I’m trying to study for my Computer Science course and I need some help to understand this question.
- The idea that all information should be free
- is a principle guaranteed by the Constitution.
- is a belief shared by many in the hacking community.
- is as good for business as it is for sound government.
- is, ironically, foundational to the creation of a sound security program.
- If proprietary information is discovered by hackers it will be
- will be sold on the virtual black market to a cast of villains set on world domination.
- quietly tucked away and only revealed after indentifying information has been scrubbed.
- used to blackmail employees responsible for security.
- widely exposed.
- Which of the following is NOT a true statement about a trusted computing base (TCB).
- A TCB is the totality of hardware, software, processes, and individuals who are considered essential to overall security
- A TCB had better include both essential and a careful selection of non-essential processes.
- A TCB is more easily protected when it is small and not overly complex.
- None of the above
- Security through obscurity can be effective as
- a long-term security solution for flawed protection system.
- a short-term method for hiding vulnerabilities.
- a way to hide sloppy design work.
- all of the above
- Sensitive information can be disclosed in different ways, EXCEPT
- bringing a laptop home to get some work done at night.
- stray comments in a coffee shop.
- documents inadvertently left on the subway.
- deliberate leaks.
- Governments often call on industry to share information, reasons for this would include
- the government needs information to provide assistance to industry.
- the government needs information to maintain adequate situational awareness.
- politicians often call on industry to provide information to be used for political ends.
- All of the above
- The stages of adversarial reconnaissance and planning are
- physical scouting of target, identifying access points, and then direct access to the target.
- directly accessing a target, comparing data with other hackers, and then accessing the target again.
- wide-reaching collection, targeted collection, and then direct access to the target.
- background checks on a target’s personnel, developing profiles to identify potential weak links, and then using this information to obtain direct access to the target.
- Which of the following should always be obscured?
- specific attributes of seemingly non-security related features (software, networking, etc.)
- any information about the security protection of a national asset
- any information about the vulnerabilities of national infrastructure
- all of the above.
- Policies that could be put in place to strengthen obscurity measures would include
- a rule that no one with infrastructure responsibility should make public statements without explicit PR planning and preparation.
- a rule that individuals with responsibility for infrastructure deceive their loved ones about the job they have.
- a rule that prohibits employees from meeting socially outside of work anywhere “shop talk” may be overheard by others.
- None of the above
- Government clearance levels and information classification are techniques
- that have little to offer the cyber security community.
- were created during WWII by the historic need of the Army to keep certain information from the Marines.
- that would be beneficial to private enterprise.
- That are not very effective, as the spate of documents released by Wikileaks proves.