Which of the following attack best describe "Computer is the target of a crime" and "Computer is the tool of a crime"?
Correct Answer: A
Explanation/Reference: In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. As clarification, DDoS (Distributed Denial of Service) attacks are sent by two or more persons, or bots. (See botnet) DoS (Denial of Service) attacks are sent by one person or system. Keystroke logging, often referred to as key logging or keyboard capturing, is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. It also has very legitimate uses in studies of human- computer interaction. There are numerous key logging methods, ranging from hardware and software- based approaches to acoustic analysis. There are four types of a computer crimes: 1. Computer is the target of a crime - Perpetrator uses another computer to launch an attack. In this attack the target is a specific identified computer. Ex. Denial of Service (DoS), hacking 2. Computer is the Subject of a crime - In this attack perpetrator uses computer to commit crime and the target is another computer. In this attack, target may or may not be defined. Perpetrator launches attack with no specific target in mind. Ex. Distributed DoS, Malware 3. Computer is the tool of a crime - Perpetrator uses computer to commit crime but the target is not a computer. Target is the data or information stored on a computer. Ex. Fraud, unauthorized access, phishing, installing key logger 4. Computer Symbolizes Crime - Perpetrator lures the user of a computer to get confidential information. Target is user of computer. Ex. Social engineering methods like Phishing, Fake website, Scam Mails, etc The following answers are incorrect: Eavesdropping - is the act of secretly listening to the private conversation of others without their consent, as defined by Black's Law Dictionary. This is commonly thought to be unethical and there is an old adage that "eavesdroppers seldom hear anything good of themselves...eavesdroppers always try to listen to matters that concern them." Traffic analysis - is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic. Traffic analysis can be performed in the context of military intelligence, counter-intelligence, or pattern-of-life analysis, and is a concern in computer security. Masquerading - A masquerade attack is an attack that uses a fake identity, such as a network identity, to gain unauthorized access to personal computer information through legitimate access identification. If an authorization process is not fully protected, it can become extremely vulnerable to a masquerade attack. Masquerade attacks can be perpetrated using stolen passwords and logons, by locating gaps in programs, or by finding a way around the authentication process. The attack can be triggered either by someone within the organization or by an outsider if the organization is connected to a public network. The amount of access masquerade attackers get depends on the level of authorization they've managed to attain. As such, masquerade attackers can have a full smorgasbord of cybercrime opportunities if they've gained the highest access authority to a business organization. Personal attacks, although less common, can also be harmful. The following reference(s) were/was used to create this question: CISA review Manual 2014. Page number 321 http://en.wikipedia.org/wiki/Denial-of-service_attack http://en.wikipedia.org/wiki/Eavesdropping http://en.wikipedia.org/wiki/Traffic_analysis http://www.techopedia.com/definition/4020/masquerade-attack
Question 52
Upon receipt of the initial signed digital certificate the user will decrypt the certificate with the public key of the:
Correct Answer: B
Section: Protection of Information Assets Explanation: A certificate authority (CA) is a network authority that issues and manages security credentials and public keys for message encryption. As a part of the public key infrastructure, a CA checks with a registration authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor's information, the CA can issue a certificate. The CA signs the certificate with its private key for distribution to the user. Upon receipt, the user will decrypt the certificate with the CA's public key.
Question 53
Which of the following PBX feature allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available?
Correct Answer: A
Explanation/Reference: Automatic Call distribution allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available For your exam you should know below mentioned PBX features and Risks: System Features Description Risk Automatic Call distribution Allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available Tapping and control of traffic Call forwarding Allow specifying an alternate number to which calls will be forwarded based on certain condition User tracking Account codes Used to: Track calls made by certain people or for certain projects for appropriate billing Dial-In system access (user dials from outside and gain access to normal feature of the PBX) Changing the user class of service so a user can access a different set of features (i.e. the override feature) Fraud, user tracking, non authorized features Access Codes Key for access to specific feature from the part of users with simple instruments, i.e. traditional analog phones. Non-authorized features Silent Monitoring Silently monitors other calls Eavesdropping Conferencing Allows for conversation among several users Eavesdropping, by adding unwanted/unknown parties to a conference override(intrude) Provides for the possibility to break into a busy line to inform another user an important message Eavesdropping Auto-answer Allows an instrument to automatically go when called usually gives an auditor or visible warning which can easily turned off Gaining information not normally available, for various purpose Tenanting Limits system user access to only those users who belong to the same tenant group - useful when one company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc Illegal usage, fraud, eavesdropping Voice mail Stores messages centrally and - by using a password - allows for retrieval from inside or outside lines. Disclosure or destruction of all messages of a user when that user's password in known or discovered by an intruder, disabling of the voice mail system and even the entire switch by lengthy messages or embedded codes, illegal access to external lines. Privacy release Supports shared extensions among several devices, ensuring that only one device at a time can use an extension. Privacy release disables the security by allowing devices to connect to an extension already in use. Eavesdropping No busy extension Allows calls to an in-use extension to be added to a conference when that extension is on conference and already off-hook Eavesdropping a conference in progress Diagnostics Allows for bypassing normal call restriction procedures. This kind of diagnostic is sometimes available from any connected device. It is a separate feature, in addition to the normal maintenance terminal or attendant diagnostics Fraud and illegal usage Camp-on or call waiting When activated, sends a visual audible warning to an off-hook instrument that is receiving another call. Another option of this feature is to conference with the camped-on or call waiting Making the called individual a party to a conference without knowing it. Dedicated connections Connections made through the PBX without using the normal dialing sequences. It can be used to create hot-lines between devices i.e. one rings when the other goes off-hook. It is also used for data connections between devices and the central processing facility Eavesdropping on a line The following were incorrect answers: Call forwarding - Allow specifying an alternate number to which calls will be forwarded based on certain condition Tenanting - Limits system user access to only those users who belong to the same tenant group useful when one company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc Voice Mail - Stores messages centrally and - by using a password - allows for retrieval from inside or outside lines. The following reference(s) were/was used to create this question: CISA review manual 2014 Page number 358
Question 54
In the context of physical access control, what is known as the process of verifying user identities?
Correct Answer: A
Explanation/Reference: Explanation: Authentication is the process of verifying a user's claimed identity. It is based on at least one of these three factors: Something you know, Something you have, or Something you are.
Question 55
Which of the following is a feature of an intrusion detection system (IDS)?
Correct Answer: A
Section: Protection of Information Assets Explanation: An IDS can gather evidence on intrusive activity such as an attack or penetration attempt. Identifying weaknesses in the policy definition is a limitation of an IDS. Choices C and D are features of firewalls, while choice B requires a manual review, and therefore is outside the functionality of an IDS.
