Infosec Final

¡Supera tus tareas y exámenes ahora con Quizwiz!

__________ is the process of reviewing the use of a system, not to check performance but to determine if misuse or malfeasance has occurred.

Auditing

According to NIST's SP 800-34, Rev. 1, which of the following is NOT one of the stages of the business impact assessment?

Calculate asset valuation and combine with the likelihood and impact of potential attacks in a TVA worksheet.

After an incident, but before returning to its normal duties, the CSIRT must do which of the following?

Conduct an after-action review.

__________ channels are unauthorized or unintended methods of communications hidden inside a computer system, including storage and timing channels.

Covert

Which of the following is the first major task in the BIA, according to NIST SP 800-34, Rev. 1?

Determine mission/business processes and recovery criticality.

A general guideline for performance of hard drives suggests that when the amount of data stored on a particular hard drive averages 95% of available capacity for a prolonged period, you should consider an upgrade for the drive. a. True b. False

False

A(n) wrap-up review is a detailed examination and discussion of the events that occurred during an incident or disaster, from first detection to final recovery. __________

False

An alert digest is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process. __________

False

An effective information security governance program requires no ongoing review once it is well established. a. True b. False

False

An intranet vulnerability scan starts with the scan of the organization's default Internet search engine. a. True b. False

False

Documentation procedures are not required for configuration and change management processes. a. True b. False

False

In most organizations, the COO is responsible for creating the IR plan.

False

Separation of duties is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties. T/F

False

Technical controls alone, when properly configured, can secure an IT environment. a. True b. False

False

The "something a person has" authentication mechanism takes advantage of something inherent in the user that is evaluated using biometrics. a. True b. False

False

The Information Technology Infrastructure Library provides guidance in the development and implementation of an organizational InfoSec governance structure. T/F

False

The internal monitoring domain is the component of the maintenance model that focuses on identifying, assessing, and managing the physical security of assets in an organization. a. True b. False

False

The principle of limiting users' access privileges to the specific information required to perform their assigned tasks is known as minimal access. T/F

False

The target selection step of Internet vulnerability assessment involves using the external monitoring intelligence to configure a test engine (such as Nessus) for the tests to be performed. a. True b. False

False

Threats cannot be removed without requiring a repair of the vulnerability. a. True b. False

False

Training should be as specialized as possible; personnel who are responsible for one duty should not be trained on other duties to avoid confusion during a disaster.

False

Under the Clark-Wilson model, internal consistency means that the system is consistent with similar data at the organization's competitors. T/F

False

When an incident takes place, the disaster recovery (DR) plan is invoked before the incident response (IR) plan.

False

When performing full-interruption testing, normal operations of the business are not impacted.

False

Wireless vulnerability assessment begins with the planning, scheduling, and notification of all Internet connections, using software such as Wireshark. a. True b. False

False

management model such as the ISO 27000 series deals with methods to maintain systems. a. True b. False

False

Boundary controls regulate the admission of users into trusted areas of the organization. __________

False - Access

US-CERT is a set of moderated mailing lists full of detailed, full-disclosure discussions and announcements about computer security vulnerabilities. It is sponsored in part by SecurityFocus. __________

False - Bugtraq

Intense packet inspection is a firewall function that involves examining multiple protocol headers and even content of network traffic, all the way through the TCP/IP layers and including encrypted, compressed, or encoded data. __________

False - Deep

The internal vulnerability assessment is usually performed against every device that is exposed to the Internet, using every possible penetration testing approach. __________

False - Internet

Specific warning bulletins are issued when developing threats and specific assets pose a measurable risk to the organization. __________

False - attacks

A bollard host is a device placed between an external, untrusted network and an internal, trusted network. __________

False - bastion

In information security, a framework or security model customized to an organization, including implementation details, is known as a template. __________

False - blueprint

In a lattice-based access control, a restriction table is the row of attributes associated with a particular subject (such as a user). __________

False - capabilities

A smart chip is an authentication component, similar to a dumb card, that contains a computer chip to verify and validate several pieces of information instead of just a PIN. __________

False - card

The action level is a predefined assessment level of an IDPS that triggers a predetermined response when surpassed. __________

False - clipping

Tracking monitoring involves assessing the status of the program as indicated by the database information and mapping it to standards established by the agency. __________

False - compliance

In some organizations, asset management is the identification, inventory, and documentation of the current information system's status—hardware, software, and networking configurations. __________

False - configuration

Dumpster exploitation is an information attack that involves searching through a target organization's trash and recycling bins for sensitive information. __________

False - diving

In wireless networking, the waveprint is the geographic area in which there is sufficient signal strength to make a network connection. __________

False - footprint

In information security, a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls is known as a blueprint. __________

False - framework

The primary goal of the external monitoring domain is to maintain an informed awareness of the state of all the organization's networks, information systems, and information security defenses. __________

False - internal

The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary is known as required privilege. __________

False - least

To be put to the most effective use, the information that comes from the IDPS must be integrated into the inventory process. __________

False - maintenance

The systems development life cycle (SDLC) is the overall process of developing, implementing, and retiring information systems through a multistep approach—from initiation to use. __________

False - maintenance to disposal

The NIST SP 800-100 Information Security Handbook provides technical guidance for the establishment and implementation of an information security program. __________

False - managerial

The Information Technology Infrastructure Library (ITIL) is a collection of policies and practices for managing the development and operation of IT infrastructures. __________

False - methods

In e-commerce situations, some cryptographic tools can be used for misrepresentation in order to assure that parties to the transaction are authentic, and that they cannot later deny having participated in a transaction. __________

False - nonrepudiation

A semialphabetic substitution cipher is one that incorporates two or more alphabets in the encryption process. __________

False - polyalphabetic

A security monitor is a conceptual piece of the system within the trusted computer base that manages access controls—in other words, it mediates all access to objects by subjects. __________

False - reference

The final process in the vulnerability assessment and remediation domain is the maintenance phase. __________

False - remediation

. CERT stands for "computer emergency recovery team." __________

False - response

An effective information security governance program requires constant change. __________

False - review

An affidavit is used as permission to search for evidentiary material at a specified location and/or to seize items to return to an investigator's lab for examination after being signed by an approving authority. __________

False - search warrant

A validity table is a tabular record of the state and context of each packet in a conversation between an internal and external user or system. __________

False - state

You can document the results of the verification of a vulnerability by saving the results in what is called a(n) profile. __________

False - trophy

A user ticket is opened when a user calls about an issue. __________

False - trouble False - help desk False - support

WLAN stands for "wide local area network." __________

False - wireless

What is the final stage of the business impact analysis when using the NIST SP 800-34 approach?

Identify recovery priorities for system resources.

The __________ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's public network.

Internet

Which of the following is true about a hot site?

It duplicates computing resources, peripherals, phone systems, applications, and workstations.

__________ interconnections are the network devices, communications channels, and applications that may not be owned by the organization but are essential to the organization's cooperation with another company.

Partner

Which of the following NIST Cybersecurity Framework (CSF) stages relates to implementation of effective security controls (policy, education, training and awareness, and technology)?

Protect

Which of the following is NOT a stage in the NIST Cybersecurity Framework (CSF)?

React

Which of the following NIST Cybersecurity Framework (CSF) stages relates to reacting to an incident?

Respond

The information security principle that requires significant tasks to be split up so that more than one individual is required to complete them is called ___ of duties.

Separation

__________ channels are TCSEC-defined covert channels that communicate by modifying a stored object, such as in steganography.

Storage

. A(n) war game puts a subset of plans in place to create a realistic test environment. __________

True

A firewall is any device that prevents a specific type of information from moving between the untrusted network and the trusted network. a. True b. False

True

A hot site is a fully configured computing facility that includes all services, communications links, and physical plant operations.

True

A packet filtering firewall is a networking device that examines the header information of data packets that come into a network and determines whether to drop them (deny) or forward them to the next network connection (allow), based on its configuration rules. __________

True

A password should be difficult to guess. __________

True

A security clearance is an access control model in which each user of an information asset is assigned an authorization level that identifies the level of classified information he or she is cleared to access. T/F

True

A slow-onset disaster occurs over time and gradually degrades the capacity of an organization to withstand its effects. __________

True

A wireless access point is a device used to connect wireless networking users and their devices to the rest of the organization's network(s). __________

True

All systems that are mission critical should be enrolled in platform security validation (PSV) measurement. a. True b. False

True

An example of the type of vulnerability exposed via traffic analysis occurs when an organization is trying to determine if all its device signatures have been adequately masked. __________

True

Biometrics are the use of physiological characteristics to provide authentication of an identification. __________

True

CM assists in streamlining change management processes and prevents changes that could detrimentally affect the security posture of a system before they happen. __________

True

Disaster classification is the process of examining an adverse event or incident and determining whether it constitutes an actual disaster. __________

True

External monitoring entails forming intelligence from various data sources and then giving that intelligence context and meaning for use by decision makers within the organization.

True

For configuration management and control, it is important to document the proposed or actual changes in the system security plan. __________

True

If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well. a. True b. False

True

In a cold site there are only rudimentary services, with no computer hardware or peripherals.

True

In an IDPS, a sensor is a piece of software that resides on a system and reports back to a management server. __________

True

In information security, a security blueprint is a framework or security model customized to an organization, including implementation details. T/F

True

In some instances, risk is acknowledged as being part of an organization's business process. a. True b. False

True

Intelligence for external monitoring can come from a number of sources: vendors, CERT organizations, public network sources, and membership sites. a. True b. False

True

Inventory characteristics for hardware and software assets that record the manufacturer and versions are related to technical functionality, and should be highly accurate and updated each time there is a change. a. True b. False

True

Lattice-based access control specifies the level of access each subject has to each object, if any. T/F

True

Major planning components should be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate. a. True b. False

True

Organizations should have a carefully planned and fully populated inventory of all their network devices, communication channels, and computing devices. __________

True

Over time, external monitoring processes should capture information about the external environment in a format that can be referenced across the organization as threats emerge and for historical use. a. True b. False

True

Over time, policies and procedures may become inadequate due to changes in the organization's mission and operational requirements, threats, or the environment. a. True b. False

True

Patch and proceed is an organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker's identification and prosecution. __________

True

Policy needs to be reviewed and refreshed from time to time to ensure that it's providing a current foundation for the information security program. a. True b. False

True

Rehearsal adds value by exercising the procedures, identifying shortcomings, and providing security personnel the opportunity to improve the security plan before it is needed. a. True b. False

True

Remediation of vulnerabilities can be accomplished by accepting or transferring the risk, removing the threat, or repairing the vulnerability. a. True b. False

True

Secure Shell (SSH) provides security for remote access connections over public networks by creating a secure and persistent connection. a. True b. False

True

The CISO uses the results of maintenance activities and the review of the information security program to determine if the status quo can adequately meet the threats at hand. __________

True

The KDC component of Kerberos knows the secret keys of all clients and servers on the network. a. True b. False

True

The basic function of the external monitoring process is to monitor activity, report results, and escalate warnings. __________

True

The best method of remediation in most cases is to repair a vulnerability. __________

True

The false accept rate is the rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. __________

True

The principle of limiting users' access privileges to the specific information required to perform their assigned tasks is known as need-to-know. T/F

True

The process of identifying and documenting specific and provable flaws in the organization's information asset environment is called vulnerability assessment (VA). __________

True

The simplest kind of validation, the desk check, involves distributing copies of the appropriate plans to all individuals who will be assigned roles during an actual incident or disaster.

True

The vulnerability database, like the risk, threat, and attack database, both stores and tracks information. a. True b. False

True

US-CERT is generally viewed as the definitive authority for computer emergency response teams. a. True b. False

True

When possible, major incident response plan elements should be rehearsed. __________

True

A private, secure network operated over a public and insecure network. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

a

A step commonly used for Internet vulnerability assessment includes __________, which occurs when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection. a. scanning b. subrogation c. delegation d. targeting

a

In which cipher method are values rearranged within a block to create the ciphertext? a. permutation b. Vernam c. substitution d. monoalphabetic

a

The __________ Web site is home to the leading free network exploration tool, Nmap. a. insecure.org b. Packet Storm c. Security Focus d. Snort-sigs

a

The __________ is a statement of the boundaries of the RA. a. scope b. disclaimer c. footer d. head

a

The __________ vulnerability assessment is a process designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network. a. intranet b. Internet c. LAN d. WAN

a

The __________ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's wireless local area networks. a. wireless b. phone-in c. battle-dialing d. network

a

The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption is known as __________. a. cryptanalysis b. cryptology c. cryptography d. nonrepudiation

a

To evaluate the performance of a security system, administrators must establish system performance __________. a. baselines b. profiles c. maxima d. means

a

What is the organized research and investigation of Internet addresses owned or controlled by a target organization? a. footprinting b. content filtering c. deciphering d. fingerprinting

a

Which of the following is NOT a method employed by IDPSs to prevent an attack from succeeding? a. sending DoS packets to the source b. terminating the network connection c. reconfiguring network devices d. changing the attack's content

a

Which of the following is true about symmetric encryption? a. It uses a secret key to encrypt and decrypt. b. It uses a private and public key. c. It is also known as public key encryption. d. It requires four keys to hold a conversation.

a

Which of the following is used in conjunction with an algorithm to make computer data secure from anybody except the intended recipient of the data? a. key b. plaintext c. cipher d. cryptosystem

a

Which of the following provides an identification card of sorts to clients who request services in a Kerberos system? a. ticket granting service b. authentication server c. authentication client d. key distribution center

a

Which type of device can react to network traffic and create or modify configuration rules to adapt? a. dynamic packet filtering firewall b. proxy server c. intrusion detection system d. application layer firewall

a

__________ is used to respond to network change requests and network architectural design proposals. a. Network connectivity RA b. Dialed modem RA c. Application RA d. Vulnerability RA

a

__________ penetration testing is usually used when a specific system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target. a. White box b. Black box c. Gray box d. Green box

a

__________, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a malicious external source (hacker). a. Penetration testing b. Penetration simulation c. Attack simulation d. Attack testing

a

c. NIST d. ISO

a

c. auditing d. awareness

a

d. Compliance Architecture

a

d. IEEE 801

a

d. SP 800-110, Rev. 1: Manager's Introduction to Information Security (2016)

a

d. SP 800-55, Rev. 1: Performance Measurement Guide for Information Security (2008)

a

d. blueprint

a

d. developing secure Web applications

a

d. none of these

a

d. sensitivity level

a

d. separation of duties

a

A framework or security model customized to an organization, including implementation details.

a. blueprint

The selective method by which systems specify who may use a particular resource and how they may use it is called __________.

access control

A __________ is the recorded condition of a particular revision of a software or hardware configuration item. a. state b. version c. configuration d. baseline

b

A process called __________ examines the traffic that flows through a system and its associated devices to identify the most frequently used devices. a. difference analysis b. traffic analysis c. schema analysis d. data flow assessment

b

Detailed __________ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported. a. escalation b. intelligence c. monitoring d. elimination

b

In IPSec, an encryption method in which only a packet's IP data is encrypted, not the IP headers themselves; this method allows intermediate nodes to read the source and destination addresses. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

b

One approach that can improve the situational awareness of the information security function is to use a process known as __________ to quickly identify changes to the internal environment. a. baselining b. difference analysis c. differentials d. revision

b

The __________ commercial site focuses on current security tool resources. a. Nmap-hackerz b. Packet Storm c. Security Laser d. Snort-SIGs

b

The rate at which authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device is known as the __________. a. reset error ratio b. false reject rate c. crossover error rate d. false accept rate

b

To maintain optimal performance, one typical recommendation suggests that when the memory usage associated with a particular CPU-based system averages __________% or more over prolonged periods, you should consider adding more memory. a. 40 b. 60 c. 10 d. 100

b

What tool would you use if you want to collect information as it is being transmitted on the network and analyze the contents for the purpose of solving network problems? a. port scanner b. packet sniffer c. vulnerability scanner d. content filter

b

Which of the following access control processes confirms the identity of the entity seeking access to a logical or physical area? a. identification b. authentication c. authorization d. accountability

b

Which of the following is a commonly used criterion for comparing and evaluating biometric technologies? a. false accept rate b. crossover error rate c. false reject rate d. valid accept rate

b

Which tool can best identify active computers on a network? a. packet sniffer b. port scanner c. trap and trace d. honey pot

b

Which type of IDPS is also known as a behavior-based intrusion detection system? a. network-based b. anomaly-based c. host-based d. signature-based

b

Which type of device exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server? a. dynamic packet filtering firewall b. proxy server c. intrusion detection system d. application layer firewall

b

Which type of firewall keeps track of each network connection established between internal and external systems? a. packet filtering b. stateful packet inspection c. application layer d. cache server

b

c. deterrent d. compensating

b

c. temporal isolation d. nondiscretionary

b

d. Common Criteria

b

d. Security Functional Requirements (SFRs)

b

d. compensating

b

d. verification module

b

Controls implemented at the discretion or option of the data user.

b. DAC

A __________ configuration is a current record of the configuration of the information system for use in comparisons to future states.

baseline

In information security, a framework or security model customized to an organization, including implementation details, is known as a(n) __________.

blueprint

In the event of an incident or disaster, which planning element is used to guide off-site operations?

business continuity

When a disaster renders the current business location unusable, which plan is put into action?

business continuity

Which of the following is the first component in the contingency planning process?

business impact analysis

Control __________ baselines are established for network traffic and for firewall performance and IDPS performance. a. system b. application c. performance d. environment

c

In an IDPS, a piece of software that resides on a system and reports back to a management server is known as a(n) __________. a. agent b. sensor c. Both of these are correct. d. Neither of these is correct.

c

The bastion host is usually implemented as a __________, as it contains two network interfaces: one that is connected to the external network and one that is connected to the internal network, such that all traffic must go through the device to move between the internal and external networks. a. state-linked firewall b. screened-subnet firewall c. dual-homed host d. double bastion host

c

The intermediate area between trusted and untrusted networks is referred to as which of the following? a. unfiltered area b. semi-trusted area c. demilitarized zone d. proxy zone

c

Was developed by Netscape in 1994 to provide security for online e-commerce transactions. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

c

What is an application that entices individuals who are illegally perusing the internal areas of a network by providing simulated rich content areas while the software notifies the administrator of the intrusion? a. port scanner b. sacrificial host c. honey pot d. content filter

c

Which of the following biometric authentication systems is the most accepted by users? a. keystroke pattern recognition b. fingerprint recognition c. signature recognition d. retina pattern recognition

c

Which of the following is NOT among the three types of authentication mechanisms? a. something a person knows b. something a person has c. something a person says d. something a person can produce

c

Which of the following is NOT one of the administrative challenges to the operation of firewalls? a. training b. uniqueness c. replacement d. responsibility

c

Which of the following is a Kerberos service that initially exchanges information with the client and server by using secret keys? a. authentication server b. authentication client c. key distribution center d. ticket granting service

c

Which technology employs sockets to map internal private network addresses to a public address using one-to-many mapping? a. network-address translation b. screened-subnet firewall c. port-address translation d. private address mapping

c

Which technology has two modes of operation: transport and tunnel? a. Secure Hypertext Transfer Protocol b. Secure Shell c. IP Security Protocol d. Secure Sockets Layer

c

__________ allows for major security control components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate. a. System review b. Project review c. Program review d. Application review

c

c. corrective d. compensating

c

c. dumpster diving d. trash trolling

c

d. SP 800-55, Rev. 1: Performance Measurement Guide for Information Security (2008)

c

d. discretionary

c

d. nondiscretionary

c

d. sensitivity levels

c

d. separation of duties

c

d. the maintenance of internal and external consistency

c

Controls access to a specific set of information based on its content.

c. content-dependent access controls

The analysis step of an Internet vulnerability assessment occurs when a knowledgeable and experienced vulnerability analyst screens test results for __________ vulnerabilities logged during scanning.

candidate

The process of collecting detailed information about devices in a network is often referred to as __________.

characterization

In which type of site are no computer hardware or peripherals provided?

cold site

The team responsible for designing and managing the IR plan by specifying the organization's preparation, reaction, and recovery from incidents is known as the __________.

computer security incident response team (CSIRT)

The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster are known as __________.

contingency planning

In the COSO framework, __________ activities include those policies and procedures that support management directives.

control

The group of senior managers and project members organized to conduct and lead all CP efforts is known as the __________.

crisis management planning team (CMPT)

A primary mailing list for new vulnerabilities, called simply __________, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists. a. Bugs b. Bugfix c. Buglist d. Bugtraq

d

A(n) __________ item is a hardware or software item that is to be modified and revised throughout its life cycle. a. revision b. update c. change d. configuration

d

An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

d

Common vulnerability assessment processes include: a. Internet VA b. wireless VA c. intranet VA d. all of these

d

In the _________ firewall architecture, a single device configured to filter packets serves as the sole security point between the two networks. a. state-managed firewall b. screened-subnet firewall c. single-homed firewall d. single bastion host

d

The __________ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. a. US-CERT b. Bugtraq c. CM-CERT d. CERT/CC

d

The __________ mailing list includes announcements and discussion of a leading open-source IDPS. a. Nmap-hackers b. Packet Storm c. Security Focus d. Snort

d

The __________ process is designed to find and document vulnerabilities that may be present because there are misconfigured systems in use within the organization. a. ASP b. ISP c. SVP d. PSV

d

The combination of a system's TCP/IP address and a service port is known as a __________. a. portlet b. NAT c. packet d. socket

d

The optimum approach for escalation is based on a thorough integration of the monitoring process into the __________. a. IDE b. CERT c. ERP d. IRP

d

What is most commonly used for the goal of nonrepudiation in cryptography? a. block cipher b. digital certificate c. PKI d. digital signature

d

What is the next phase of the pre-attack data gathering process after an attacker has collected all of an organization's Internet addresses? a. footprinting b. content filtering c. deciphering d. fingerprinting

d

When an information security team is faced with a new technology, which of the following is NOT a recommended approach? a. Determine if the benefits of the proposed technology justify the expected costs. b. Include costs for any additional risk control requirements that are mandated by the new technology. c. Consider how the proposed solution will affect the organization's risk exposure. d. Evaluate how the new technology will enhance employee skills.

d

Which of the following biometric authentication systems is considered to be truly unique, suitable for use, and currently cost-effective? a. gait recognition b. signature recognition c. voice pattern recognition d. fingerprint recognition

d

Which of the following characteristics currently used for authentication purposes is the LEAST unique? a. fingerprints b. iris c. retina d. face geometry

d

Which of the following is true about firewalls and their ability to adapt in a network? a. Firewalls can interpret human actions and make decisions outside their programming. b. Because firewalls are not programmed like a computer, they are less error prone. c. Firewalls are flexible and can adapt to new threats. d. Firewalls deal strictly with defined patterns of measured observation.

d

Which type of IDPS works like antivirus software? a. network-based b. anomaly-based c. host-based d. signature-based

d

__________ are a component of the "security triple." a. Threats b. Assets c. Vulnerabilities d. All of the above

d

c. security policy d. blueprint

d

c. top secret d. for official use only

d

d. Biba

d

d. InfoSec governance

d

d. It was feared it would lead to government intrusion into business matters.

d

d. To offer guidance for the management of InfoSec to individuals responsible for their organization's security programs

d

d. separation of duties

d

Access is granted based on a set of rules specified by the central authority.

d. rule-based access controls

A(n) __________ analysis is a procedure that compares the current state of a network segment (the systems and services it offers) against a known previous state of that same network segment (the baseline of systems and services).

difference

An attacker's use of a laptop while driving around looking for open wireless connections is often called war __________.

driving

Almost all aspects of a company's environment are __________, meaning threats that were originally assessed in the early stages of the project's systems development life cycle have probably changed and new priorities have emerged.

dynamic

Public key container files that allow PKI system components and end users to validate a public key and identify its owner. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

e

Requires that significant tasks be split up in such a way that more than one individual is responsible for their completion.

e. separation of duties

Which of the following is a backup method that uses bulk batch transfer of data to an off-site facility and is usually conducted via leased lines or secure Internet connections?

electronic vaulting

A cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

f

d. It was feared it would lead to government intrusion into business matters.

f

Ratings of the security level for a specified collection of information (or user) within a mandatory access control scheme.

f. sensitivity levels

Which of the following is the best example of a rapid-onset disaster?

flood

In information security, a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls is known as a(n) __________.

framework

In which contingency plan testing strategy do individuals follow each and every IR/DR/BC procedure, including the disruption of service, restoration of data from backups, and notification of appropriate individuals?

full-interruption

A cryptographic technique developed at AT&T and known as the "one-time pad," this cipher uses a set of characters for encryption operations only one time and then discards it. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

g

One of the TCSEC's covert channels, which communicate by modifying a stored object.

g. storage channel

A cryptographic operation that involves simply rearranging the values within a block based on an established pattern. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

h

A form of nondiscretionary control where access is determined based on the tasks assigned to a specified user.

h. task-based controls

A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example, restricting user access to Web sites with material that is not related to business, such as pornography or entertainment. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

i

A TCSEC-defined covert channel, which transmits information by managing the relative timing of events.

i. timing channel

Which of the following is a part of the incident recovery process?

identifying the vulnerabilities that allowed the incident to occur and spread

Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident?

incident classification

Which of the following determines the scope of the breach of confidentiality, integrity, and availability of information and information assets?

incident damage assessment

As the help desk personnel screen problems, they must also track the activities involved in resolving each complaint in a help desk __________ system.

information

ISO/IEC 27001 provides implementation details on how to implement ISO/IEC 27002 and how to set up a(n) __________.

information security management system (ISMS)

Proven cases of real vulnerabilities can be considered vulnerability __________.

instances

The primary goal of the __________ monitoring domain is an informed awareness of the state of all the organization's networks, information systems, and information security defenses.

internal

The organized research and investigation of Internet addresses owned or controlled by a target organization. a. VPN b. transport mode c. SSL d. PKI e. digital certificate f. asymmetric encryption g. Vernam cipher h. transposition cipher i. content filter j. footprinting

j

Within TCSEC, the combination of all hardware, firmware, and software responsible for enforcing the security

j. TCB

Which of the following is a responsibility of the crisis management team?

keeping the public informed about the event and the actions being taken

The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary is called __________.

least privilege

The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption, including all impact considerations, is known as __________.

maximum tolerable downtime (MTD)

The objective of the external __________ domain within the maintenance model is to provide early awareness of new and emerging threats, threat agents, vulnerabilities, and attacks that the organization needs in order to mount an effective and timely defense.

monitoring

The __________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.

need to know

As each project nears completion, a(n) __________ risk assessment group reviews the impact of the project on the organization's risk profile.

operational

The Hartford insurance company estimates that, on average, __________ businesses that don't have a disaster plan go out of business after a major loss like a fire, a break-in, or a storm.

over 40 percent of

The __________ tester's ultimate responsibility is to identify weaknesses in the security of the organization's systems and networks and then present findings to the system owners in a detailed report.

penetration

Organizations should perform a(n) __________ assessment of their information security programs.

periodic

Contingency planning is primarily focused on developing __________.

plans for unexpected adverse events

Which of the following is an organizational CP philosophy for overall approach to contingency planning reactions?

protect and forget

The __________ step in the intranet vulnerability assessment is identical to the one followed in Internet vulnerability analysis.

record-keeping

The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources and supported business processes is known as __________.

recovery time objective (RTO)

Within TCB, a conceptual piece of the system that manages access controls—in other words, it mediates all access to objects by subjects—is known as a __________.

reference monitor

The primary goal of the vulnerability assessment and __________ domain is to identify specific, documented vulnerabilities and remediate them in a timely fashion.

remediation

Which of the following refers to the backup of data to an off-site facility in close to real time based on transactions as they occur?

remote journaling

The primary goal of the readiness and __________ domain is to keep the information security program functioning as designed and improve it continuously over time.

review

The primary objective of the planning and __________ domain is to keep a lookout over the entire information security program

risk assessment

To design a security program, an organization can use a(n) __________, which is a generic outline of the more thorough and organization-specific blueprint.

security model

A(n) __________ risk is one that is higher than the risk appetite of the organization.

significant

In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?

simulation

The steps in IR are designed to:

stop the incident, mitigate incident effects, provide information for recovery from the incident

In __________ selection, all areas of the organization's premises should be scanned with a portable wireless network scanner.

target

Which of the following is NOT a major component of contingency planning?

threat assessment

Under TCSEC, the combination of all hardware, firmware, and software responsible for enforcing the security policy is known as the __________.

trusted computing base (TCB)

Which of the following is a "possible" indicator of an actual incident, according to Donald Pipkin?

unusual consumption of computing resources

Which of the following is a definite indicator of an actual incident, according to Donald Pipkin?

use of dormant accounts

When an organization uses specific hardware and software products as part of its information security program, the __________ external intelligence source often provides either direct support or indirect tools that allow user communities to support each other.

vendor

Rehearsals that use plans as realistically as possible are called __________ games.

war

Which of the following is a mathematical tool that is useful in assessing the relative importance of business functions based on criteria selected by the organization?

weighted table analysis

A useful tool for resolving the issue of what business function is the most critical, based on criteria selected by the organization, is the __________.

weighted table analysis or weighted factor analysis

At what point in the incident life cycle is the IR plan initiated?

when an incident is detected that affects the organization

The __________ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's wireless local area networks.

wireless

The amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered is known as __________.

work recovery time (WRT)


Conjuntos de estudio relacionados

Ch 1 Who are Americans?: An Increasingly Diverse Nation

View Set

Speech to the Second Virginia Convention

View Set

NIMS-Principles & Practices-Chapter 2 (2nd Edition).

View Set

WGU C192 Data Management for Programmers

View Set

Chapter 14 - Depressive Disorders (Psych) EAQ's

View Set