Cybersecurity Test 2 Study Guide

¡Supera tus tareas y exámenes ahora con Quizwiz!

Telnet protocol packets usually go to TCP port ________, whereas SMTP packets go to port ________. A. 80, 52 B. 80, 25 C. 23, 52 D. 23, 25

23, 25

A ________ site provides only rudimentary services and facilities. A. Commercial B. Warm C. Hot D. Cold

Cold

Statement of policy Authorized access and usage of equipment Prohibited use of equipment System management Violations of policy Policy review and modification Limitations of liability

Components of an Issue-specific Security Policy (ISSP)

A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network. for example, restricting user access to Web sites from material that is not related to business, such as pornography or entertainment.

Content Filter

The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster. This planning includes incident response, disaster recovery, and business continuity efforts, as well as preparatory business impact analysis.

Contingency Planning (CP)

A data classification scheme is a formal access control methodology used to assign a level of availability to an information asset and thus restrict the number of people who can access it. True / False

False A formal access control methodology used to assign a level of confidentiality to an information asset and thus restrict the number of people who can access it.

In information security, benchmarking is the comparison of past security activities and events against the organization's current performance. True / False

False Baselining is the comparison of past security activities and events against the organization's current performance.

The computed value of the ALE compares the costs and benefits of a particular control alternative, to determine whether the control is worth it's cost. True / False

False Cost-Benefit Analysis (CBA) determines

A hard drive feature known as "hot swap" is a RAID implementation (typically referred to as RAID Level 1) in which the computer records all data to twin drives simultaneously, providing a backup if the primary drive fails. True / False

False Disk Mirroring, is a RAID implementation (typically referred to as RAID Level 1) in which the computer records all data to twin drives simultaneously, providing a backup if the primary drive fails.

An attack, breach of policy, or other incident always constitutes a violation of law, requiring notification of law enforcement.

False Sometimes its better to follow your chain of command before notifying the authorities.

A cold site provides many of the same services and options of a hot site, but at a lower cost. True / False

False Warm Site provides many of the same services and options of a hot site, but at a lower cost.

Security approaches you at work about people sometimes being able to enter the office using the voice recognition system even though they are not employees. What is the problem? A. False Rejection B. False Acceptance C. Crossover Error D. Cross-through Error

False Acceptance The rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. This failure is also known as a Type II error or a false positive.

An information security ________ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training. A. Plan B. Framework C. Model D. Policy

Framework

________ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information. A. Packet-Filtering B. Application Gateway C. Circuit Gateway D. MAC Layer

Packet-Filtering

A networking device that examines the header information of data packets that come into a network and determines whether to drop them (deny) or forward them to the next network connection (allow), based on its configuration rules.

Packet-Filtering Firewall

Because the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ________ host. A. Domain B. Trusted C. Sacrificial D. DMZ

Sacrificial

A personnel security structure in which each user of an information asset is assigned an authorization level that identifies the level of classified information he or she is "cleared" to access.

Security Clearance

________ assigns a status level to employees to designate the maximum level of classified data they may access. A. Risk Management Scheme B. Security Clearance Scheme C. Data Recovery Scheme D. Data Classification Scheme

Security Clearance Scheme

A managerial program designed to improve the security of information assets by providing targeted knowledge, skills, and guidance for organizations

Security education, training, and awareness (SETA)

In a cost-benefit analysis, the calculated value associated with the most likely loss from an attack. The SLE is the product of the asset's value and the exposure factor.

Single Loss Expectancy (SLE)

When organizations adopt security measures for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as ________. A. Baselining B. Best Practices C. Benchmarking D. Standards of Due Care

Standards of Due Care

________ inspection firewalls keep track of each network connection between internal and external systems. A. Stateless B. Static C. Stateful D. Dynamic

Stateful

A firewall type that keeps track of each network connection between internal and external systems using a state table and that expedites the filtering of those communications. aka a stateful inspection firewall.

Stateful Packet Inspection (SPI) Firewall

________ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall. A. Dynamic B. Secure C. Static D. Packet

Static A firewall type that requires the configuration rules to be manually created, sequenced, and modified within the firewall.

Five goals of Information Security Governance Outcomes

Strategic Alignment Risk Management Resource Management Performance Measurement Value Delivery

Often function as standards or procedures used when configuring or maintaining systems. Two groups: Managerial Guidance Technical Specifications

Systems-Specific Security Policy (SysSP)

Port Number Description 20 FTP - Data 21 FTP - Control 22 SSH Remote Login Protocol 23 Telnet 25 Simple Mail Transfer Protocol (SMTP) 53 Domain Name System (DNS) 80 HTTP 109 POP2 110 POP3 161 SNMP 443 HTTPS

TCP Port Numbers Well-Known

One of the most widely referenced security models. Standard framework for information security that states organizational security policy is needed to provide management directions and support. Purpose is to give recommendations for information security management. Provides a starting point for developing organizational security.

The ISO 27000 Series International Organization for Standardization (ISO)

In the static filtering, configuration rules must be manually created, sequenced, and modified within the firewall. True / False

True

________ is simply how often you expect a specific type of attack to occur. A. ARO B. CBA C. ALE D. SLE

ARO Annualized Rate of Occurrence

The SETA program is a control measure designed to reduce the instances of ________ security breaches by employees. A. Accidental B. Physical C. Intentional D. External

Accidental

A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes ________. A. Controls have been bypassed B. Controls have proven ineffective C. Controls have failed D. All of the above

All of the above

The CPMT conducts the BIA in three stages. Which of the following is NOT one of those stages? A. Determine mission / business processes and recovery criticality B. Identify recovery priorities for system resources C. Identify resource requirements D. All of these are BIA stages

All of these are BIA stages

In a cost-benefit analysis, the product of the annualized rate of occurrence and single loss expectancy.

Annualized Loss Expectancy (ALE)

Risk ________ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility. A. Benefit B. Appetite C. Acceptance D. Avoidance

Appetite

The comparison of past security activities and events against the organization's current performance.

Baselining

A device placed between an external, untrusted network and an internal, trusted network. aka as a sacrificial host A bastion host serves as the sole target for attack and should therefore be thoroughly secured.

Bastion Host

________ is the process of comparing other organizations' activities against the practices used in one's own organization to produce results it would like to duplicate. A. Benchmarking B. Best Business Practices C. Risk Management D. Metrics

Benchmarking

Often called recommended practices, are considered among the best in the industry.

Best Business Practices

A documented product of business continuity planning; plan that shows the organization's intended efforts to continue critical functions when operations at the primary site are not feasible.

Business Continuity Plan (BC plan)

An investigation and assessment of the various adverse events that can affect the organization, conducted as a preliminary phase of the contingency planning process, which includes a determination of how critical a system or set of information is to the organization's core processes and recovery priorities.

Business Impact Analysis (BIA)

The formal decision-making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) ________. A. ARO B. CBA C. ALE D. SLE

CBA Cost-Benefit Analysis

________ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the flood waters recede. A. IR B. DR C. BC D. BR

DR Disaster Recovery

________ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident. A. Damage assessment B. Containment development C. Incident response D. Disaster assessment

Damage assessment

________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optical protection. A. Networking B. Proxy C. Defense in depth D. Best-effort

Defense in depth

The proxy server is often placed in an unsecured area of the network or is placed in the ________ zone. A. Hot B. Fully Trusted C. Cold D. Demilitarized

Demilitarized

An intermediate area between two networks designed to provide servers and firewall filtering between a trusted internal network and the outside, untrusted network. Traffic on the outside network carries a higher level of risk.

Demilitarized Zone (DMZ)

The documented product of disaster recovery planning; a plan that shows the organization's intended efforts in the event of a disaster.

Disaster Recovery Plan (DR plan)

Some people search trash and recycling bins - a practice known as ________ - to retrieve information that could embarrass a company or compromise information security. A. Shoulder Surfing B. Dumpster Diving C. Pretexting D. Corporate Espionage

Dumpster Diving

A ________ filtering firewall can react to an emergent event and update or create rules to deal with the event. A. Static B. Dynamic C. Stateless D. Stateful

Dynamic

A firewall type that can react to network traffic and create or modify configuration rules to adapt.

Dynamic Packet-Filtering Firewall

The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ________. A. Off-site storage B. Remote journaling C. Electronic vaulting D. Database shadowing

Electronic vaulting

- Overview of the corporate security philosophy. - Information on the structure of the organization and people in information security roles. - Articulated responsibilities for security shared by all members of the organization. - Articulated responsibilities for security unique to each role in the organization.

Enterprise Information Security Policy (EISP) Elements

The ________ plan specifies the actions an organization can and should take while an adverse event is in progress. An adverse event could result in loss of an information asset or assets, but it does not currently threaten the viability of the entire organization. A. BC B. DR C. IR D. BR

IR Incident Response

The documented product of incident response planning; a plan that shows the organization's intended efforts in the event of an incident.

Incident Response Plan (IR plan)

Is part of the TCP/IP protocol stack. It is stationed at the Internet Layer and it is an error message standard that supports the core Internet Protocol.

Internet Control Message Protocol (ICMP)

An organizational policy that provides detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as one of its processes or technologies.

Issue-specific Security Policy (ISSP)

The service within Kerberos that generates and issues session keys is known as ________. A. TGS B. AS C. KDC D. VPN

KDC Key Distribution Center

An authentication system that uses symmetric key encryption to validate an individual user's access to various network resources by keeping a database containing the private keys of clients and servers that are in the authentication domain it supervises.

Kerberos

The calculation of the likelihood of an attack coupled with the attack frequency to determine the expected number of losses within a specified time range is called the ________. A. Loss Frequency B. Benefit of Loss C. Loss Magnitude D. Annualized Loss Expectancy

Loss Frequency

________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model. A. Application Gateway B. MAC Layer C. Packet Filtering D. Circuit Gateway

MAC Layer

________ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization. A. Managerial B. Technical C. Operational D. Informational

Managerial

Provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.

NIST Cybersecurity Framework

Layer 7 Application Layer Layer 6 Presentation Layer Layer 5 Session Layer Layer 4 Transport Layer Layer 3 Network Layer Layer 2 Data Link Layer Layer 1 Physical Layer

Open Systems Interconnection Model (OSI Model)

________ controls address personnel security, physical security, and the protection of production inputs and outputs. A. Informational B. Operational C. Technical D. Managerial

Operational

An examination of how well a particular solution fits within the organization's strategic planning objectives and goals.

Organizational Feasibility

________ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection. A. RADIUS B. IPSEC C. RADIAL D. TUNMAN

RADIUS

In most common implementation models, the content filter has two components: A. Encryption and Decryption B. Filtering and Encoding C. Rating and Filtering D. Rating and Decryption

Rating and Filtering

________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information. A. Firewalling B. Hosting C. Redundancy D. Domaining

Redundancy

RAID is an acronym for a ________ array of independent disk drives that stores information across multiple units to spread out data and minimize the impact of a single drive failure. A. Replicated B. Resistant C. Random D. Redundant

Redundant

A computer connection system that centralizes the management of user authentication by placing the responsibility for authenticating each user on a central authentication server.

Remote Authentication Dial-In User Service (RADIUS)

The transfer of transaction data in real time to an off-site facility is called ________. A. Off-site storage B. Remote journaling C. Electronic vaulting D. Database shadowing

Remote journaling

The risk to information assets that remains after current controls have been applied.

Residual Risk

________ equals the probability of a successful attack multiplied by the expected loss from a successful attack plus an element of uncertainty. A. Loss Magnitude B. Risk C. Loss Frequency D. Loss

Risk

A determination of the extent to which an organization's information assets are exposed to risk.

Risk Assessment

The application of controls that reduce the risks to an organization's information assets to an acceptable level.

Risk Control

The first phase of risk management is ________. A. Risk Identification B. Design C. Risk Control D. Risk Evaluation

Risk Identification

The recognition, enumeration, and documentation of risks to an organization's information assets.

Risk Identification

- Determine mission / business processes and recovery criticality. - Identify recovery priorities for system resources. - Identify resource requirements.

Three Stages of Business Impact Analysis (BIA)

In ________ mode, the data within an IP packet is encrypted, but the header information is not. A. Transport B. Tunnel C. Symmetric D. Public

Transport

Only the payload or data of the original IP packet is protected (encrypted, authenticated, or both). The protected payload is then encapsulated by the IPsec headers and trailers while the original IP header remains intact and is not protected by IPsec. Is used only when the IP traffic to be protected has IPsec peers as both the source and destination.

Transport Mode definition

Authentication is the process of validating and verifying an unauthenticated entity's purported identity. True / False

True

Residual risk is the risk that that has not been removed, shifted, or planned for after vulnerabilities have been completely resolved. True / False

True

Risk control is the application of controls that reduce the risks to an organization's information assets to an acceptable level. True / False

True

The false reject rate describes the number of legitimate users who are denied access because of a failure in the biometric device. True / False

True

To determine if the risk to an information asset is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited. True / False

True

You should adopt naming standards that do not convey information to potential system attackers. True / False

True

The primary benefit of a VPN that uses ________ mode, where an intercepted packet reveals nothing about the true destination system. A. Subnet B. Tunnel C. Passthrough D. Transport

Tunnel

Federal Agencies such as the NSA, FBI, and CIA use specialty classification schemes. For materials that are not considered National Security Information, ________ data is the lowest-level classification. A. Sensitive B. Confidential C. Unclassified D. Public

Unclassified

Which of the following is considered three-factor authentication? A. Building Access Card / Voice Recognition Scan B. Building Access Card / Username / Password C. Username / Password / Smartcard D. Username / Password / Smartcard / Voice Recognition Scan

Username / password / smartcard / PIN Three mechanisms that provide authentication based on something: an unauthorized entity knows, Username / password an unauthenticated entity has, Smartcard an unauthenticated entity is. Voice Recognition Scan

A(n) ________ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A. SVPN B. SESAME C. KERBES D. VPN

VPN Virtual Private Network

Known as the ping service, ICMP is a(n) ________ and should be ________. A. common method for hacker reconnaissance, turned off to prevent snooping B. essential feature, turned on to save money C. common method for hacker reconnaissance, turned on to save money D. infrequent used hacker tool, turned off to prevent snooping

common method for hacker reconnaissance, turned off to prevent snooping


Conjuntos de estudio relacionados

Phycology 101 - Chapter 1, 2 & 3

View Set

Chapter 23: Ecological Economics

View Set

Wellness Exam 2 practice questions

View Set

chapter 10- equilibria and equilibrium constant

View Set