Cybersecurity Test 2 Study Guide
Telnet protocol packets usually go to TCP port ________, whereas SMTP packets go to port ________. A. 80, 52 B. 80, 25 C. 23, 52 D. 23, 25
23, 25
A ________ site provides only rudimentary services and facilities. A. Commercial B. Warm C. Hot D. Cold
Cold
Statement of policy Authorized access and usage of equipment Prohibited use of equipment System management Violations of policy Policy review and modification Limitations of liability
Components of an Issue-specific Security Policy (ISSP)
A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network. for example, restricting user access to Web sites from material that is not related to business, such as pornography or entertainment.
Content Filter
The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster. This planning includes incident response, disaster recovery, and business continuity efforts, as well as preparatory business impact analysis.
Contingency Planning (CP)
A data classification scheme is a formal access control methodology used to assign a level of availability to an information asset and thus restrict the number of people who can access it. True / False
False A formal access control methodology used to assign a level of confidentiality to an information asset and thus restrict the number of people who can access it.
In information security, benchmarking is the comparison of past security activities and events against the organization's current performance. True / False
False Baselining is the comparison of past security activities and events against the organization's current performance.
The computed value of the ALE compares the costs and benefits of a particular control alternative, to determine whether the control is worth it's cost. True / False
False Cost-Benefit Analysis (CBA) determines
A hard drive feature known as "hot swap" is a RAID implementation (typically referred to as RAID Level 1) in which the computer records all data to twin drives simultaneously, providing a backup if the primary drive fails. True / False
False Disk Mirroring, is a RAID implementation (typically referred to as RAID Level 1) in which the computer records all data to twin drives simultaneously, providing a backup if the primary drive fails.
An attack, breach of policy, or other incident always constitutes a violation of law, requiring notification of law enforcement.
False Sometimes its better to follow your chain of command before notifying the authorities.
A cold site provides many of the same services and options of a hot site, but at a lower cost. True / False
False Warm Site provides many of the same services and options of a hot site, but at a lower cost.
Security approaches you at work about people sometimes being able to enter the office using the voice recognition system even though they are not employees. What is the problem? A. False Rejection B. False Acceptance C. Crossover Error D. Cross-through Error
False Acceptance The rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. This failure is also known as a Type II error or a false positive.
An information security ________ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training. A. Plan B. Framework C. Model D. Policy
Framework
________ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information. A. Packet-Filtering B. Application Gateway C. Circuit Gateway D. MAC Layer
Packet-Filtering
A networking device that examines the header information of data packets that come into a network and determines whether to drop them (deny) or forward them to the next network connection (allow), based on its configuration rules.
Packet-Filtering Firewall
Because the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ________ host. A. Domain B. Trusted C. Sacrificial D. DMZ
Sacrificial
A personnel security structure in which each user of an information asset is assigned an authorization level that identifies the level of classified information he or she is "cleared" to access.
Security Clearance
________ assigns a status level to employees to designate the maximum level of classified data they may access. A. Risk Management Scheme B. Security Clearance Scheme C. Data Recovery Scheme D. Data Classification Scheme
Security Clearance Scheme
A managerial program designed to improve the security of information assets by providing targeted knowledge, skills, and guidance for organizations
Security education, training, and awareness (SETA)
In a cost-benefit analysis, the calculated value associated with the most likely loss from an attack. The SLE is the product of the asset's value and the exposure factor.
Single Loss Expectancy (SLE)
When organizations adopt security measures for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as ________. A. Baselining B. Best Practices C. Benchmarking D. Standards of Due Care
Standards of Due Care
________ inspection firewalls keep track of each network connection between internal and external systems. A. Stateless B. Static C. Stateful D. Dynamic
Stateful
A firewall type that keeps track of each network connection between internal and external systems using a state table and that expedites the filtering of those communications. aka a stateful inspection firewall.
Stateful Packet Inspection (SPI) Firewall
________ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall. A. Dynamic B. Secure C. Static D. Packet
Static A firewall type that requires the configuration rules to be manually created, sequenced, and modified within the firewall.
Five goals of Information Security Governance Outcomes
Strategic Alignment Risk Management Resource Management Performance Measurement Value Delivery
Often function as standards or procedures used when configuring or maintaining systems. Two groups: Managerial Guidance Technical Specifications
Systems-Specific Security Policy (SysSP)
Port Number Description 20 FTP - Data 21 FTP - Control 22 SSH Remote Login Protocol 23 Telnet 25 Simple Mail Transfer Protocol (SMTP) 53 Domain Name System (DNS) 80 HTTP 109 POP2 110 POP3 161 SNMP 443 HTTPS
TCP Port Numbers Well-Known
One of the most widely referenced security models. Standard framework for information security that states organizational security policy is needed to provide management directions and support. Purpose is to give recommendations for information security management. Provides a starting point for developing organizational security.
The ISO 27000 Series International Organization for Standardization (ISO)
In the static filtering, configuration rules must be manually created, sequenced, and modified within the firewall. True / False
True
________ is simply how often you expect a specific type of attack to occur. A. ARO B. CBA C. ALE D. SLE
ARO Annualized Rate of Occurrence
The SETA program is a control measure designed to reduce the instances of ________ security breaches by employees. A. Accidental B. Physical C. Intentional D. External
Accidental
A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes ________. A. Controls have been bypassed B. Controls have proven ineffective C. Controls have failed D. All of the above
All of the above
The CPMT conducts the BIA in three stages. Which of the following is NOT one of those stages? A. Determine mission / business processes and recovery criticality B. Identify recovery priorities for system resources C. Identify resource requirements D. All of these are BIA stages
All of these are BIA stages
In a cost-benefit analysis, the product of the annualized rate of occurrence and single loss expectancy.
Annualized Loss Expectancy (ALE)
Risk ________ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility. A. Benefit B. Appetite C. Acceptance D. Avoidance
Appetite
The comparison of past security activities and events against the organization's current performance.
Baselining
A device placed between an external, untrusted network and an internal, trusted network. aka as a sacrificial host A bastion host serves as the sole target for attack and should therefore be thoroughly secured.
Bastion Host
________ is the process of comparing other organizations' activities against the practices used in one's own organization to produce results it would like to duplicate. A. Benchmarking B. Best Business Practices C. Risk Management D. Metrics
Benchmarking
Often called recommended practices, are considered among the best in the industry.
Best Business Practices
A documented product of business continuity planning; plan that shows the organization's intended efforts to continue critical functions when operations at the primary site are not feasible.
Business Continuity Plan (BC plan)
An investigation and assessment of the various adverse events that can affect the organization, conducted as a preliminary phase of the contingency planning process, which includes a determination of how critical a system or set of information is to the organization's core processes and recovery priorities.
Business Impact Analysis (BIA)
The formal decision-making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) ________. A. ARO B. CBA C. ALE D. SLE
CBA Cost-Benefit Analysis
________ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the flood waters recede. A. IR B. DR C. BC D. BR
DR Disaster Recovery
________ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident. A. Damage assessment B. Containment development C. Incident response D. Disaster assessment
Damage assessment
________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optical protection. A. Networking B. Proxy C. Defense in depth D. Best-effort
Defense in depth
The proxy server is often placed in an unsecured area of the network or is placed in the ________ zone. A. Hot B. Fully Trusted C. Cold D. Demilitarized
Demilitarized
An intermediate area between two networks designed to provide servers and firewall filtering between a trusted internal network and the outside, untrusted network. Traffic on the outside network carries a higher level of risk.
Demilitarized Zone (DMZ)
The documented product of disaster recovery planning; a plan that shows the organization's intended efforts in the event of a disaster.
Disaster Recovery Plan (DR plan)
Some people search trash and recycling bins - a practice known as ________ - to retrieve information that could embarrass a company or compromise information security. A. Shoulder Surfing B. Dumpster Diving C. Pretexting D. Corporate Espionage
Dumpster Diving
A ________ filtering firewall can react to an emergent event and update or create rules to deal with the event. A. Static B. Dynamic C. Stateless D. Stateful
Dynamic
A firewall type that can react to network traffic and create or modify configuration rules to adapt.
Dynamic Packet-Filtering Firewall
The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ________. A. Off-site storage B. Remote journaling C. Electronic vaulting D. Database shadowing
Electronic vaulting
- Overview of the corporate security philosophy. - Information on the structure of the organization and people in information security roles. - Articulated responsibilities for security shared by all members of the organization. - Articulated responsibilities for security unique to each role in the organization.
Enterprise Information Security Policy (EISP) Elements
The ________ plan specifies the actions an organization can and should take while an adverse event is in progress. An adverse event could result in loss of an information asset or assets, but it does not currently threaten the viability of the entire organization. A. BC B. DR C. IR D. BR
IR Incident Response
The documented product of incident response planning; a plan that shows the organization's intended efforts in the event of an incident.
Incident Response Plan (IR plan)
Is part of the TCP/IP protocol stack. It is stationed at the Internet Layer and it is an error message standard that supports the core Internet Protocol.
Internet Control Message Protocol (ICMP)
An organizational policy that provides detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as one of its processes or technologies.
Issue-specific Security Policy (ISSP)
The service within Kerberos that generates and issues session keys is known as ________. A. TGS B. AS C. KDC D. VPN
KDC Key Distribution Center
An authentication system that uses symmetric key encryption to validate an individual user's access to various network resources by keeping a database containing the private keys of clients and servers that are in the authentication domain it supervises.
Kerberos
The calculation of the likelihood of an attack coupled with the attack frequency to determine the expected number of losses within a specified time range is called the ________. A. Loss Frequency B. Benefit of Loss C. Loss Magnitude D. Annualized Loss Expectancy
Loss Frequency
________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model. A. Application Gateway B. MAC Layer C. Packet Filtering D. Circuit Gateway
MAC Layer
________ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization. A. Managerial B. Technical C. Operational D. Informational
Managerial
Provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.
NIST Cybersecurity Framework
Layer 7 Application Layer Layer 6 Presentation Layer Layer 5 Session Layer Layer 4 Transport Layer Layer 3 Network Layer Layer 2 Data Link Layer Layer 1 Physical Layer
Open Systems Interconnection Model (OSI Model)
________ controls address personnel security, physical security, and the protection of production inputs and outputs. A. Informational B. Operational C. Technical D. Managerial
Operational
An examination of how well a particular solution fits within the organization's strategic planning objectives and goals.
Organizational Feasibility
________ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection. A. RADIUS B. IPSEC C. RADIAL D. TUNMAN
RADIUS
In most common implementation models, the content filter has two components: A. Encryption and Decryption B. Filtering and Encoding C. Rating and Filtering D. Rating and Decryption
Rating and Filtering
________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information. A. Firewalling B. Hosting C. Redundancy D. Domaining
Redundancy
RAID is an acronym for a ________ array of independent disk drives that stores information across multiple units to spread out data and minimize the impact of a single drive failure. A. Replicated B. Resistant C. Random D. Redundant
Redundant
A computer connection system that centralizes the management of user authentication by placing the responsibility for authenticating each user on a central authentication server.
Remote Authentication Dial-In User Service (RADIUS)
The transfer of transaction data in real time to an off-site facility is called ________. A. Off-site storage B. Remote journaling C. Electronic vaulting D. Database shadowing
Remote journaling
The risk to information assets that remains after current controls have been applied.
Residual Risk
________ equals the probability of a successful attack multiplied by the expected loss from a successful attack plus an element of uncertainty. A. Loss Magnitude B. Risk C. Loss Frequency D. Loss
Risk
A determination of the extent to which an organization's information assets are exposed to risk.
Risk Assessment
The application of controls that reduce the risks to an organization's information assets to an acceptable level.
Risk Control
The first phase of risk management is ________. A. Risk Identification B. Design C. Risk Control D. Risk Evaluation
Risk Identification
The recognition, enumeration, and documentation of risks to an organization's information assets.
Risk Identification
- Determine mission / business processes and recovery criticality. - Identify recovery priorities for system resources. - Identify resource requirements.
Three Stages of Business Impact Analysis (BIA)
In ________ mode, the data within an IP packet is encrypted, but the header information is not. A. Transport B. Tunnel C. Symmetric D. Public
Transport
Only the payload or data of the original IP packet is protected (encrypted, authenticated, or both). The protected payload is then encapsulated by the IPsec headers and trailers while the original IP header remains intact and is not protected by IPsec. Is used only when the IP traffic to be protected has IPsec peers as both the source and destination.
Transport Mode definition
Authentication is the process of validating and verifying an unauthenticated entity's purported identity. True / False
True
Residual risk is the risk that that has not been removed, shifted, or planned for after vulnerabilities have been completely resolved. True / False
True
Risk control is the application of controls that reduce the risks to an organization's information assets to an acceptable level. True / False
True
The false reject rate describes the number of legitimate users who are denied access because of a failure in the biometric device. True / False
True
To determine if the risk to an information asset is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited. True / False
True
You should adopt naming standards that do not convey information to potential system attackers. True / False
True
The primary benefit of a VPN that uses ________ mode, where an intercepted packet reveals nothing about the true destination system. A. Subnet B. Tunnel C. Passthrough D. Transport
Tunnel
Federal Agencies such as the NSA, FBI, and CIA use specialty classification schemes. For materials that are not considered National Security Information, ________ data is the lowest-level classification. A. Sensitive B. Confidential C. Unclassified D. Public
Unclassified
Which of the following is considered three-factor authentication? A. Building Access Card / Voice Recognition Scan B. Building Access Card / Username / Password C. Username / Password / Smartcard D. Username / Password / Smartcard / Voice Recognition Scan
Username / password / smartcard / PIN Three mechanisms that provide authentication based on something: an unauthorized entity knows, Username / password an unauthenticated entity has, Smartcard an unauthenticated entity is. Voice Recognition Scan
A(n) ________ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A. SVPN B. SESAME C. KERBES D. VPN
VPN Virtual Private Network
Known as the ping service, ICMP is a(n) ________ and should be ________. A. common method for hacker reconnaissance, turned off to prevent snooping B. essential feature, turned on to save money C. common method for hacker reconnaissance, turned on to save money D. infrequent used hacker tool, turned off to prevent snooping
common method for hacker reconnaissance, turned off to prevent snooping