Network Security Chp 4,6, 7, 8- Quiz

¡Supera tus tareas y exámenes ahora con Quizwiz!

Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid.

False. Promiscuous, Permissive, Prudent, Paranoid

A remediation liaison makes sure all personnel are aware of and comply with an organization's policies.

False. A compliance liaison makes sure all personnel are aware of and comply with an organization's policies. Remediation involves fixing something that is broken or defective.

Procedures do NOT reduce mistakes in a crisis.

False. Procedures reduce mistakes in a crisis, ensure you don't miss important steps, provide for places within the process to conduct assurance checks, and are mandatory requirements.

Which intrusion detection system strategy relies upon pattern matching?

Signature detection

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?

Simulation test

You are calculating the risk level in your organization using quantitative risk assessment strategies. If the SLE is $10,000 and the ARO is 12, what is the dollar value for the ALE?

$120,000 The ALE is calculated by multiplying the SLE by the ARO.

In the lab, you changed the password policy to require:

8 characters.

What is a CBF?

Any function considered vital to an organization

Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?

Checklist

You learned about the different phases in an SDLC. In which of the following phases are functional specifications created?

Design

Many jurisdictions require audits by law.

True

The __________ instructs Linux which folders to share with NFS and what NFS features should be enabled.

/etc/exports file

Which of the following tools helps discover unwanted operating system changes and non-compliant systems within the network?

Baseline analyzers

Which one of the following is an example of a direct cost that might result from a business disruption?

Facility repair

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?

Audit

A hardware configuration chart should NOT include copies of software configurations.

False. A hardware configuration chart should include copies of all software configurations so that you can examine changes and updates planned for one device in terms of their impact on other devices.

Mandatory vacations minimize risk by rotating employees among various systems or duties.

False. Job rotation minimizes risk by rotating employees among various systems or duties. Mandatory vacations give you the opportunity to detect fraud. When users are on vacation, you should suspend their access to your environment.

During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system.

False. Secure — Ensure that new, and existing, controls work together to protect the intended level of security. Monitor — Review and measure all controls to capture actions and changes on the system.

Which regulatory standard would NOT require audits of companies in the United States?

Personal Information Protection and Electronic Documents Act (PIPEDA)

A security policy environment is made up of standards, baselines, guidelines, and ____________.

Procedures

Which of the following involves a review of controls that could mitigate each risk and weighs the cost, both in terms of time and money, of implementing those controls against the likelihood of the risk itself?

Risk assessment

What is NOT generally a section in an audit report?

System configurations

After audit activities are completed, auditors perform data analysis.

True

Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.

True

Screen locks are a form of endpoint device security control.

True

The Gramm-Leach-Bliley Act (GLBA) addresses information security concerns in the financial industry.

True

The mount -o mtype=hard 172.30.0.200:/var/www * command is used to:

mount the NFS share onto a Windows drive.

Change control management should be focused on:

the three core goals of confidentiality, integrity, and availability (C-I-A) of information.

When the 172.30.0.10 IP host responded to the ICMP echo-requests, how many ICMP echo-reply packets were sent back to the vWorkstation?

4 echo replies

Which one of the following is the best example of an authorization control?

Access control lists

What is NOT a principle for privacy created by the Organization for Economic Cooperation and Development (OECD)?

An organization should share its information.

The four main types of logs that you need to keep to support security auditing include event, access, user, and security.

False

Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers?

HIPAA

Which of the following tools enables the security practitioner to discover vulnerabilities and patch-level deficiencies at the Windows host machine level?

Microsoft Security Baseline Analyzer

Which of the following is used to make remote folders appear as part of the local file system on Linux and even Windows systems?

NFS

Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities but does not allow other activities. Which permission level is he planning to use

Prudent

Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining?

Recovery time objective (RTO)

Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?

Report writing

Which of the following statements is true when using SSH to remotely access a Cisco router?

SSH encrypts the data transmission between the SSH client and the SSH host to maintain confidentiality.

Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions?

Threat. The three characteristics normally used to make classification decisions are value, sensitivity, and criticality.

A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster

True

A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing.

True

An SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).

True

An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.

True

Anomaly-based intrusion detection systems compare current activity with stored profiles of normal (expected) activity.

True

Company-related classifications are not standard, therefore, there may be some differences between the terms "private" and "confidential" in different companie.

True

In the lab, you installed the __________ feature on a remote Domain Controller.

Windows Server Backup

Which of the following is a freeware tool providing basic packet capture and protocol decoding capabilities?

Wireshark

Which of the following tools is used to capture data packets over time (continuously or overnight)?

Wireshark

The __________ creates a symbolic link so that remote Z: drive can be accessed as a local folder called www on the C: drive.

mklink command

In the lab, after opening the Windows Backup Admin (wbadmin) GUI from the Server Manager menu, an amber caution symbol indicated that there was:

no backup currently scheduled.

Before analyzing packets in NetWitness Investigator, you must first create a collection and then import a(n):

packet capture file.

Using Group Policy Objects, __________ can be set within Active Directory and automatically enforced.

password policies

Wireshark is a popular tool for capturing network traffic in __________ mode.

promiscuous

Most enterprises are well prepared for a disaster should one occur.

False

Change doesn't create risk for a business.

False. Change creates risk for a business. It might circumvent established security features and it could result in outage or system failure. It might require extensive retraining for employees to learn how to use the new systems.

What information should an auditor share with the client during an exit interview?

Details on major issues

What is NOT one of the three tenets of information security?

Safety

The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.

True

The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?

13

Which of the following refers to the middle pane of the Wireshark window that is used to display the packet structure and contents of fields within the packet?

Frame detail

In the lab, on the Specify Backup Time page, you selected a scheduled backup time that corresponded to:

6 hours from the current time.

Which of the following tools is built into the Windows operating systems?

Group Policy Objects

You are an IRT member and are responsible for the boundary protection of the network, such as implementing firewalls and the intrusion detection system (IDS). What is your role on the IRT?

Information security member

Which of the following tools scans for available updates to the operating system, Microsoft Data Access Components (MDAC), Microsoft XML Parser (MSXML), .NET Framework, and SQL Server?

Microsoft Security Baseline Analyzer

Which item is an auditor least likely to review during a system controls audit

Resumes of system administrators

Which practice is NOT considered unethical under RFC 1087 issued by the Internet Architecture Board (IAB)?

Enforcing the integrity of computer-based information

What is the first step in a disaster recovery effort?

Ensure that everyone is safe.

Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device.

False

Which of the following statements is true regarding managing change management?

Many tools and suites are available to aid the security practitioner in implementing and managing change management.

What is NOT a commonly used endpoint security technique?

Network firewall

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?

System integrity monitoring

Performing security testing includes vulnerability testing and penetration testing.

True

Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than justin individual packets.

True

Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.

True

Standards are used when an organization has selected a solution to fulfill a policy goal.

True

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.

True

With proactive change management, management initiates the change to achieve a desired goal.

True

A report indicating that a system's disk is 80 percent full is a good indication that something is wrong with that system.

False

Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management.

False

When should an organization's managers have an opportunity to respond to the findings in an audit?

Managers should include their responses to the draft audit report in the final audit report.

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?

Payment Card Industry Data Security Standard (PCI DSS)

Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of?

Phishing. Phishing attacks use email messages and/or webpages that resemble the work of a reputable organization. They attempt to deceive users into revealing sensitive information, such as passwords.

Marguerite is creating a budget for a software development project. What phase of the system life cycle is she undertaking?

Project initiation and planning. The project initiation and planning phase includes developing project budgets, system design, maintenance, and the project timeline.

Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network

Secure Sockets Layer (SSL)

Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?

Security information and event management (SIEM)

Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?

Service level agreement (SLA). SLAs are formal contracts that detail the specific services a vendor will provide. Notification of security breaches is a common requirement found in SLAs.

A successful change control program should include the following elements to ensure the quality of the change control process: peer review, documentation, and back-out plans.

True

A surge protector is an example of a preventative component of a disaster recovery plan (DRP).

True

Written security policies document management's goals and objectives.

True

In the lab, once the installation process was complete and you returned to the Server Manager, an amber caution symbol indicated that there was:

a post-installation task remaining to configure the Windows Server Essentials role that was just installed.(?)

In an accreditation process, who has the authority to approve a system for implementation?

Authorizing official (AO). The authorizing official (AO) is a senior manager who reviews the certification report and makes the decision to approve a system for implementation. The AO officially acknowledges and accepts the risk that the system may pose to agency mission, assets, or individuals.

Which of the following identifies what assets are required for the business to recover from an event and continue doing business?

Business impact analysis

Which activity manages the baseline settings for a system or device?

Configuration control. Configuration control is the management of the baseline settings for a system device. The baseline settings are designed to meet security requirements.

Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices?

Data ownership

Authorization controls include biometric devices.

False

The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios.

False

What compliance regulation applies specifically to the educational records maintained by schools about students?

Family Education Rights and Privacy Act (FERPA)

Which of the following refers to the top pane of the Wireshark window that contains all of the packets that Wireshark has captured, in time order and provides a summary of the contents of the packet in a format close to English?

Frame summary

In the lab, you used the __________ to create a new group policy object to strengthen the password policies on the remote Windows server.

Group Policy Management Console

Which of the following would NOT be considered in the scope of organizational compliance efforts?

Laws. Organizational compliance efforts include compliance with an organization's own policies, audits, culture, and standards. Legal compliance falls under the realm of regulatory compliance, not organizational compliance.

Which of the following tools uses Microsoft Update and Windows Server Update Services (WSUS) technologies to scan for insecure configuration settings and Windows service packs and patches?

Microsoft Security Baseline Analyzer

What is the correct order of steps in the change control process?

Request, impact assessment, approval, build/test, implement, monitor

Which formula is typically used to describe the components of information security risks?

Risk = Threat X Vulnerability

Which of the following uses the TFTP (Trivial File Transfer Protocol) to send (put) or receive (get) files between computers

The Tftpd64 application

Social engineering is deceiving or using people to get around security controls.

True

The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.

True

Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?

Access to a high level of expertise. In this scenario, Mark is most likely to achieve access to a high level of expertise because security vendors focus exclusively on providing advanced security services. Mark's costs are likely to increase rather than decrease with outsourcing, and this decision will inhibit developing internal knowledge and talent.

Which of the following documents specific procedures to return a given system or subsystem to production in the event of failure or compromise?

Disaster recovery plan

In Wireshark, which of the following enable you to find only the traffic you wish to analyze?

Display filters

Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?

Does the firewall properly block unsolicited network connection attempts

A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.

False

What is a set of concepts and policies for managing IT infrastructure, development, and operations?

IT Infrastructure Library (ITIL)

Which one of the following is an example of a reactive disaster recovery control?

Moving to a warm site

Which security testing activity uses tools that scan for services running on systems?

Network mapping

The Microsoft Security Baseline Analyzer is:

available free of charge.

Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.

False

You are an auditor who has been assigned the task of auditing the IT department of Maxwell Consultants. It is your first day at the office. Which of the followings tasks will you undertake?

Identify which sections of Maxwell's IT department will be audited.

Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?

Parallel test

George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?

Risk Management Guide for Information Technology Systems (NIST SP800-30)

Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?

SOC 3

During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences.

True

One advantage of using a security management firm for security monitoring is that it has a high level of expertise.

True

The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems.

True

Which of the following tools enables a system administrator or security practitioner to set and enforce key security policies at the Active Directory Forest, Domain, and Organizational Unit level?

Group Policy Objects

Which of the following determines the probability of a risk (such as an earthquake or a power outage) to occur and the impact that occurrence would have on operations?

Risk analysis

During the planning and execution phases of an audit, an auditor will most likely review risk analysis output.

True

In security testing data collection, observation is the input used to differentiate between paper procedures and the way the job is really done.

True

In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks.

True

Policies that cover data management should cover transitions throughout the data life cycle.

True

SOC 2 reports are created for internal and other authorized stakeholders and are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.

True

Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation?

Warm site

In the lab, you created a text file to schedule a daily backup. This type of file is called a __________.

batch file

In the lab, Wireshark continued to capture data in the background until the:

capture process was manually stopped later in the lab.

What is NOT a good practice for developing strong professional ethics?

Assume that information should be free. Users should not assume that information is free and respect intellectual property rights. Assuming that information should be free is one of the common fallacies about ethics.

Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?

Authorization. Authorization determines the permissions that a user or process has in an access control scheme. In this case, Janet is determining those permissions, so she is performing an authorization function.

Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?

Baseline. Baselines provide basic configurations for specific types of computers or devices. Baselines are the benchmarks that help make sure a minimum level of security exists across multiple systems and across different products.

Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?

Black-box test

Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time.

False

The term risk methodology refers to a list of identified risks that results from the risk-identification process.

False

Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?

False positive error

Certification is the formal agreement by an authorizing official to accept the risk of implementing a system.

False. Accreditation is the formal agreement by an authorizing official to accept the risk of implementing a system. Certification is the process of reviewing a system throughout its life cycle to ensure that it meets its specified security requirements.

Often an extension of a memorandum of understanding (MOU), the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets.

False. The interconnection service agreement (ISA) serves as an agreement that documents the technical requirements of interconnected assets, and is often an extension of a MOU. A BPA creates preapproved accounts with qualified suppliers to fulfill recurring orders for products or services.

The term "data owner" refers to the person or group that manages an IT infrastructure.

False. The term "system owner" refers to the person or group that manages the infrastructure. The data owner is the person who owns the data or of someone the owner assigns.

The __________ on the Wireshark toolbar is used to filter all packets and only show those packets that meet certain criteria.

Filter box

Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data?

Formatting. Formatting a disk does not remove the data stored on it and is not a reliable data destruction technique. Physically destroying the media, overwriting the data multiple times, and degaussing with a magnetic field are all acceptable means for data destruction.

In the lab, you used the __________ to link the new password group policy object to the Active Directory domain for the virtual lab environment.

Group Policy Management Console

Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?

Is the security control likely to become obsolete in the near future

Which agreement type is typically less formal than other agreements and expresses areas of common interest?

Memorandum of understanding (MOU). An MOU, also called a letter of intent, is an agreement between two or more parties that expresses areas of common interest that result in shared actions. MOUs are generally less enforceable than a formal agreement.

Which of the following tools can be used to ensure a newly installed system meets or exceeds the organization's baseline security standard prior to deployment and can also help enforce patch management and change control policies?

Microsoft Security Baseline Analyzer

The data captured in Wireshark can be imported to __________ where it cleanly parses and displays the data for analysis by the administrator.

NetWitness Investigator

Which of the following provides security practitioners with a deep packet inspection tool used for examining everything from the data link layer up to the application layer?

NetWitness Investigator

What level of technology infrastructure should you expect to find in a cold site alternative data center facility?

No technology infrastructure

What is NOT a goal of information security awareness programs?

Punish users who violate policy

Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?

Risk survey results

In what type of attack does the attacker send unauthorized commands directly to a database?

SQL injection. In an SQL injection attack, the attacker executes malicious SQL statements against a database that provide unauthorized access to data or allow other unauthorized database activities.

Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing?

Separation of duties. The principles of separation of duties breaks a task into subtasks that different users must carry out. This means that a single user cannot carry out a critical task without the help or approval of another user.

Authentication controls include passwords and personal identification numbers (PINs).

True

Classification scope determines what data you should classify; classification process determines how you handle classified data.

True

In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data.

True

In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?

Waterfall. The waterfall model is a sequential process for developing software. The essence of the waterfall model is that no phase begins until the previous phase is complete.

NetWitness categorizes and organizes traffic so that:

anomalous patterns become more apparent.

Keeping up with technology advances, newly discovered vulnerabilities, and system updates is best done through:

change control management.

What was the terminal password for LanSwitch1 and LanSwitch2?

cisco

Service Type, Source IP Address, Destination IP Address, Action Event, User Account, and Password are all examples of the:

collection categories that NetWitness Investigator recognizes.

Much of the policy revealed in the "Password must meet complexity requirements" window:

enforces current best practices—with the exception of password length.

The Microsoft Security Baseline Analyzer __________ scores the severity of each vulnerability and offers suggestions for addressing each of the vulnerabilities found.

report

Wireshark's ability to capture traffic is greatly hampered by __________ because only packets destined to and from an attached system are forwarded.

switched networks

In the lab, you created a text file to use __________ to create a backup copy of the new www folder and scheduled that backup command to recur every day.

xcopy

Which of the following determines the impact to an organization in the event that key processes and technology are not available?

Business impact analysis

Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).

False

An SOC 1 report primarily focuses on security.

False. Internal controls over financial reporting. Users and auditors. This is commonly implemented for organizationsthat must comply with Sarbanes-Oxley (SOX) or theGramm-Leach-Bliley Act (GLBA).

Configuration changes can be made at any time during a system life cycle and no process is required.

False. It's important that all configuration changes occur only within a controlled process. Uncontrolled configuration changes often result in conflicts and even new security vulnerabilities.

In the lab, a variety of options for strengthening password policy were displayed in the:

Group Policy Management Editor.

In the lab, you created and saved a __________ showing the properties for the password object you created earlier in the lab.

Group Policy Object report

Which of the following refers to the bottom pane of the Wireshark window where all of the information in the packet is displayed in hexadecimal on the left and in decimal, in characters when possible, on the left?

Hex pane

In the Windows Scan Results section of the Microsoft Security Baseline Analyzer report, the __________ link opens a new Internet Explorer window with information about the issue and possible solutions.

How to correct this

In the Host Name (or IP address) box of the PuTTY Configuration dialog box, you typed in 172.16.8.5, which is the:

IP address for LanSwitch1.

In the lab, which document recommended that you 1) configure local backups of Active Directory on the existing virtual server using Windows Server Backup, 2) configure the organization's web servers to host content from a single Network File Share (NFS) share, 3) back up that NFS share daily using Windows, and 4) copy these backups to an offsite facility?

Business continuity plan

Which of the following clearly defines responsibilities and support structures (e.g., facilities, personnel, equipment, software, data files, vital records, etc.) to carry on the business after an event?

Business continuity plan

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?

Business continuity plan (BCP)

The idea that users should be granted only the levels of permissions they need in order to perform their duties is called the principle of least privilege.

True

The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.

True

In the lab, you used Windows Server Backup to make a daily backup of __________, which contains all of the users, groups, distribution lists, and organizational units used in the Domain.

Active Directory


Conjuntos de estudio relacionados

Bringing Extinct Species Back to Life: Is it a good idea?

View Set

Chapter 58: Chronic Neurologic Problems Harding: Lewis's Medical-Surgical Nursing, 11th Edition

View Set

(2) Absolute Grounds for Refusal of Registration

View Set