Multiple choices. Only 10 questions.

  • The idea that all information should be free
    • is a principle guaranteed by the Constitution.
    • is a belief shared by many in the hacking community.
    • is as good for business as it is for sound government.
    • is, ironically, foundational to the creation of a sound security program.
  • If proprietary information is discovered by hackers it will be
    • will be sold on the virtual black market to a cast of villains set on world domination.
    • quietly tucked away and only revealed after indentifying information has been scrubbed.
    • used to blackmail employees responsible for security.
    • widely exposed.
  • Which of the following is NOT a true statement about a trusted computing base (TCB).
    • A TCB is the totality of hardware, software, processes, and individuals who are considered essential to overall security
    • A TCB had better include both essential and a careful selection of non-essential processes.
    • A TCB is more easily protected when it is small and not overly complex.
    • None of the above
  • Security through obscurity can be effective as
    • a long-term security solution for flawed protection system.
    • a short-term method for hiding vulnerabilities.
    • a way to hide sloppy design work.
    • all of the above
  • Sensitive information can be disclosed in different ways, EXCEPT
    • bringing a laptop home to get some work done at night.
    • stray comments in a coffee shop.
    • documents inadvertently left on the subway.
    • deliberate leaks.
  • Governments often call on industry to share information, reasons for this would include
    • the government needs information to provide assistance to industry.
    • the government needs information to maintain adequate situational awareness.
    • politicians often call on industry to provide information to be used for political ends.
    • All of the above
  • The stages of adversarial reconnaissance and planning are
    • physical scouting of target, identifying access points, and then direct access to the target.
    • directly accessing a target, comparing data with other hackers, and then accessing the target again.
    • wide-reaching collection, targeted collection, and then direct access to the target.
    • background checks on a target’s personnel, developing profiles to identify potential weak links, and then using this information to obtain direct access to the target.
  • Which of the following should always be obscured?
    • specific attributes of seemingly non-security related features (software, networking, etc.)
    • any information about the security protection of a national asset
    • any information about the vulnerabilities of national infrastructure
    • all of the above.
  • Policies that could be put in place to strengthen obscurity measures would include
    • a rule that no one with infrastructure responsibility should make public statements without explicit PR planning and preparation.
    • a rule that individuals with responsibility for infrastructure deceive their loved ones about the job they have.
    • a rule that prohibits employees from meeting socially outside of work anywhere “shop talk” may be overheard by others.
    • None of the above
  • Government clearance levels and information classification are techniques
    • that have little to offer the cyber security community.
    • were created during WWII by the historic need of the Army to keep certain information from the Marines.
    • that would be beneficial to private enterprise.
    • That are not very effective, as the spate of documents released by Wikileaks proves.