Malicious Systems, Vulnerability analysis-Auditing of Logic based system, Intrusion

Detection-Intrusion Detection - Implementation, Intrusion Detection — Logic Network

Security, Operating System Security-User Security, Program security -Program Security
Implementation, Program Security Application Analysis-Data Privacy, Implementation of
Data Privacy-Digital Forensics, Digital Forensics Implementation-Enterprise Security
Specification, Enterprise Security Specification – Applications
PART A

1. Which of the following is a programs that copy themselves throughout a computer or

network?
A. Worms
B. Trojans
C. Viruses
D. Rootkits

2. Which is true about Worms ?

A. Self-replicating viruses that exploit security vulnerabilities to automatically
spread themselves across computers and networks.
B. Worms on existing programs and can only be activated when a user opens the
program.
C. Worms vary and hide themselves in the operating system.
D. Worms vary on existing programs

3. What are the uses of Malware?

A. Many early infectious programs, including the first Internet Worm, were written as
experiments or pranks
B. Today, malware is used primarily to steal sensitive personal, financial, or business
information for the benefit of others
C. Malware is sometimes used broadly against government or corporate websites to
gather guarded information, or to disrupt their operation in general
D. All of the above
4. ____________ is the cyclic practice for identifying & classifying and then solving the
vulnerabilities in a system.
A. Bug protection
B. Bug bounty
C. Vulnerability measurement
D. Vulnerability management
5. ___________ is a weakness that can be exploited by attackers.
A. System with Virus
B. System without firewall
C. System with vulnerabilities
D. System with a strong password

6. ________ is the sum of all the possible points in software or system where unauthorized
users can enter as well as extract data from the system.
A. Attack vector
B. Attack surface
C. Attack point
D. Attack arena

7. A/An __________ is a piece of software or a segment of command that usually take

advantage of a bug to cause unintended actions and behaviors.
A. malware
B. trojan
C. worms
D. exploit

8. __________ is the timeframe from when the loophole in security was introduced till the
time when the bug was fixed.
A. Time-frame of vulnerability
B. Window of vulnerability
C. Time-lap of vulnerability
D. Entry-door of vulnerability
9. On which is the National Vulnerability Database primarily built upon?
A. Vulnerabilities
B. NVD
C. Patch
D. CVE identifiers

10.Which is a dictionary of common names for publicly known information security

vulnerabilities?
A. Vulnerability
B. Zero day
C. SANS Top 20 controls
D. Common Vulnerabilities and Exposures

11.What is common with most vulnerability assessment tools?

A. Command mode
B. GUI front end
C. ICMP traffic
D. Fragmented packets

12.Control in design of an information system is used to

A. inspect the system and check that it is built as per specifications
B. protect data from accidental or intentional loss
C. ensure that the system processes data as it was designed to and that the
results are reliable
D. ensure privacy of data processed by it

13.In auditing with a computer

A. auditing programs are designed and used to check a system
B. the hardware of the computer is thoroughly checked for malfunctions
C. system software is thoroughly checked to ensure error free operations
D. auditors check system with a computer
14.An audit trail is established in a system to
A. detect errors in a system
 B. enable auditing of a system
C. localize the source of an error in a system
D. trail a program

15.It is advisable for an auditor to require an operational information system to

(i) Keep logs of all system runs and people involved
(ii)Ensure that the programs and system operation are well documented
(iii) Ensure that no changes are allowed
(iv) Ensure that the inputs and batch controls are properly designed
A. i, ii, iii
B. ii, iii, iv
C. i, ii, iv
D. i, ii

16.Some audit and control procedures in a system

(i) Detect and correct errors in programs
(ii) Selectively print records in a system which meets certain criteria
(iii) Examine credit and debit balances in an accounting system and check if they
balance
(iv) Provide a facility to trace a variable value through processing steps and print
intermediate values when required
A. i and ii
B. ii and iii
C. i, ii, iii
D. ii, iii, iv

17.An intrusion detection system (IDS) is primarily designed to perform what function?
A. Detect abnormal activity
B. Detect system failures
C. Rate system performance
D. Test a system for vulnerabilities
18.Which of the following is true for a host-based IDS?
A. It monitors an entire network.
 B. It monitors a single system.
C. It’s invisible to attackers and authorized users.
D. It’s ineffective on switched networks.

19.Which of the following is not a valid measure to take to improve protection against brute
force and dictionary attacks?
A. Enforce strong passwords through a security policy.
B. Maintain strict control over physical access.
C. Require all users to log in remotely.
D. Use two-factor authentication.

20.A method used by IDS that involves checking for a pattern to identify unauthorized
activity
A. Pattern Matching
B. Session Splicing
C. Protocol Decoding
D. State Table

21.A server (or application) that intercepts the requests clients make of another server, fills
the requests that it can, and then forwards the requests it can't handle on to the other
server thus helping to improve performance and security.
A. Honeypot
B. Proxy Server
C. Packet Filter
D. State Table

22.A way to change network address information in IP packet headers with a router by
connecting multiple computers using one IP address connected to the Internet (or IP
network) to convert many private addresses into one public address.
A. Access Control List (ACL)
B. Network Address Translation (NAT)
C. Anomaly Detection
D. Intrusion Detection System (IDS)
23.______ refers to identifying each user of the system and associating the executing
programs with those users.
A. One Time passwords
B. Authentication
C. Program Threats
D. Security
24.Which of the following program threat, "Such program traps user login credentials and
stores them to send to malicious user who can later on login to computer and can access
system resources."
A. Trojan Horse
B. Trap Door
C. Logic bomb
D. Virus
25.______________ is a combined term which encompasses 3 sub-pillars; information
privacy, individual privacy, and communication privacy.
A. Digital Integrity
B. Digital privacy
C. Digital secrecy
D. Digital protection
26.It is necessary to use ________________ for maintaining searched data privacy.
A. Private email services
B. Private search engines
C. Tor Browser
D. Private Browser window
27.What is true about data security?
A. Data security is the protection of programs and data in computers and
communication systems against unauthorized access
B. It refers to the right of individuals or organizations to deny or restrict the
collection and use of information
C. Data security requires system managers to reduce unauthorized access to the
systems by building physical arrangements and software checks.
D. All of the above
28._______ is the process of retaining or keeping of data at a secure place for long-term
storage.
A. Data archiving
B. Archival Storage
C. Disposal of Data
D. Backup
29.What is Digital Forensic?
A. Process of using scientific knowledge in analysis and presentation of evidence in
court
B. The application of computer science and investigative procedures for a legal
purpose involving the analysis of digital evidence after proper search authority,
a chain of custody, validation with mathematics, use of validated tools,
repeatability, reporting, and possible expert presentation
C. A process where we develop and test hypotheses that answer questions about digital
events
D. Use of science or technology in the investigation and establishment of the facts or
evidence in a court of law
30.There are three c's in computer forensics. Which is one of the three?
A. Control
B. Chance
C. Chains
D. Core

31.Which of the following is FALSE

A. The digital forensic investigator must maintain absolute objectivity.
B. It is the investigator’s job to determine someone’s guilt or innocence.
C. It is the investigator’s responsibility to accurately report the relevant facts of a
case.
D. The investigator must maintain strict confidentiality, discussing the results of an
investigation on only a “need to know” .
32.Which of the following is NOT the focus of digital forensic analysis?
A. Authenticity
B. Comparison
 C. Proving
D. Enhancement
33.Analysis of digital evidence includes which of the following activities?
A. Seizure, preservation, and documentation
B. Recovery, harvesting, and reduction
C. Experimentation, fusion, and correlation
D. Arrest, interviewing, and trial
 PART B
1. What is meant by heuristic analysis, automated analysis and dynamic analysis?
2. What is process injection?
3. What is reverse-engineering of malware?
4. What Are The Uses Of Usage Of Malware?
5. How important is it to stay updated with changes in the vulnerability landscape?
6. How do you determine the severity of a discovered vulnerability?
7. How Auditing of Logic based system Takes Places?
8. Define Intruder. Name three different classes of Intruders.
9. Define honey pots?
10. What are the main components involved in the distributed Intrusion Detection
System?
11. What are the issues derived about the design of distributed Intrusion
Detection System?
12. What metrics are useful for profile-based intrusion detection?
13. What is the difference between statically anomaly detection and rule-based
intrusion detection?
14. Differentiate User Security and Program security
15. What are the methods for Implementation of Data Privacy
16. Interpret the tasks of a Computer Forensic Examination protocol.
17. Express the rules for Computer Forensics in investigation.
18. Classify different types of Computer Forensics Technologies.
19. Classify the Compression techniques used in Computer Forensics
20. Define any three standard procedures used in Network Forensics.
21. What is meant by Enterprise Security
22. List Some Enterprise Security Techniques
 PART C
1. Explain in detail about different types of malware
2. Briefly describe about Authentication Methods and Vulnerabilities.
3. Explain the concept of database and operating system Vulnerability?
4. Explain about intrusion detection techniques in detail and List the approaches
5. Discuss the architecture of distributed intrusion detection system with the
necessary diagrams?
6. Explain the types of Host based intrusion detection. List any two IDS software
available.
7. Explain in detail statistical anomaly detection and rule based intrusion detection.
8. Explain in detail about network security and list some methods which are used
for network security
9. How to Implementation Program Security, List Some Methods for implementing it.
10. Discuss in detail about the methods of Implementation of Data Privacy
11. Point out the features of Forensic Duplication and Investigation & also
outline the problems and challenges forensic examiners face when preparing and
processing investigations, including the ideas and questions they must consider.
a. Analyze the concept of data acquisition methods and explain how would
you work in a case of clustering.
b. Analyze the physical requirements for a computer forensics lab
12. Examine the roles of the following terms in computer forensics in detail
a. Forensics Technology
b. Forensics Systems
13. Discuss how will you validate the forensic data using:
a. Validating the hexadecimal Editors
b. Validating with Computer Forensics Programs

14. How to Implementation Data Privacy, List Some Methods for implementing it.

15 . Discuss in Detail about Digital Forensics Implementation

16. How Enterprise Security can be implemented , List itsSpecification