Chapters 8,9, and 10 Test
What risk analysis process identifies key business equipment and systems that require protection and determining their value? a. asset identification b. vulnerability identification c. threat assessment d. probability quantification e. impact analysis f. countermeasures determination
a. asset identification
this refers to a situation where the tester is given no specific information about the structure of the system being tested. May be considered as footprinting or scanning phase of the hacking process a. black box b. grey box c. white box
a. black box
the security manager received a report that an employee was involved in illegal activity and has saved data to a workstation's hard drive. During the investigation, local law enforcement's criminal division confiscates the hard drive as evidence. Which of the following forensic procedures is involved? a. chain of custody b. system image c. take hashes d. order of volatility
a. chain of custody
which of the following is also known as profiling? a. footprinting b. scanning c. enumerating d. attacking
a. footprinting
this risk response strategy is techniques used to protect against possible attacks and are implemented when the impact of a potential risk is substantial. A good example of this is an IDS system. a.mitigation b. deterrence c. avoidance d. transference
a. mitigation
What type of risk is an earthquake? a. natural b. man-made c. system
a. natural
what type of risk is a blizzard? a. natural b. man-made c. system
a. natural
what type of risk is a hurricane? a. natural b. man-made c. system
a. natural
what type of risk is a landslide? a. natural b. man-made c. system
a. natural
joe, a computer forensic technician, responds to an active compromise of a database server. Joe first collects information in memory, then collects network traffic, and finally conducts an image of the hard drive. Which of the following procedures did Joe follow? a. order of volatility b. chain of custody c. recovery procedures d. incident isolation
a. order of volatility
Which vulnerability assessment tool is implemented to assess traffic on a network and what it reveals about the protocols being used. a. protocol analyzer b. sniffer (packet analyzer) c. vulnerability scanner d. port scanner e. honeypot
a. protocol analyzer
What risk analysis method shows that there is a high probability of an earthquake? a. qualitative b. quantitative c. semi-quantitative
a. qualitative
this risk response strategy is the acknowledgement of the risk and the consequences that come with it, if that risk were to materialize, as well as realizing that the risk involved is not entirely avoidable. a. avoidance b. deterrence c. acceptance d. mitigation
c. acceptance
which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensic tools? a. identify user habits b. remove system to the IT office for further analysis and testing c. capture system image d. interview witnesses
c. capture system image
which of the following mitigation strategies is established to reduce risk when performing updates to business critical systems? a. incident management b. server clustering c. change management d. forensic analysist
c. change managment
The skill that deals with collecting and analyzing data from storage devices, computer systems, networks, and wireless communications and presenting this information as a form of evidence in a court of law is called what? a. private investigator b. mitigation c. computer forensics d. CSI
c. computer forensics
which vulnerability assessment technique is the combination of all points in a system or application that are exposed and available to attackers? by reducing the points that could possibly be used in an attack, you will be less vulnerable to possible attacks. a. review the baseline report b. perform code reviews c. determine attack surface d. review security architecture e. review the security design
c. determine attack surface
this risk response strategy involves changes to the condition to make it less likely or enticing for an attacker to launch an attack. It may include physical security measures like checkpoints, of a virtual attacker may discover strong security policies have been implemented. a. mitigation b. avoidance c. deterrence d. acceptance
c. deterrence
a forensic analyst is reviewing electronic evidence after a robbery. However, security cameras installed at the site do not record any footage. Which of the following types of controls was being used? a. detective b. corrective c. deterrent d. preventive
c. deterrent
which of the following steps in the hacking process is when the attacker will try to gain access to resources or other information such as users, groups, and shares? a. footprinting b. scanning c. enumerating d. attacking
c. enumerating
In a security breach, the first experienced person or a team of trained professionls that arrive on an incident scene is called what? a. responsible person b. designated responder c. first responder d. authorized personnel
c. first responder
a security manager is preparing the training portion of an incident plan. Which of the following job roles should receive training on forensics, chain of custody, and the order of volatility? a. system owners b. data custodians c. first responders d. security guards
c. first responders
an administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start? a. review past security incidents and their resolutions b. rewrite the existing security policy c. implement an intrusion prevention system d. install honey pot systems
c. implement an intrusion prevention system
which risk mitigation control is are security measures implemented to safeguard all aspects of day-to-day functions and activities. For example, door locks and guards at entrances are controls used to permit only authorized personnel into a building. a. technical control b. management controls c. operational controls d. loss controls
c. operational controls
what risk analysis method is being used when a manufacturing plant produces 4 times more automobiles than trucks. How many automobiles does it make? a. qualitative b. quantitative c. semi-quantitative
c. semi-quantitative
what type of risk is an email vulnerability, such as a virus? a. natural b. man-made c. system
c. system
what type of risk is an unsecured mobile device? a. natural b. man-made c. system
c. system
what type of risk is an unstable virtualization environment? a. natural b. man-made c. system
c. system
Which of the following is NOT one of the four phases of Risk Management? a. identify and assess risks that exist in a system b. analyze the potential impact risks will have on a system c. test response procedures to potential threats d. mitigate the impact of risks for future security.
c. test response procedures to potential threats
what risk analysis process shows that once vulnerabilities are understood, the threats that may take advantage of or exploit those vulnerabilities are determined? a. asset identification b. vulnerability identification c. threat assessment d. probability quantification e. impact analysis f. countermeasures determination
c. threat assessment
which of these is performed on an organization's physical security implementations and all networks, hardware and software a. risk b. threat c. vulnerability
c. vulnerability
which vulnerability assessment tool is implemented in this application to assess your systems, networks, and applications for weaknesses? a. protocol analyzer b. sniffer (packet analyzer) c. vulnerability scanner d. port scanner e. honeypot
c. vulnerability scanner
this refers to a situation when the tester knows all about the aspects of the system and understands the function and design of the system before the test is conducted.
c. white box
a member of digital forensics team, Joe arrives at a crime scene and is preparing to collect system data. Before powering the system off, Joe knows that he must collect the most volatile data first. Which of the following is the correct order in which Joe should collect the data? a. CPU cache, paging/swap files, RAM, remote logging data b. RAM, CPU cache, remote logging data, paging/swap files c. paging/swap files, CPU cache, RAM, remote logging data d. CPU cache, RAM, paging/swap files, remote loggintdata
d. CPU cache, RAM, paging/swap files, remote logging data
which of the following steps in the hacking process is when the hacker attempts to cause damage, service disruption, or steal or destroy sensitive information? a. footprinting b. scanning c. enumerating d. attacking
d. attacking
which of the following is used to eliminate the risk altogether by eliminating the cause? a. transference b. mitigation c. deterrence d. avoidance
d. avoidance
an intrusion has occurred in an internet facing system. The security administrator would like to gather forensic evidence while the system is still in operation. Which of the following procedures should the administrator perform FIRST on the system? a. make a drive image b. take hashes of system data c. collect information on RAM d. capture network traffic
d. capture network traffic
Which of the following is the best practice when securing a switch from physical access? a. disable unnecessary accounts b. print baseline configuration c. enable access list d. disable unused ports
d. disable unused ports
this is the security policy that determines the actions that an organization will take following a confirmed or potential security breach. a. incident management policy b. security incident policy c. security breach policy d. incident response policy
d. incident response policy
Which of the following is NOT typically a part of the incident response policy? a. who determines and declares if an actual security event has rec ; a, who determines and delcares if an actual security incident b. what individuals or departments will recieve notification c. who will respond to the incident d. interview questions once the person responsible is discovered.
d. interview questions once the person responsible is discovered.
hardening is a type of mitigation and deterrent. Which of the following is not a step in the hardening process? a. disable all services b. password protect all accounts c. disable all unnecessary accounts d. limit audit log data to 1 week to prevent SQL injection
d. limit audit log data to 1 week to prevent SQL injection
which risk mitigation control is also called damage controls, these are security measures implemented to protect key assets from being damaged. this includes reducing the chances of damage occurring and reducing the severity of the damage when one occurs. For example, fire extinguishers and sprinkler systems can reduce property damage in the event of a fire. a. technical control b. management controls c. operational controls d. loss controls
d. loss controls
which vulnerability assessment tool is implemented to assess the current state of all ports on your network and to detect potential open ports that may pose risks to your organization? a. protocol analyzer b. sniffer (packet analyzer) c. vulnerability scanner d. port scanner e. honeypot
d. port scanner
what risk analysis process is the likelihood or probability that threats will exploit vulnerabilities? a. asset identification b. vulnerability identification c. threat assessment d. probability quantification e. impact analysis f. countermeasures determination
d. probability quantificaiton
true or false, performance and system monitoring are types of mitigation and deterrent techniques?
true
a security administrator has been tasked with assisting in the forensic investigation of an incident relating to employee misconduct. The employee's supervisor believes evidence of misconduct can be found on the employee's assigned workstation. Which of the following choices BEST describes what should be done? a. record time as offset as required and conduct a timeline analysis b. update antivirus definitions and conduct a full scan for infected files c. analyze network traffic, system, and file logs d. create an additional local admin account on the workstation to conduct work from e. delete other user profiles on the system to help narrow down the search space f. patch the system before reconnecting to the network.
a. record time as offset as required and conduct a timeline analysis c. analyze network traffic, system and file logs
What vulnerability assessment technique is a collection of security and configuration settings that are to be applied to a particular system or network in the organization. The report is a benchmark against which you can compare other systems in your network. a. review the baseline report b. perform code reviews c. determine attack surface d. review security architecture e. review the security design
a. review the baseline report
This is the likelihood that a threat can exploit a vulnerability to cause some type of damage. a. risk b. threat vector c. threat mitigation d. risk vector
a. risk
which of these is usually performed as part of the risk analysis process to identify what parts or functions of the business pose the highest risk. a. risk b. threat c. vulnerability
a. risk
Which risk mitigation control type is used on hardware and software installations that are implemented to monitor and prevent threats and attacks to computer systems and services. For example, installing and configuring a network firewall is a type of technical control. a. technical control b. management controls c. operational controls d. loss controls
a. technical controls
a security administrator working for a law enforcement organization is asked to secure a computer system at the scene of a crime for transport to the law enforcement forensic facility. In order to capture as much evidence as possible, the computer system has been left running. The security administrator begins gathering information by image which of the following system components FIRST? a. NVRAM b RAM c. TPM d. SSD
b. RAM
which of the following is the MOST important step for preserving evidence during forensic procedures? a. involve law enforcement b. chain of custody c. record the time of the incident d. report within one hour of discovery
b. chain of custody
A user has received an email from an external source which asks for details on the company's new product line set for release in one month. The user has a detailed specification sheet but it is marked "Internal Proprietary Information." Which of the following should the user do NEXT? a. contact their manager and request guidelines on how best to move forward. b. contact the help desk and/or incident response team to determine next steps c. provide the requestor with the email information since it will be released soon anyway. d. reply back to the requestor to gain their contact information and call them.
b. contact the help desk and/or incident response team to determine the next steps
this refers to a situation where the tester has partial knowledge of internal architecture and systems, or other preliminary information about the system being tested. This type of test would fall into the enumerating phase of the hacking process a. black box b. grey box. c. white box
b. grey box
The Chief Security Office (CSO) is contacted by a first responder. The CSO assigns a handler. Which of the following is occuring? a. unannounced audit response. b. incident response process c. business continuity planning d. disaster recovery process
b. incident response process
what type of risk is a terrorist attack? a. natural b. man-made c. system
b. man-made
what type of risk is file destruction a. natural b. man-made c. system
b. man-made
what type of risk is information disclosure? a. natural b. man-made c. system
b. man-made
which risk mitigation control type is procedures implemented to monitor the adherence to organizational security policies. These controls are specifically designed to control the operational efficiencies of a particular area and to monitor security policy compliance. For example, annual or regularly scheduled security scans and audits to check for compliance with security policies a. technical control b. management controls c. operational controls d. loss controls
b. management controls
which of the following is a type of tool used to explore and gather network layout information from a network? a. packet sniffer b. network mapper c. ethical hack d. Cain and Abel
b. network mapper
what vulnerability assessment technique are types of reviews that may be carried out manually by a developer, or automatically using a source code analysis tool. Both methods are useful in identifying potential weaknesses in an application that may eventually lead to an attack if not corrected? a. review the baseline report b. perform code reviews c. determine attack surface d. review security architecture e. review the security design
b. perform code reviews
During which of the following phases of the Incident Response Process should a security administrator define and implement general defense against malware? a. lesson learned b. preparation c. eradication d. identification
b. preparation
what risk analysis method shows that we average 8 power outages a year. It costs the company an average of $12,000 per power outage. a. qualitative b. quantitative c. semi-quantitative
b. quantitative
which of the following is also known as banner grabbing? a. footprinting b. scanning c. enumerating d. attacking
b. scanning
which vulnerability assessment tool is implemented to capture and asses individual data packets sent over a network? a. protocol analyzer b. sniffer (packet analyzer) c. vulnerability scanner d. port scanner e. honeypot
b. sniffer (packet analyzer)
Which of these is usually performed as part of the risk analysis process, but could be performed at any time to verify that the current security controls are still operating successfully, and are detecting and managing the path or means by which an attacker can carry out a security attack. a. risk b. threat c. vulnerability
b. threat
Which Risk Response strategy is used to allocate the responsibility of risk to another agency, or to a third part, such as an insurance company? a. avoidance b. transference c. acceptance d. mitigation
b. transference
What risk analysis process identifies the weaknesses so the analyst can confirm where asset protection problems exist. Locating weaknesses exposes the critical areas that are most susceptible. Be careful of false positives though. a. asset identification b. vulnerability identification c. threat assessment d. probability quantification e. impact analysis f. countermeasures determination
b. vulnerability identification
which of the following is NOT a type of mitigation or deterrent technique? a. monitoring system logs b. white box testing c. hardening d. reporting
b. white box testing
which vulnerability assessment technique is an evaluation of an organization's current security infrastructure model and measures? Regular reviews are important to determine if current systems and critical assets are secured properly, and if potential threats and vulnerabilities have been addressed. During this review, areas of concern are targeted and further evaluated to make sure security measures meet the current needs. a. review the baseline report b. perform code reviews c. determine attack surface d. review security architecture e. review the security design
d. review security architecture
a system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that? a. HDD hashes are accurate b. the NTP server works properly c. chain of custody is preserved d. time offset can be calculated
d. time offset can be calculated
which vulnerability assessment tool is implemented in this environment to redirect suspicious activity away from legitimate network systems and onto an isolated system where you can monitor it safely? a. protocol analyzer b. sniffer (packet analyzer) c. vulnerability scanner d. port scanner e. honeypot
e. honeypot
What risk analysis process shows that once the probabilities are determined, the effects of these potential threats need to be evaluated? this can include either the effects of recovering from the damage or the effect of implementing possible preventive measures. a. asset identification b. vulnerability identification c. threat assessment d. probability quantification e. impact analysis f. countermeasures determination
e. impact analysis
What vulnerability assessment technique is completed before a security implementation is applied? Using the architectural review results, the reviewer can determine if the security solution will in fact fulfill the needs of an organization. a. review the baseline report b. perform code reviews c. determine attack surface d. review security architecture e. review the security design
e. review the security design
What risk analysis process is determining and developing procedures and processes to eliminate or reduce risks? These procedures and processes must be economically sound and provide the expected level of protection. In other words, they must not cost more than the expected loss caused by threats that exploit vulnerabilities. a. asset identification b. vulnerability identification c. threat assessment d. probability quantification e. impact analysis f. countermeasures determination
f. countermeasures determination