A system that monitors and analyzes activity to detect malicious behavior.
What are the two main IDS types? Signature-based and heuristic (behavioral).
How does a signature-based IDS work? It compares activity patterns to a database of known attack signatures.
What is a limitation of signature-based IDS? It cannot detect new, unknown attacks.
How does heuristic IDS differ? It looks for deviations from normal behavior rather than matching known patterns.
What is AI/ML-based intrusion detection? Systems using artificial intelligence to learn and detect anomalies with up to 99.9% accuracy.
What are the three categories a heuristic IDS may classify activity into? Benign (good), suspicious, and unknown.
Why is Wi-Fi difficult to secure? Signals are broadcast publicly and management frames often lack encryption.
What protocol suite does Wi-Fi use? IEEE 802.11 operating in the 2.4 GHz range.
What are hidden node and exposed node problems? Overlapping wireless channels causing interference and data loss.
What is a rogue access point? An unauthorized Wi-Fi hotspot impersonating a legitimate one.
Why doesn’t hiding an SSID guarantee security? Clients still broadcast the SSID during reconnection, revealing it to attackers.
What is a denial-of-service (DoS) by addressing failure? When routing tables are misdirected, causing data loss and site unavailability.
What is user vigilance in cybersecurity? user vigilance refers to the awareness and caution users must maintain to recognize and avoid threats such as phishing, malware downloads, or social engineering attacks.
Why is user vigilance important? Even with strong technical defenses, human error remains a major vulnerability; vigilant users can prevent breaches by recognizing suspicious activity or communications.
What are virus detectors? Software tools that identify, isolate, and remove malicious code from systems by scanning files for known signatures or unusual behavior.
What are the two main methods used by virus detectors? 1. Signature-based detection (identifying known virus patterns) 2. Heuristic/behavioral detection (spotting suspicious or abnormal activity).
What is modularity in security design? Modularity means dividing a system into independent components, so if one is compromised, the others remain secure.
How does modularity help in cybersecurity? It minimizes the spread of attacks and makes systems easier to test, update, and isolate when issues occur.
Why is testing critical in cybersecurity systems? Testing ensures that security controls work as intended, identifies vulnerabilities before attackers do, and verifies system resilience under attack scenarios.
What are examples of countermeasures that don’t work? Relying solely on firewalls or antivirus, using “security by obscurity,” or ignoring regular patching and updates — all give a false sense of security.
What is successful identification and authentication? It means confirming a user’s identity (identification) and verifying that they are who they claim (authentication).
What is a shared secret? A password or key known only by the user and the system for verifying identity.
What is a one-time password (OTP)? A password valid for only one login session or transaction, reducing the risk of reuse attacks.
What is out-of-band communication in authentication? Using a separate communication channel (like text message or app notification) to confirm a user’s identity, adding another security layer.
What is continuous authentication? Ongoing verification of a user’s identity based on behavior or biometrics during a session
What is false or misleading content in cybersecurity? Information crafted to deceive users—like phishing emails, fake news, or deepfakes—that can manipulate actions or trust.
What is cross-site scripting (XSS)? A web attack where an attacker injects malicious scripts into a trusted website, often stealing cookies or session data.
How can XSS be prevented? By sanitizing user input, using content security policies (CSP), and encoding output before displaying it on a web page.
What is an SQL injection? An attack that injects malicious SQL commands into input fields to manipulate or access a database.
How do you prevent SQL injection attacks? Use parameterized queries, input validation, and stored procedures.
What are security features of ordinary operating systems? User accounts, permissions, access control lists (ACLs), encryption, and process isolation.
What is a honeypot? A decoy system or server set up to attract attackers, gather information about attack methods, and distract them from real systems.
How does a honeypot help improve security? It allows analysts to monitor attacker behavior and identify vulnerabilities in a controlled environment.
What does separation and sharing refer to in operating systems? The balance between isolating processes for security (separation) and allowing controlled communication between them (sharing).
Why is separation important? It prevents one compromised process from accessing or corrupting another process’s data.
What is transmission media? The physical or wireless channels through which data travels—like copper wires, fiber optics, or radio waves.
Why is transmission media important for cybersecurity? Different media have unique vulnerabilities (e.g., wiretaps on copper lines, signal interception on Wi-Fi).
What is a wiretap? Unauthorized interception of communication across a network, often used for spying or data theft.
What is a replay attack? When an attacker intercepts and reuses legitimate communication (like a login token) to impersonate a user.
How can replay attacks be prevented? By using timestamps, nonces, and encryption in communication protocols.
What is a Denial of Service (DoS) attack? A flood of traffic or requests that overwhelms a system, making it unavailable to legitimate users.
How can systems defend against DoS attacks? Through rate limiting, traffic filtering, and redundant network paths (load balancing).
What is a firewall? A network device or software that filters incoming and outgoing traffic based on predefined security rules.
What types of firewalls exist? Packet-filtering, stateful inspection, proxy, and next-generation firewalls.
What is an Intrusion Detection System (IDS)? Software or hardware that monitors network traffic for suspicious or malicious activity.
Created by: user-1979725
 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards