Info Sec Test

Two Factor Authentication

An authentication method that uses two types of authentication credentials.

Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality?

Applying strong encryption

The University of Georgia's academic honesty policy is called a/an ______?

Culture of Honesty

Access control lists (ACLs) are used to permit and deny traffic in an IP router.

True

An IT security policy framework is like an outline that identifies where security controls should be used.

True

Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.

True

Encrypting the data within databases and storage devices gives an added layer of security.

True

For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public domain categories.

True

Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext.

True

Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available.

True

Organizations should start defining their IT security policy framework by defining an asset classification policy.

True

Simple Network Management Protocol (SNMP) is used for network device monitoring, alarm, and performance.

True

The System/Application Domain holds all the mission-critical systems, applications, and data.

True

The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy.

True

The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services.

True

Which one of the following is typically used during the identification phase of a remote access connection?

Username

Public web content

Web content refers to the textual, aural, or visual content published on a website. Public web content is that content that is open to public use.

WEP

Wired Equivalent Privacy is a legacy encryption for wireless networks. WEP is weak and does not provide sufficient protection for most traffic.

Wireless Encryption

Wireless encryption secures your wireless network with an authentication protocol. It requires a password or network key when a user or device tries to connect.

DMZ

(Demilitarized zone) The DMZ is a LAN segment in the LAN-to-WAN Domain that acts as a buffer zone for inbound and outbound IP traffic. External servers such as web servers, proxy servers, and email servers can be placed here for greater isolation and screening of IP traffic.

John captures traffic on his network and notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted connections?

22

Lake's web server was down for an entire day last September. It experienced no other downtime during that month. Which one of the following represents the web server uptime for that month?

96.67%

VPN

A VPN is a dedicated encrypted tunnel from one endpoint to another. The VPN tunnel can be created between a remote workstation using the public Internet and a VPN router or a secure browser and a Secure Sockets Layer virtual private network (SSL-VPN) website.

Business Continuity Plan

A business continuity plan gives priorities to the functions an organization needs to keep going after a major disaster such as a flood or earthquake. To create a BCP one must conduct a business impact analysis and decide which computer uses are most important and define RTOs (Recovery time objectives) for each system.

High Availability firewall

A deployment in which two firewalls are placed in a group and their configuration is synchronized to prevent a single point of failure on the network.

Disaster Recovery Plan

A disaster recovery plan defines how a business gets back on its feet after a major disaster. The DRP is prepared based on the Business Continuity Plan and focuses on the most important computer systems first. The DRP should include a DRP team and a remote data center.

Full

A full backup is a complete backup of all files on a designated hard drive. An organization's entire data asset is copied and stored separately from the original data in case the original data is compromised or lost.

Network penetration tests

A network penetration test is a simulated cyber attack against your network to check for exploitable vulnerabilities. Insights provided by the network penetration test can fine-tune security policies and patch detected vulnerabilities.

Business Impact Analysis

A prerequisite analysis for a business continuity plan that prioritizes business operations and functions and their associated IT systems, applications, and data and the impact of an outage or downtime. A BIA helps define a road map for business continuity and disaster recovery and also assists organizations with risk management and incident response planning.

RSA Token

A small hardware device or a mobile app for logging in to a system using two-factor authentication.

Rogue Wireless Access Points

A wireless LAN access point set up and configured by a hacker to fool users into connecting with it. The hacker may then use the connection to carry out an attack such as a man-in-the-middle attack.

Wireless network

A wireless network allows devices to stay connected to the network but roam untethered to any wires. It uses radio waves to connect devices such as laptops and mobile phones to the Internet and applications.

During what phase of a remote access connection does the end user prove his or her claim of identity?

Authentication

Backup Tapes (vs. Disks or VDLs)

Backing up to tape is extremely low price per gigabyte, has long term storage on an infinite scale, and has data mobility without network connectivity, however using tapes puts an organization at higher risk for security issues as they are easier to steal. Some strengths of disk based backups are quick backups and restores, easy mobility of data, secure backups, and efficient medium for daily and weekly backups.

What is NOT a common endpoint for a virtual private network (VPN) connection used for remote network access?

Content filter

Core Responders

Core responders have the training and documentation to respond to incidents as they occur. They should be comfortable enough with each other to communicate freely and handle each incident in a professional manner.

Which risk is most effectively mitigated by an upstream Internet service provider (ISP)?

Distributed denial of service (DDoS)

A VPN router is a security appliance that is used to filter IP packets.

False

Cryptography is the process of transforming data from cleartext into ciphertext.

False

Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages.

False

In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.

False

Service-level agreements (SLAs) are optical backbone trunks for private optical backbone networks.

False

The Sarbanes-Oxley (SOX) Act requires all types of financial institutions to protect customers' private financial information.

False

The asset protection policy defines an organization's data classification standard.

False

The weakest link in the security of an IT infrastructure is the server.

False

Which element of the security policy framework offers suggestions rather than mandatory actions?

Guideline

Isaac recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Isaac's employer?

Health Insurance Portability and Accountability Act (HIPAA)

Which one of the following is NOT a good technique for performing authentication of an end user?

Identification number

How is IdM different from IAM?

Identity management (also known as authentication) determines who the user is, whether based on groups, role, or other qualities. Access management (authorization) evaluates the user to determine what the user can actually see and access after authentication.

What is Identity Management?

Identity management manages digital identities. Identities combine digital attributes and entries in the database to create a unique designation for a user. Its management consists of creating, maintaining, monitoring, and deleting those identities as they operate in the enterprise network.

Incremental

In an incremental backup, you start with a full backup when network traffic is light. Then, each night you back up only that day's changes. As the week progresses, the nightly (incremental) backup takes about the same amount of time.

Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations?

Password protection

Jennifer is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?

Integrity

IPS/IDS

Intrusion detection systems/intrusion prevention systems monitor for sensitive employee positions and access. They examine the IP data streams for inbound and outbound traffic. Alarms and alerts programmed within an IDS/IPS help identify abnormal traffic and can block IP traffic as per policy definition.

Which network device is capable of blocking network connections that are identified as potentially malicious?

Intrusion prevention system (IPS)

Which one of the following measures the average amount of time that it takes to repair a system, application, or component?

Mean time to repair (MTTR)

Network Segmentation

Network segmentation is an architectural approach that divides a network into multiple segments or subnets, each acting as its own small network. This allows network administrators to control the flow of traffic between subnets based on granular policies.

Sara must purchase firewalls for several network circuits used by her organization. Which one circuit will have the highest possible network throughput?

OC-12

Off-site Backup and Recovery - what are the options?

Offsite backup is the replication of the data to a server which is separated geographically from a production systems site. The two most common forms of off-site backup are cloud backup and tape backup. During cloud backup a copy of the data is sent over a network to an off-site server. During the tape backup process, data is copied from primary storage to a tape cartridge. For off-site data protection, an organization would then transport the tape cartridges to another location.

Which element of the security policy framework requires approval from upper management and applies to the entire organization?

Policy

John is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?

Procedure

Real-time vs. other choices

Real-time backup automatically saves a copy of every change made to that data, such as in a Google Doc. In it's true form it allows the user or administrator to restore data at any point in time. In it's true form there is no backup schedule. Traditional backup only restore data from the time the backup was made.

Methodology:

See notes

Differential

Similarly in differential you also start by making a full backup when traffic is light. Each day after however you back up all changes made since the last full backup. As the week progresses, each day's backup takes a little longer.

Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?

Standard

Incident Response Plan

The Federal Information Security Management Act of 2002 (FIMSA) requires federal agencies have an incident response procedure. They must state how the agency detects and resolves incidents and must also report incidents to the Department of Homeland Security.

Recovery Time Objective

The RTO expresses the maximum allowable time to recover the function. Many less formal recovery plans overlook RTO. Time may be a critical factor, and specifying the requirements for recovery time helps determine the best recovery options.

Encryption

The act of transforming cleartext data into undecipherable ciphertext.

Primary Facility

The primary facility is the location where original data is stored. If a primary site goes down a backup site can be activated so you are able to retrieve backed up data.

Which term describes any action that could damage an asset?

Threat

Which classification level is the highest level used by the U.S. federal government?

Top Secret

Password Controls

allows helpdesk and IT staff to reset users' passwords

Employee Onboarding and Termination

onboarding includes incorporating a new hire into the company; termination includes an employee leaving an employer either by will or by employer's request

Generic or Shared Administrative Accounts

one set of credentials gives access to multiple people, typically used when employees have similar duties; security risk to network

User Access Reviews

part of access control process that reviews users' access rights

Your team was hired to "fix" an organization. Discuss how you would implement Access Controls and Techniques in the organization. Be sure to define any terms and highlight differences. How would IDS and IPS come into play in your solution?

see notes