Online Quiz 2 - Keamanan SiSTEM Informasi

"Whois" is a tool used for gathering information about domain names, IP addresses, and other related information. It helps in discovering the ownership and contact details of a particular website or IP address. Therefore, it falls under the category of information gathering and discovery, as it assists in obtaining relevant data during the initial stages of a cybersecurity assessment or investigation.

The correct answer is "Salah desain (design flaw)". This is because the question is discussing a security vulnerability in the Three Way Handshake mechanism in the transport layer of the TCP/IP protocol. The fact that this mechanism can be exploited for Session Spoofing & Hijacking indicates a flaw in the design of the protocol, rather than an issue with implementation, configuration, or usage.

The correct answer is "Salah implementasi" (Implementation error). This is because Thomas Lopatic discovered a security hole in the Unix operating system's "Finger" program, which could be exploited using buffer overflow technique. This indicates that there was an error or flaw in the way the program was implemented, leading to the security vulnerability.

The given correct answer for this question is "Detection". This is because the "Retina" software mentioned in the question is specifically designed to determine whether a system or application is vulnerable to attacks or not. This process of identifying vulnerabilities and potential threats is a part of the detection phase in the vulnerability assessment (VA) process.

SSID broadcasting refers to the process in which an Access Point regularly broadcasts a message containing the name of a specific wireless network. This helps stations to identify the presence of the wireless network.

Dick's action of trying to access the server by providing his login information on the wrong network is categorized as accidental association. Accidental association refers to the unintentional connection to an unauthorized network or device, thinking it is a legitimate access point. In this case, Dick mistakenly believed that he was connecting to the Access Point of his faculty, but he was actually connecting to a different network. This mistake can lead to potential security risks and unauthorized access to personal information.

The weakness of WEP encryption technique in terms of password lies in using a shared-key. This means that the same key is shared among multiple users or devices, making it easier for an attacker to intercept and guess the password. This lack of uniqueness and randomness in the shared-key makes it vulnerable to brute-force attacks and increases the likelihood of unauthorized access to the encrypted data.

The term "security gap" refers to the difference or distance between the actual level of security and the desired or ideal level of security. It suggests that there is a disparity or deficiency in the current security measures that need to be addressed in order to achieve the desired level of security. This term is commonly used in the context of evaluating and improving security systems and protocols.

The action of Ben forcing the campus network's Access Point to reassociate by sending a large number of garbage packets falls under the category of Denial of Service. Denial of Service attacks aim to disrupt or disable a network or system by overwhelming it with a flood of malicious or useless traffic, rendering it inaccessible or unusable for legitimate users. In this case, Ben's actions are intentionally causing a disruption to the network's normal functioning by flooding it with garbage packets.

The correct answer is "Mengidentifikasi security gap." The purpose of security evaluation is to identify any gaps or vulnerabilities in the current security level and compare it with the desired security level. This helps in identifying any weaknesses or areas that need improvement in order to enhance the overall security measures.

The correct answer is "Hazard." A hazard refers to a potential source of harm or danger that has been recognized or identified. It can include various threats to security, such as natural disasters, accidents, or intentional acts of violence. Hazards are typically assessed and managed to minimize the risks they pose to individuals, communities, or organizations.

Phillip fell victim to email phishing, which is a fraudulent attempt to obtain sensitive information such as credit card details by disguising as a trustworthy entity in an electronic communication. In this case, the email offering low insurance premiums was a scam, and Phillip unknowingly provided his credit card information to the scammers. This type of attack is common and can lead to identity theft or financial loss for the victims.

System log is categorized as an automated audit in the context of Information System Audit. This is because system logs are automatically generated by computer systems to record events and activities. These logs provide valuable information about the functioning of the system, including user activities, errors, security incidents, and more. Automated tools can analyze these logs to identify any anomalies or potential issues, making it an effective method for auditing and monitoring the system's performance and security.

The correct answer is "Data link." In the OSI model, the data link layer is responsible for the reliable transfer of data between two nodes on a network. It provides error detection and correction, as well as flow control. WEP (Wired Equivalent Privacy) is a security protocol that operates at the data link layer, providing encryption and authentication for wireless networks. Therefore, WEP works at the data link layer in the OSI model.

The weakness of the WEP encryption technique can be exploited at the application layer of the operating system. This means that the encryption is not designed to work effectively at the application layer, making it vulnerable to attacks.

Adi accidentally configured his shared folder with writeable access for public users, allowing them to exploit it by inserting virus-infected files into the folder. This security vulnerability falls under the category of "Salah konfigurasi" or "misconfiguration."

Protokol 802.11b is the correct answer because it is the only protocol among the options that does not use OFDM (Orthogonal Frequency Division Multiplexing) modulation technique. OFDM is a modulation technique used in wireless communication to increase data transfer rates and improve signal quality. Protocols 802.11a, 802.11g, and 802.11n all use OFDM, but 802.11b uses a different modulation technique called Direct Sequence Spread Spectrum (DSSS).

An access point is a wireless networking device that allows wireless devices to connect to a wired network. It acts as a bridge between the wireless network and the wired network, enabling communication between the two. Therefore, an access point is the correct answer as it can be used to connect a wireless network to a wired network.

In the process of WEP encryption, the logical operation applied between the output bit stream of RC4 and the plaintext is XOR. XOR (exclusive OR) operation combines the bits from both inputs and produces an output where each bit is set if the corresponding bits in the inputs are different. This operation is commonly used in encryption algorithms to ensure that the encrypted data is secure and can only be decrypted using the correct key.

The given correct answer is "Enumeration." In this scenario, Jeffrey is using a specific software to remotely scan Gina's computer and gather information about the operating system being used. Enumeration is the process of actively gathering information about a target system, such as open ports, services running, and system configurations. It is an important step in vulnerability assessment (VA) as it helps identify potential vulnerabilities and weaknesses in the system.

Leo dan kawan-kawannya membuka sebuah biro jasa pengelolaan keamanan sistem informasi dengan target klien perusahaan dan/atau instansi pemerintah. Bentuk usaha seperti ini disebut Managed Service Provider (MSP). MSP adalah penyedia jasa yang mengelola dan menyediakan layanan IT kepada klien mereka. Mereka bertanggung jawab atas pengelolaan, pemantauan, dan pemeliharaan sistem keamanan informasi klien mereka. Dalam konteks ini, Leo dan kawan-kawannya menyediakan layanan pengelolaan keamanan sistem informasi kepada perusahaan dan instansi pemerintah, sehingga menjadikan mereka sebagai Managed Service Provider (MSP).

Jack's action of pretending to be an employee of the XYZ company's headquarters in order to gain access to account information on their server falls under the category of social engineering. Social engineering refers to the manipulation of individuals to deceive them into revealing confidential information or granting unauthorized access to systems. In this case, Jack is using deception and impersonation to manipulate the company's employees and gain access to sensitive information.

The correct answer is Malicious association. This is because Alex intentionally placed another Access Point in an existing wireless network with the purpose of sniffing passwords. This action is considered malicious as it involves unauthorized access and potential harm to the network and its users.

A security mechanism refers to the various tools, techniques, and protocols implemented to protect an organization's systems and data from potential threats. It is responsible for safeguarding against security gaps or vulnerabilities by providing controls and countermeasures. While security assessments, policies, and audits play important roles in maintaining security, it is the security mechanism that actively defends against potential breaches and ensures that the security gap remains at an adequate level.

The action of installing a dummy-AP as an intermediary to connect stations in a wireless campus network with the original AP falls under the category of Man-in-the-middle attacks. In this scenario, the attacker is intercepting and potentially altering the communication between the stations and the genuine AP, allowing them to eavesdrop on sensitive information or manipulate the data being transmitted.

Insufficient bound checking refers to the practice of not properly validating the size or length of input data before storing it in a buffer. This can lead to buffer overflow vulnerabilities, where an attacker can overwrite adjacent memory locations and potentially execute malicious code. To avoid this, programmers need to ensure that they validate and limit the size of input data to prevent buffer overflows and potential exploitation.

The given question is asking for the category that the security vulnerability falls into when someone misuses the root account's permission level in the UNIX operating system. The correct answer is "Salah penggunaan" which translates to "Misuse" in English. This means that the vulnerability is caused by the incorrect or dangerous use of the root account, which can potentially damage the system.

Stop SSID Broadcasting is a technique that can be used to minimize security threats by preventing the wireless network name from being detected by other devices. By disabling SSID broadcasting, the network becomes "hidden" and only devices that already know the network name can connect to it. This adds an extra layer of security as it makes it more difficult for unauthorized users to discover and attempt to access the network.

Dumster diving is the correct answer because it refers to the act of searching through trash or garbage in order to find valuable or useful information. In the given scenario, Bill is rummaging through the trash in the backyard of XYZ company's office to gather valuable information about their network.

System monitoring is important for various reasons such as identifying new security holes, detecting configuration errors, and managing the addition of new software or hardware. However, the need for new requirements in the information system may not directly correlate with the need for regular system monitoring. This answer suggests that the need for new requirements may not be a reason to perform system monitoring periodically.

The correct answer is Security Risk Evaluation. This approach involves analyzing the potential risks and vulnerabilities in a system or organization's security measures. It includes assessing the likelihood and impact of security threats, as well as evaluating the cost of implementing security measures to mitigate these risks. By conducting a security risk evaluation, organizations can make informed decisions about allocating resources and implementing appropriate security measures to protect their assets and data.

RF Shielding is a technique that can be used to prevent wireless signals from being used outside of the office building. It involves creating a physical barrier or shield around the area to block the signals from escaping. This can be done using materials that are designed to absorb or reflect the radio waves, effectively preventing them from reaching beyond the designated area. By implementing RF shielding, Jenni can ensure that the wireless signals managed by her cannot be accessed or utilized outside of her office building.

The correct answer is "Manage Service Provider". In this approach, most of the work is outsourced to external parties to manage the service provider. This means that the organization relies on external experts to assess and manage the security of their service provider. This approach allows the organization to leverage the expertise and resources of the service provider to ensure the security of their systems and data.

The distribution system is a component of a wireless network that is not specified in the 802.11 protocol but has an important task of connecting a wireless network to other networks. It serves as a bridge between the wireless network and other networks, allowing for communication and data transfer between them. This component is essential for expanding the reach and connectivity of a wireless network beyond its local area.

WEP (Wired Equivalent Privacy) is a technique that can be used to prevent easy spoofing of communication sessions between stations in a wireless network. WEP provides a level of encryption to the data being transmitted, making it difficult for hackers to intercept and manipulate the communication. By using WEP, John can ensure that the data transmitted within his wireless network is secure and not easily spoofed by hackers.

Memperketat security mechanism yang digunakan adalah salah satu cara untuk meminimalkan peluang terjadinya serangan Social Engineering. Dengan meningkatkan keamanan pada mekanisme yang digunakan, seperti mengaktifkan fitur otentikasi dua faktor, enkripsi data, dan firewall yang kuat, dapat membuat serangan social engineering menjadi lebih sulit dilakukan oleh pihak yang tidak berwenang. Dengan demikian, menjaga keamanan pada security mechanism yang digunakan dapat membantu mengurangi risiko serangan social engineering.

The correct answer is Security Risk Evaluation. This approach involves conducting a comprehensive assessment of the security system used, including evaluating its strengths and weaknesses. It focuses on identifying and analyzing potential risks and threats to the system's security. By conducting a security risk evaluation, organizations can gain insights into their overall security posture and make informed decisions to mitigate risks and enhance their security measures.