PrinciplesOfInformatioSecurity_Midterm_Chpt1_to_7
T or F: One form of e-mail attack that is also a DoS is called a mail spoof, in which an attacker routes large quantities of e-mail to the target.
F; page 100; One form of e-mail attack that is also a DoS is called a mail BOMB, in which an attacker routes large quantities of e-mail to the target
T or F; With electronic information is stolen, the crime is readily apparent.
F; page 114. With electronic information is stolen, the crime is NOT readily apparent
T or F: An act of theft performed by a hacker falls into the category of "theft," but is also often accompanied by defacement actions to delay discovery and thus may also be placed within the category of "forces of nature."
F; page 114; see table 2-5 page 60.
T or F: The key difference between laws and ethics is that ethics carry the authority of a governing body and laws do not.
F; page 125; difference is LAWS carry the authority of a governing body and laws do not.
T or F: Due care requires that an organization make a valid effort to protect others and continually maintain this level of effort.
F; page 125; due care measures that an organization takes to ensure every employee knows what is acceptable and what is not.
T or F: The difference between a policy and a law is that ignorance of a law is an acceptable defense.
F; page 126; The difference b/w a policy and a law is that ignorance of a POLICY is an acceptable defense.
T or F: HIPAA specifies particular security technologies for each of the security requirements to ensure the privacy of the health-care information.
F; page 132.
T or F: The United States has implemented a version of the DMCA law called the Database Right, in order to comply with Directive 95/46/EC.
F; page 135; DMCA is the Digital Millennium Copyright Act of 1998, provides specific penalties for removing copyright protection from media.
T or F: The Graham-Leach-Bliley Act is a critical piece of legislation that affects the executive management of publicly traded corporations and public accounting firms.
F; page 135; The Graham-Leach-Bliley Act is Sarbanes-Oxley Act of 2002; SOX enforces accountability for executives.
T or F: Intellectual privacy is recognized as a protected asset in the United States.
F; page 139; privacy is property. Intellectual property is a protected asset in the US.
T or F: Thirty-four countries have ratified the European Council Cyber-Crime Convention as of April 2010.
F; page 144; 41 nations have ratified the convention as of January 2014...Council of Europe Convention on Cybercrime.
In a study on software licence infringement, those from United States were significantly more permissive.
F; page 147 ; United States is Netherlands. Netherlands is significantly more permissive
T or F: Cultural differences can make it easy to determine what is and is not ethical—especially when it comes to the use of computers.
F; page 147; cultural differences make it difficult.
T or F: There are four general causes of unethical and illegal behavior.
F; page 152; There are THREE general causes for illegal behavior: Ignorance, Accident, Intent.
T or F: The Association for Computing Machinery and the Information Systems Security Association have the authority to banish violators of their ethical standards from practicing their trade.
F; page 154, 155; ACM-ethics for security professionals, ISSA-professional security information sharing.
T or F: The Department of Homeland Security is the only U.S. federal agency charged with the protection of American information resources and the investigation of threats to, or attacks on, the resources.
F; page 155, 156; Several key US federal agencies are charged with protection of American information resources and the investigation of threats to, or attacks on, the resources.
T or F: The Department of Homeland Security was created in 1999.
F; page 156; 1999 is 2003. DHS was created in 2003
T or F: DHS is made up of three directorates.
F; page 156; DHS is made up of SEVERAL directorates and offices through which it carries out its mission of protecting American citizens as well as the physical and information assets of the US.
T or F: A standard is a plan or course of action that conveys instructions from an organization's senior management to those who make decisions, take actions, and perform other duties.
F; page 179; Standards are more detailed statements of what must be done to comply with policy.
T or F: The ISSP sets out the requirements that must be met by the information security blueprint or framework.
F; page 184; An organizational policy that provides detailed, targeted guidance to instruct all members of the organization i the use of a resource, such as one of ts processes or technologies.
T or F: A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employee's actions.
F; page 187; ....the company is NOT liable for this action
T or F: ACLs are more specific to the operation of a system than rule-based policies and they may or may not deal with users directly.
F; page 188, 189
T or F: A managerial guidance SysSP document is created by the IT experts in a company to guide management in the implementation and configuration of technology.
F; page 188; A managerial guidance SysSP document is created by management to guide the implementation and configuration of technology and to address the behavior of employees in the ways that support information security.
T or F: The security framework is a more detailed version of the security blueprint.
F; page 194; security framework is also known a a security model
T or F: The global information security community has universally agreed with the justification for the code of practices as identified in the ISO/IEC 17799.
F; page 196; The global information security community HAD NOT DEFINED ANY justification for a code of practice indentifed in ISO/IEC 17799
T or F: ISO/IEC 17799 is more useful than any other information security management approach.
F; page 197; There was no reason to believe that ISO/IEC 17799 was more useful than any other approach
T or F: NIST 800-14, The Principles for Securing Information Technology Systems, provides detailed methods for assessing, designing, and implementing controls and plans for applications of varying size.
F; page 202; NIST 80014...makes sure needed key elements of a successful effort are factored into the design of an info security prog, and produce a blueprint for an effective security architecture.
T or F: Information security safeguards provide two levels of control: managerial and remedial.
F; page 209; Information Security Safeguards provide three levels of control; managerial, operational, and technical.
T or F: One of the basic tenets of security architectures is the layered implementation of security, which is called defense in layers.
F; page 209; layers is depth
T or F: 15. Within security perimeters the organization can establish security circles.
F; page 210 ; circles is domains
T or F: Every member of the organization needs a formal degree or certificate in information security.
F; page 212; Everyone in an organization... NOT need a formal degree or certificate in information security.
T or F: A(n) sequential roster is activated as the first person calls a few people on the roster, who in turn call a few other people.
F ; page 229; sequential is hierarchical
T or F: The shoulder looking technique is used in public or semipublic settings when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance
F ; page 67 ; The shoulder SURFING technique is used in public or semi-public setting when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance.
T or F: A(n) IR plan ensures that critical business functions continue if a catastrophic incident or disaster occurs.
F; IR is business continuity (BC) business continuity BC
T or F: Laws are more detailed statements of what must be done to comply with policy.
F; Laws are Standards
T or F: Qualitative-based measures are comparisons based on numerical standards, such as numbers of successful attacks.
F; Qualitative is Quantitative[Metrics]
T or F: Systems-specific security policies are formalized as written documents readily identifiable as policy.
F; Systems is Issue
T or F: A firewall can be a single device or a firewall extranet, which consists of multiple firewalls creating a buffer between the outside and inside networks.
F; extranet is subnet
T or F: A(n) honeynet is usually a computing device or a specially configured computer that allows or prevents access to a defined area based on a set of rules.
F; honeynet is firewall
T or F: A(n) integrated information security policy is also known as a general security policy.
F; integrated is enterprise
T or F: Every organization should have the collective will and budget to manage every threat by applying controls.
F; page
T or F: Every state has implemented uniform laws and regulations placed on organizational use of computer technology.
F; page
T or F: Informational controls guide the development of education, training, and awareness programs for users, administrators, and management.
F; page
T or F: Protocols are activities performed within the organization to improve security.
F; page
T or F: The Security Area Working Group endorses ISO/IEC 17799.
F; page
T or F; DoS attacks cannot be launched against routers.
F; page 100. DoS attacks CAN ALSO be launched against routers or other network server systems if these hosts enable other TCP services, such as echo.
T or F: A(n) full backup only archives the files that have been modified that day, and thus requires less space and time than the differential.
F; page 235; full is incremental
T or F: Major risk is a combined function of (1) a threat less the effect of threat-reducing safeguards, (2) a vulnerability less the effect of vulnerability reducing safeguards, and (3) an asset less the effect of asset value-reducing safeguards.
F; page ; Major is Residual
T or F: Mutually exclusive means that all information assets must fit in the list somewhere.
F; page ; Mutually exclusive is Comprehensive; page 266.
T or F: Once a(n) back door has infected a computer, it can redistribute itself to all e-mail addresses found on the infected system.
F; page ; Once a VIRUS OR WORM has infected a computer, it can redistribute itself to all email addresses found on the infected system.
T or F: In information security, benchmarking is the comparison of security activities and events against the organization's future performance.
F; page ; benchmarking is baselining
T or F: Risk measure defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.
F; page ; measure is appetite
T or F: The Federal Privacy Act of 1974 regulates government agencies and holds them accountable if they release information about national security.
F; page ; national security is individual privacy.
T or F: Within best practices, the optimum standard is a subcategory of practices that are typically viewed as "the best of the best."
F; page ; optimum is gold
Program-specific policies address the specific implementations or applications of which users should be aware.
F; page ; program-specific is issue-specific
T or F: Within organizations, technical feasibility defines what can and cannot occur based on the consensus and relationships between the communities of interest.
F; page ; technical is political
T or F: Civil law addresses activities and conduct harmful to society and is actively enforced by the state.
F; page127 ; Civil law is Criminal law. Civil law embodies a wide variety of laws. Criminal law addresses violations harmful to society. Criminal law
T or F: The standard should begin with a clear statement of purpose.
F; standard is policy
T or F: The vision of an organization is a written statement of an organization's purpose.
F; vision is mission
True or False: Ethics carry the authority of governing authority.
False
T or F: When Web services are offered outside the firewall, SMTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture.
False: SMTP is HTTP; page
T or F: SOHO assigns non-routing local addresses to the computer systems in the local area network and uses the single ISP-assigned address to communicate with the Internet.
False: SOHO is NAT
T or F: Circuit gateway firewalls usually look at data traffic flowing between one network and another.
False: page
T or F: Enticement is the action of luring an individual into committing a crime to get a conviction.
False; Enticement is ENTRAPMENT; page 426; entrapment The act of luring a person into committing a crime in order to get a conviction. pen register An application that records information about outbound communications.
T or F: Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization.
False; Fingerprinting is FOOTPRINTING; page 428
T or F: First generation firewalls are application-level firewalls.
False; First is SECOND
T or F: A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing.
False; NIDPS is HIDPS; page 402; An HIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing.
T or F: SESAME may be obtained free of charge from MIT.
False; SESAME is Kerberos
T or F: Traces, formally known as ICMP Echo requests, are used by internal systems administrators to ensure that clients and servers can communicate.
False; Traces is PINGS
T or F: In the process of protocol application verification, the NIDPSs look for invalid data packets.
False; application is STACK; page 395; In the process of protocol stack verification, NIDPSs look for invalid data packets—
T or F: Kerberos uses asymmetric key encryption to validate an individual user to various network resources.
False; asymmetric is SYMMETRIC
T or F: The false detect rate is the percentage of identification instances in which unauthorized users are allowed access to systems or areas as a result of a failure in the biometric device.
False; detect is ACCEPT; page 334; false accept rate The rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. This failure is also known as a Type II error or a false positive.
T or F: The false error rate is the percentage of identification instances in which authorized users are denied access a result of a failure in the biometric device.
False; error is REJECT; page 334; false reject rate The rate at which authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device. This failure is also known as a Type I error or a false negative
T or F: The confidence value, which is based upon false logic, helps an administrator determine how likely it is that an IDPS alert or alarm indicates an actual attack in progress.
False; false is FUZZY; page 389; The confidence value, which is based on fuzzy logic, helps an administrator determine the likelihood that an IDPS alert or alarm indicates an actual attack in progress.
T or F: Alarm filtering is alarm clustering that may be based on combinations of frequency, similarity in attack signature, similarity in attack target, or other criteria that are defined by the system administrators.
False; filtering is COMPACTION; page 389; Alarm clustering and compaction: A process of grouping almost identical alarms that occur nearly at the same time into a single higher-level alarm. This consolidation reduces the number of alarms, which reduces administrative overhead and identifies a relationship among multiple alarms. Clustering may be based on combinations of frequency, similarity in attack signature, similarity in attack target, or other criteria that are defined by system administrators.
T or F: The filtering component of a content filter is like a set of firewall rules for Web sites, and is common in residential content filters.
False; filtering is RATING
There are individuals who search trash and recycling — a practice known as ____ — to retrieve information that could embarrass a company or compromise information security. a. side view c. recycle diving b. dumpster diving d. garbage collection
b. dumpster diving
Complete loss of power for a moment is known as a ____. a. sag c. brownout b. fault d. blackout
b. fault
A security ____ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization. a. plan c. mission b. framework d. blanket
b. framework
Criminal or unethical ____ goes to the state of mind of the individual performing the act. a. attitude c. accident b. intent d. ignorance
b. intent
A(n) ____ is a network tool that collects copies of packets from the network and analyzes them. a. packet scanner c. honey pot b. packet sniffer d. honey packet
b. packet sniffer;
An alert ____ is a document containing contact information for the people to be notified in the event of an incident. a. message c. plan b. roster d. list
b. roster
____ is any technology that aids in gathering information about a person or organization without their knowledge. a. A bot c. Trojan b. Spyware d. Worm
b. spyware.
In ____ mode, the data within an IP packet is encrypted, but the header information is not. a. tunnel c. public b. transport d. symmetric
b. transport
The restrictions most commonly implemented in packet-filtering firewalls are based on ____. a. IP source and destination address b. Direction (inbound or outbound) c. TCP or UDP source and destination port requests d. All of the above
d. All of the above
The ____ is the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate. a. BIOM c. IIS b. REC d. CER
d. CER;
The National Information Infrastructure Protection Act of 1996 modified which Act? a. USA PATRIOT Act b. USA PATRIOT Improvement and Reauthorization Act c. Computer Security Act d. Computer Fraud and Abuse Act
d. Computer Fraud and Abuse Act. page 128.
____ attempts to prevent trade secrets from being illegally shared. a. Electronic Communications Privacy Act b. Sarbanes-Oxley Act c. Financial Services Modernization Act d. Economic Espionage Act
d. Economic Espionage Act
Which of the following is an example of a Trojan horse program? a. Netsky c. Klez b. MyDoom d. Happy99.exe
d. Happy99.exe
A(n) ____ plan deals with the identification, classification, response, and recovery from an incident. a. CM c. DR b. BC d. IR
d. IR
____ addresses are sometimes called electronic serial numbers or hardware addresses. a. HTTP c. DHCP b. IP d. MAC
d. MAC
What country adopted ISO/IEC 17799? a. United States c. Japan b. Germany d. None of the above
d. None of the above
In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) ____. a. VPN c. ticket b. ECMA d. PAC
d. PAC; page 376; The token is then presented to a privilege attribute server, instead of a ticket-granting service as in Kerberos, as proof of identity to gain a privilege attribute certificate (PAC).
The ____ data file contains the hashed representation of the user's password. a. SLA c. FBI b. SNMP d. SAM
d. SAM.
A packet-____________________ firewall installed on a TCP/IP based network typically functions at the IP level and determines whether to drop a packet (deny) or forward it to the next network connection (allow) based on the rules programmed into the firewall.
filtering
A(n) ____________________ is a device that selectively discriminates against information flowing into or out of the organization.
firewall
A(n) ____________________ is an information security program that prevents specific types of information from moving between the outside world and the inside world.
firewall
cultural mores
fixed moral attitudes or customs of a particular group
Computer ____________________ is the process of collecting, analyzing, and preserving computer-related evidence.
forensics
(ISC)^2 code of ethics focuses on ____ mandatory canons.
four
The security ____________________ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.
framework
Privacy Laws
free from unsanctioned intrusion
Policies
functions as organizational law that dictates acceptable and unacceptable behavior.
The difference between an organization's measures and those of others is often referred to as a performance ____________________.
gap
Information systems are made of major components of;
hardware, software, data, people, procedures, and networks.
When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) ____________________.
honeynet
A(n) ____________________ system contains pseudo-services that emulate well-known services, but is configured in ways that make it look vulnerable to attacks.
honeypot
A(n) ____________________-based IDPS resides on a particular computer or server and monitors activity only on that system.
host;
A(n) ____________________ site is a fully configured computer facility, with all services, communications links, and physical plant operations including heating and air conditioning.
hot
Configuration rule policies govern...
how a security system reacts to received data.
The low overall degree of tolerance for ____________________ system use may be a function of the easy association between the common crimes of breaking and entering, trespassing, theft, and destruction of property to their computer-related counterparts.
illicit
A(n) ____________________ is any clearly identified attack on the organization's information assets that would threaten the assets' confidentiality, integrity, or availability.
incident
information security protects
information assets that use, store, or transmit information through application of policy, education and technology.
A(n) ____________________ IDPS can adapt its reactions in response to administrator guidance over time and circumstances of the current local environment.
smart;
A packet ____________________ is a network tool that collects copies of packets from the network and analyzes them.
sniffer
In the context of information security, ____________________ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.
social engineering
____________________ is unsolicited commercial e-mail.
spam
____________________ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host.
spoofing
Some policies may need a(n) ____________________ indicating their expiration date.
sunset clause
Security ____________________ are the technical implementations of the policies defined by the organization.
technologies
Liability
the legal obligation of an entity extending beyond criminal or contract law; includes the legal obligation to make restitution. Tort law.
Restitution
the legal obligation to compensation an injured party for wrongs committed.
Due care
the legal standard requiring a prudent organization to act legally and ethically and know the consequences of actions.
due diligence
the legal standard requiring a prudent organization to maintain the standard of due care and ensure actions are effective.
A(n) ____________________ is an object, person, or other entity that represents an ongoing danger to an asset.
threat
After identifying and performing the preliminary classification of an organization's information assets, the analysis phase moves on to an examination of the ____________________ facing the organization.
threats
In Kerberos, a(n) ____________________ is an identification card for a particular client that verifies to the server that the client is requesting services and that the client is a valid member of the Kerberos system and therefore authorized to receive services.
ticket
DHS Mission:
to protect the citizens as well as the physical and informational assets of the US.
Upper management drives the _____ approach to security.
top-down
FBI primary law enforcement agency investigates:
traditional crimes and cybercrimes.
The circuit gateway firewall operates at the ____________________ layer.
transport
In ____________________ mode, the organization establishes two perimeter tunnel servers.
tunnel
resource management
using information security knowledge and infrastructure efficiently and effectively.
Asset ____________________ is the process of assigning financial value or worth to each information asset.
valuation
A(n) ____________________ private network is a private and secure network connection between systems that uses the data communication capability of an unsecured and public network.
virtual
The ____________________ of an organization is a written statement about the organization's goals answering the question of where the organization will be in five years.
vision
A(n) ____________________ is an identified weakness in a controlled system, where controls are not present or are no longer effective.
vulnerability
A(n) ____________________ dialer is an automatic phone-dialing program that dials every number in a configured range, and checks to see if a person, answering machine, or modem picks up.
war.
American Recover and Reinvestment Act[ARRA]
was designed to provide a response to the economic crisis in the United States, focused on providing tax cuts and funding for programs, federal contracts, grants, and loans.
Once the inventory and value assessment are complete, you can prioritize each asset using a straightforward process known as ____________________ analysis.
weighted factor
Data owners
who are responsible for the security and use of a particular set of information.
Data custodians
who are responsible for the storage, maintenance, and protection of the information.
Data users
who work with the information to perform their daily jobs and support the mission of the organization.
A(n) ____________________ is a malicious program that replicates itself constantly, without requiring another program environment.
worm
T or F: Benefit is the value that an organization realizes by using controls to prevent losses associated with a specific vulnerability.
T; page
T or F: Operational feasibility is also known as behavioral feasibility.
T; page
T or F: Policies are documents that specify an organization's approach to security.
T; page
T or F: Security efforts that seek to provide a superior level of performance in the protection of information are referred to as best business practices.
T; page
T or F: The gateway router can be used as the front-line defense against attacks, as it can be configured to allow only set types of protocols to enter.
T; page
T or F: The general management of an organization must structure the IT and information security functions to defend the organization's information assets.
T; page
T or F: The mitigate control strategy attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.
T; page
T or F: When the organization is pursuing an overall risk management program, it requires a(n) systematic report that enumerates the opportunities for controlling risk.
T; page
T or F; A timing attack involves the interception of cryptographic elements to determine keys and encryption algorithms.
T; page
T or F: A mail bomb is a form of DoS.
T; page 100.
T or F; A sniffer program shows all the data going by on a network segment including passwords, the data inside files—such as word-processing documents—and screens full of sensitive data from applications.
T; page 101,102.
T or F: Sniffers often work on TCP/IP networks, where they're sometimes called packet sniffers.
T; page 101.
T or F: Ethics define socially acceptable behaviors.
T; page 125, 164
T or F: Privacy is not absolute freedom from observation, but rather is a more precise "state of being free from unsanctioned intrusion."
T; page 130
T or F: The Clipper Chip can be used to monitor or track private communications.
T; page 130-131.
T or F: The Economic Espionage Act of 1996 protects American ingenuity, intellectual property, and competitive advantage.
T; page 135, 139; Economic Espionage Act of 1996 attempts to prevent trade secrets from being illegally shared.
T or F: In 1995 the Directive 95/46/EC was adopted by the European Union.
T; page 145;
T or F: Studies have reported that the Pacific Rim countries of Singapore and Hong Kong are hotbeds of software piracy.
T; page 147.
T or F: Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality's ethical behavior violates the ethics of another national group.
T; page 147.
T or F: Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident.
T; page 152; this is Accident[cause of unethical and illegal behavior]
T or F: The code of ethics put forth by (ISC)2 focuses on four mandatory canons: "Protect society, the commonwealth, and the infrastructure; act honorably, honestly, justly, responsibly, and legally; provide diligent and competent service to principals; and advance and protect the profession.".
T; page 155,
T or F: The Secret Service is charged with the detection and arrest of any person committing a United States federal offense relating to computer fraud and false identification crimes.
T; page 159, 160.
T or F: The communications networks of the United States carry more funds than all of the armored cars in the world combined.
T; page 159.
T or F: The Federal Bureau of Investigation deals with many computer crimes that are categorized as felonies.
T; page 161
T or F: Established in January 2001, the National InfraGard Program began as a cooperative effort between the FBI's Cleveland Field Office and local technology professionals.
T; page 162.
T or F: The Federal Bureau of Investigation's National InfraGard Program serves its members in four basic ways: Maintains an intrusion alert network using encrypted e-mail; Maintains a secure Web site for communication about suspicious activity or intrusions; Sponsors local chapter activities; Operates a help desk for questions.
T; page 162.
T or F: The NSA is responsible for signal intelligence and information system security.
T; page 163.
T or F: Quality security programs begin and end with policy.
T; page 177
T or F: You can create a single comprehensive ISSP document covering all information security issues.
T; page 184
T or F: Each policy should contain procedures and a timetable for periodic review.
T; page 187
T or F: The policy administrator is responsible for the creation, revision, distribution, and storage of the policy.
T; page 192
T or F: To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and planned revision date.
T; page 192
T or F: Many industry observers claim that ISO/IEC 17799 is not as complete as other frameworks.
T; page 197
T or F: Failure to develop an information security system based on the organization's mission, vision, and culture guarantees the failure of the information security program.
T; page 201
The concept of competitive ____ refers to falling behind the competition. a. disadvantage c. failure b. drawback d. shortcoming
a. disadvantage
A ____ filtering firewall can react to an emergent event and update or create rules to deal with the event. a. dynamic c. stateful b. static d. stateless
a. dynamic
The ____ security policy is an executive-level document that outlines the organization's approach and attitude towards information security and relates the strategic value of information security within the organization. a. general c. issue-specific b. agency d. system-specific
a. general
One form of online vandalism is ____ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. a. hacktivist c. hackcyber b. phvist d. cyberhack
a. hacktivist.
A(n) ____ IDPS is focused on protecting network information assets. a. network-based c. application-based b. host-based d. server-based
a. network-based; page 394
There are generally two skill levels among hackers: expert and ____. a. novice c. packet monkey b. journeyman d. professional
a. novice.
Most NBA sensors can be deployed in ____ mode only, using the same connection methods as network-based IDPSs. a. passive c. reactive b. active d. dynamic
a. passive; page 399
The ____ security policy is a planning document that outlines the process of implementing security in the organization. a. program c. issue-specific b. agency d. system-specific
a. program
The first phase of risk management is ____. a. risk identification c. risk control b. design d. risk evaluation
a. risk identification
"4-1-9" fraud is an example of a ____ attack. a. social engineering c. worm b. virus d. spam
a. social engineering
The ____ strategy attempts to shift risk to other assets, other processes, or other organizations. a. transfer control c. accept control b. defend control d. mitigate control
a. transfer control
A(n) ____________________ vulnerability scanner is one that initiates traffic on the network in order to determine security holes.
active
The policy champion and manager is called the policy ____________________.
administrator
A(n) ____________________ message is a scripted description of an incident, usually just enough information so that each individual knows what portion of the IRP to implement, and not enough to slow down the notification process.
alert
Strategic Alignment
alignment of information security with business strategy to support organiza tional objectives. does your security plan fit the security plan of the organization? Are you managing your risk?What resources are you using and how are you using? Measure performance.
In ____________________ protocol verification, the higher-order protocols are examined for unexpected packet behavior, or improper use.
application
Long-Arm jurisdiction
application of laws to those residing outside a court's normal jurisdiction; usually granted when a person's acts illegally within the jurisdiction and leaves. Special council Mueller is an example.
Information security has been described as a ___ and ___ and comprises of aspects of ____.
art, science, social science.
You can assess the relative risk for each of the vulnerabilities by a process called risk ____________________.
assessment
A(n) ____________________ is an act that takes advantage of a vulnerability to compromise a controlled system.
attack
Health Insurance Portability and Accountability Act[HIPPA] of 1996
attempts to protect the confidentiality and security of health care data by establishing and enforcing standards and by the standardizing electronic data interchange.
Cost ____________________ is the process of preventing the financial impact of an incident by implementing a control.
avoidance
ICMP uses port ____ to request a response to a query and can be the first indicator of a malicious attack. a. 4 c. 8 b. 7 d. 48
b. 7
The formal decision making process used when consider the economic feasibility of implementing information security controls and safeguards is called a(n) ____. a. ARO c. ALE b. CBA d. SLE
b. CBA; cost-benefit analysis (CBA)
____ law comprises a wide variety of laws that govern a nation or state. a. Criminal c. Public b. Civil d. Private
b. Civil.; page 164.
The ____ is an intermediate area between a trusted network and an untrusted network. a. perimeter c. domain b. DMZ d. firewall
b. DMZ
____ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede. a. IR c. BC b. DR d. BR
b. DR
The ____ is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts. a. ISP c. GSP b. EISP d. ISSP
b. EISP; page 182; enterprise information security policy (EISP) The high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts. An EISP is also known as a security program policy, general security policy, IT security policy, high-level InfoSec policy, or simply an InfoSec policy.
A(n) ____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment. a. IP c. CTO b. FCO d. HTTP
b. FCO; FCO [field change order]
____ is an event that triggers an alarm when no actual attack is in progress. a. False Positive c. False Negative b. False Attack Stimulus d. Noise
b. False Attack Stimulus; page 389
What is the subject of the Sarbanes-Oxley Act? a. Banking c. Privacy b. Financial Reporting d. Trade secrets
b. Financial Reporting
The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts. a. Violence c. Theft b. Fraud d. Usage
b. Fraud. page 128
____ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol. a. Buzz c. Spike b. Fuzz d. Black
b. Fuzz; page 436
____ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files. a. NIDPSs c. AppIDPSs b. HIDPSs d. SIDPSs
b. HIDPSs; page400;
The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange. a. Customer c. Computer b. Health Insurance d. Telecommunications
b. Health Insurance. page 132.
____ generates and issues session keys in Kerberos. a. VPN c. AS b. KDC d. TGS
b. KDC; page 374; Key Distribution Center (KDC), which generates and issues session keys
____ controls address personnel security, physical security, and the protection of production inputs and outputs. a. Informational c. Technical b. Operational d. Managerial
b. Operational
____ is an integrated system of software, encryption methodologies, and legal agreements that can be used to support the entire information infrastructure of an organization. a. SSL c. PKC b. PKI d. SIS
b. PKI
ISA Server can use ____ technology. a. PNP c. RAS b. Point to Point Tunneling Protocol d. All of the above
b. Point to Point Tunneling Protocol
____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty. a. Probability c. Possibility b. Risk d. Chance
b. Risk
Web hosting services are usually arranged with an agreement providing minimum service levels known as a(n) ____. a. SSL c. MSL b. SLA d. MIN
b. SLA
____ is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device. a. NIDPS [network based IDPS] c. DPS b. SPAN [switched port analysis] d. IDSE
b. SPAN; page 393; monitoring port Also known as a switched port analysis (SPAN) port or mirror port, a specially configured connection on a network device that can view all the traffic that moves through the device.
____ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall. a. Dynamic c. Stateful b. Static d. Stateless
b. Static
The ____ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network. a. WWW c. FTP b. TCP d. HTTP
b. TCP.
Kerberos ____ provides tickets to clients who request services. a. KDS c. AS b. TGS d. VPN
b. TGS; page 374; Kerberos ticket granting service (TGS), which provides tickets to clients who request services.
____ applications use a combination of techniques to detect an intrusion and then trace it back to its source. a. Trace and treat c. Treat and trap b. Trap and trace d. Trace and clip
b. Trap and Trace;
A(n) ____ is "a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures." a. SVPN c. SESAME b. VPN d. KERBES
b. VPN
Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility. a. benefit c. acceptance b. appetite d. avoidance
b. appetite
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage ____. a. with intent c. with malice b. by accident d. with negligence
b. by accident
Risk ____ is the application of controls to reduce the risks to an organization's data and information systems. a. management c. identification b. control d. security
b. control
The ____ strategy attempts to prevent the exploitation of the vulnerability. a. suspend control c. transfer control b. defend control d. defined control
b. defend control
Types of laws
1. constitutional. 2. Statutory: Civil--tort, and Criminal. 3. Regulatory or Administrative. 4.Common Case, and Precedent. 5. Private and Public.
The control and use of data in the organization is accomplished by:
1. data owners 2. data custodians 3. data users
The three communities in information security are:
1. general management. 2. IT management. 3. information security management .
Mid-Level Manager responsiblities:
1. implement/audit/enforce/assess compliance. 2. Communicate policies, program(training).
Deterrence, best method for preventing an illegal or unethical activity:
1. laws. 2. policies. 3. technical controls.
FBI's National InfraGard Program:
1. maintains an intrusion alert network. 2. maintains a secure web site for communication about suspicious activity of intrusions. 3. Sponsors local chapter activities. 4. Operates a help desk for questions.
CEO responsibilities
1. oversees overall corporate security posture[account to the board]. 2. Brief board, customers, public.
What are the five goals of information security governance outcomes?
1. strategic alignment. 2. Risk management. 3. Resource management. 4. Performance Measurement. 5. Value delivery.
____________________ controls are security processes that are designed by strategic planners and implemented by the security administration of the organization.
Managerial
T or F: NIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, includes templates for major application security plans.
T; page 202
T or F: Management controls address the design and implementation of the security planning process and security program management.
T; page 209
T or F: Security training provides detailed information and hands-on instruction to employees to prepare them to perform their duties securely.
T; page 213
T or F: Additional redundancy to RAID can be provided by mirroring entire servers called redundant servers or server fault tolerance.
T; page 236
T or F: Disaster recovery personnel must know their roles without supporting documentation.
T; page 243
T or F: Establishing a competitive business model, method, or technique enabled an organization to provide a product or service that was superior and created a(n) competitive advantage.
T; page 254
T or F: Risk control is the application of controls to reduce the risks to an organization's data and information systems.
T; page 255
T or F: You should adopt naming standards that do not convey information to potential system attackers.
T; page 263
T or F: A certificate authority should actually be categorized as a software security component.
T; page 266
T or F: Examples of exceptionally grave damage include armed hostilities against the United States or its allies and disruption of foreign relations vitally affecting the national security.
T; page 267
T or F: When determining the relative importance of each asset, refer to the organization's mission statement or statement of objectives to determine which elements are essential, which are supportive, and which are merely adjuncts.
T; page 271
T or F: One way to determine which information assets are critical is by evaluating how much of the organization's revenue depends on a particular asset.
T; page 272
T or F: The amount of money spent to protect an asset is based in part on the value of the asset.
T; page 273
T or F: The value of intellectual property influences asset valuation.
T; page 274.
T or F: The most common of the mitigation procedures is the disaster recovery plan.
T; page 297
T or F: To determine if the risk is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited.
T; page 299
T or F: A(n) exposure factor is the expected percentage of loss that would occur from a particular attack.
T; page 301
T or F: Leaving unattended computers on is one of the top information security mistakes made by individuals.
T; page 301,302
T or F: Some argue that it is virtually impossible to determine the true value of information and information-bearing assets.
T; page 303
T or F: A(n) qualitative assessment is based on characteristics that do not use numerical measures.
T; page 306
T or F: Best business practices are often called recommended practices.
T; page 308;
T or F: Organizations should communicate with system users throughout the development of the security program, letting them know that change are coming.
T; page 313
T or F: The results from risk assessment activities can be delivered in a number of ways: a report on a systematic approach to risk control, a project-based risk assessment, or a topic-specific risk assessment.
T; page 314
T or F: Information security safeguards the technology assets in use at the organization.
T; page 52.
T or F: Intellectual property is defined as "the ownership of ideas and control over the tangible or virtual representation of those ideas."
T; page 60.
T or F: A number of technical mechanisms—digital watermarks and embedded code, copyright codes, and even the intentional placement of bad sectors on software media—have been used to enforce copyright laws.
T; page 61.
T or F: Hackers are "people who use and create computer software to gain access to information illegally."
T; page 68.
T or F: Expert hackers are extremely talented individuals who usually devote lots of time and energy to attempting to break into other people's information systems.
T; page 69.
T or F: A firewall is a mechanism that keeps certain kinds of network traffic out of a private network.
T; page 699.
T or F: With the removal of copyright protection, software can be easily distributed and installed.
T; page 73.
T or F: Organizations can use dictionaries to disallow passwords during the reset process and thus guard against easy-to-guess passwords.
T; page 75
T or F: Forces of nature, force majeure, or acts of God can present some of the most dangerous threats, because they are usually occur with very little warning and are beyond the control of people.
T; page 77.
T or F: Much human error or failure can be prevented with training and ongoing awareness activities.
T; page 81
T or F: Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways.
T; page 88.
T or F: A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures.
T; page 91
T or F: A worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.
T; page 91.
T or F: The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information.
T; page 91.
T or F: A(n) cookie can allow an attacker to collect information on how to access password-protected sites.
T; page 92.
T or F: A disaster recovery plan addresses the preparation for and recovery from a disaster, whether natural or man-made.
T; page pg 215
T or F: Deterrence can prevent an illegal or unethical activity from occurring.
T; page165.
T or F: A(n) capability table specifies which subjects and objects users or groups can access.
True
T or F: Best practices in firewall rule set configuration state that the firewall device is never accessible directly from the public network.
True
T or F: Circuit gateway firewalls prevent direct connections between one network and another.
True
T or F: In order to keep the Web server inside the internal network, direct all HTTP requests to the proxy server and configure the internal filtering router/firewall only to allow the proxy server to access the internal Web server
True
T or F: NIST documents can assist in the design of a security framework
True
T or F: Policies are living documents that must be managed.
True
T or F: SP 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, must be customized to fit the particular needs of a(n) organization.
True
T or F: Some policies may also need a(n) sunset clause indicating their expiration date.
True
T or F: The ECPA works in cooperation with the Fourth Amendment of the U.S. Constitution, which prohibits search and seizure without a warrant.
True
T or F: The Federal Agency Security Practices (FASP) site is a popular place to look up best practices.
True
T or F: The security blueprint is the basis for the design, selection, and implementation of all security program elements including such things as policy implementation and ongoing policy management.
True
True of False: Laws carry the authority of governing authority.
True
True of False: Policies function as organizational laws.
True
True of False: Policies must be crafted and implemented with care to ensure they are complete, appropriate, and fairly applied to everyone.
True
True of False: with proper acknowledgment, it is permissible to include portions of others' work as reference.
True
True or False: Ignorance of a policy is an acceptable defense.
True
T or F: The statistical anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal.
True; page 444; Statisti cal anomaly-based IDPSs, also known as behavior-based IDPSs, collect data from nor- mal traffic and establish a baseline.
T or F: When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) honeynet.
True; page424
T or F: An attacker who suspects that an organization has dial-up lines can use a device called a(n) war dialer to locate the connection points.
True;page
The ____________________ Act of 2001 provides law enforcement agencies with broader latitude in order to combat terrorism-related activities.
U.S.A. Patriot USA Patriot
A ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. a. denial-of-service c. virus b. distributed denial-of-service d. spam
b. distributed denial-of-service
____ policies address the particular use of certain systems. a. Systems-specific c. Network-specific b. General d. Platform-specific
a. Systems-specific
____ defines stiffer penalties for prosecution of terrorist crimes. a. USA Patriot Act c. Gramm-Leach-Bliley Act b. Sarbanes-Oxley Act d. Economic Espionage Act
a. USA Patriot Act
The application gateway is also known as a(n) ____. a. application-level firewall c. proxy firewall b. client firewall d. All of the above
a. application-level firewall
Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident. a. assessment c. recovery b. evaluation d. plan
a. assessment
Security ____ are the areas of trust within which users can freely communicate. a. perimeters c. rectangles b. domains d. layers
b. domains
In a(n) _____, each information asset is assigned a score for each of a set of assigned critical factor. a. OPSEC c. weighted factor analysis b. COMSEC d. data classification scheme
c. weighted factor analysis
The timing attack explores the contents of a Web browser's ____________________.
cache
With a(n) ____________________ IDPS control strategy all IDPS control functions are implemented and managed in a central location.
centralized
Incident ____________________ is the process of examining a potential incident, or incident candidate, and determining whether or not the candidate constitutes an actual incident.
classification
A(n) ____________________ desk policy requires that employees secure all information in appropriate storage containers at the end of each day.
clean
Overriding an employee's security ____________________ requires that the need-to-know standard be met.
clearance
When the measured activity is outside the baseline parameters, it is said to exceed the ____________________ level.
clipping; page 404
Alarm ____________________ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm.
clustering;
Guidelines are recommendations for ___.
compliance.
Procedures are step-by-step instructions for ___.
compliance.
Standards are detailed minimum specifications for ___.
compliance.
FBI key priorities include:
computer/network intrusions, identity theft, and fraud.
critical characteristics of information include:
confidentiality; integrity; and availability. [CIA], must be protected at all times.
A(n) ____________________ filter is a software filter — technically not a firewall — that allows administrators to restrict access to content from within a network.
content
Jurisdiction
court's right to hear a case if the wrong was committed in its territory or involved its citizenry.
Attempting to reverse-calculate a password is called ____________________.
cracking
The actions taken during and after a disaster are referred to as ____________________ management.
crisis
The ____________________ error rate is the level at which the number of false rejections equals the false acceptances, also known as the equal error rate.
crossover
The Council of Europe adopted the Convention of CyberCrime in ____. a. 1976 c. 1998 b. 1986 d. 2001
d. 2001
Telnet protocol packets usually go to TCP port ____. a. 7 c. 14 b. 8 d. 23
d. 23
RAID ____ drives can be hot swapped. a. 2 c. 4 b. 3 d. 5
d. 5
Which of the following ports is commonly used for the HTTP protocol? a. 20 c. 53 b. 25 d. 80
d. 80;
Effective management includes planning and ____. a. organizing c. controlling b. leading d. All of the above
d. All of the above
NSA is
1. the nation's cryptology organization. 2. Responsible for signal intelligence and information assurance (security). 3. Information Assurance Directorate[IAD] is responsible for the protection of systems that store, process, and transmit information of high national value.
Criteria for policy enforcement:
1.Dissemination[distribution]. 2.Review[reading]. 3. Comprehension[understanding]. 4. Compliance[agreement]. 5. Uniform enforcement.
____________________ information is created by combining pieces of non-private data—often collected during software updates, and via cookies—that when combined may violate privacy.
Aggregate
Describe the capabilities of a sniffer.
A sniffer is a program or device that can monitor data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information from a network. Unauthorized sniffers can be extremely dangerous to a network's security, because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal. Sniffers often work on TCP/IP networks, where they're sometimes called packet sniffers. Sniffers add risk to the network, because many systems and users send information on local networks in clear text. A sniffer program shows all the data going by, including passwords, the data inside files and screens full of sensitive data from applications.
The ____________________ Act of 1996 attempts to prevent trade secrets from being illegally shared.
Economic Espionage
The ____________________ Act of 1986 is a collection of statutes that regulates the interception of wire, electronic, and oral communications.
Electronic Communications Privacy
____________________ is the process of attracting attention to a system by placing tantalizing bits of information in key locations.
Enticement
T or F: A worm requires that another program is running before it can begin functioning.
F; page 91; is a type of malware that is capable of activation and replication WITHOUT being attached to an existing program.
T or F: The macro virus infects the key operating system files located in a computer's boot sector.
F; page 93 ; The Boot virus infects the key operating system files located in a computer's boot sector.
T or F: ALE[annualized loss expectancy (ALE)] determines whether or not a particular control alternative is worth its cost.
F; page ; ALE is CBA[cost-benefit analysis (CBA)]
Laws and policies and their associated penalties only deter if which of the following conditions is present? a. Fear of penalty b. Probability of being caught c. Probability of penalty being administered d. All of the above
d. All of the above
Redundancy can be implemented at a number of points throughout the security architecture, such as in ____. a. firewalls c. access controls b. proxy servers d. All of the above
d. All of the above
Practices, procedures and guidelines
effectively explain how to comply with standards.
For hardware devices, the ____________________ number is used by the network operating system to identify a specific network device.
electronic serial MAC address hardware address
The expert hacker sometimes is called ____________________ hacker.
elite
Health Information Technology for Economic and Clinical Health[HITECH]
enacted as part of ARRA, and in cooperation with HIPAA, also requires that covered entities notify information owners of breaches. California.
To secure data in transit across any network, organizations must use ____________________ to be assured of content privacy.
encryption
When information gatherers employ techniques that cross the threshold of what is legal or ethical, they are conducting industrial ____________________.
espionage
Information security should be implemented in ____.
every major system.
information Security
evolved from the early field of computer security.
Risk Management
executing appropriate measures to manage and mitigate threats to information resources
A single loss ____________________ is the calculation of the value associated with the most likely loss from an attack.
expectancy
All information that has been approved by management for public release has a(n) ____________________ classification
external
T or F: A(n) server-based IDPS protects the server or host's information assets.
false; server-based is HOST-BASED; page 394
Operational ____________________ analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.
feasibility
Standards
more detailed statements of what must be done to comply with policy.
A(n) ____________________ is a contract between two or more organizations that specifies how each will assist the other in the event of a disaster.
mutual agreement
The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called ____________________.
noise;
International Information Systems Security Certification Consortium, Inc. [(ISC)2]
nonprofit organization focusing on the development and implementation of information security certifications and credentials.
Simple firewall models enforce address ____________________, which are rules designed to prohibit packets with certain addresses or partial addresses from passing through the device.
restrictions.
Content filters are often called ____________________ firewalls.
reverse
laws
rules that mandate or prohibit certain behavior and are enforced by state.
Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____________________ host.
sacrificial
A momentary low voltage is called a(n) ____________________.
sag
The architecture of a(n) ____________________ firewall provides a DMZ.
screened subnet
Sarbanes-Oxley Act of 2002
seeks to improve the reliability and accuracy of financial reporting and increase the accountability of corporate governance in publicly traded companies.
Enterprise Information Security Policy[EISP]
sets strategic direction, scope and tone for all security efforts within the organization.
Three methods dominate the IDPSs detection methods: ____________________-based approach, statistical anomaly-based approach or the stateful packet inspection approach.
signature;
Each organization has a culture in which communities of interest re united by a similar ___ and ____.
similar values and share common objectives
ISSP does the following:
(1) addresses specific areas of technology as listed below, (2) requires frequent updates, and (3) contains a statement about the organization's position on a specific issue.
Three common approaches when creating and managing ISSPs:
(1) addresses specific areas of technology as listed below, (2) requires frequent updates, and (3) contains a statement about the organization's position on a specific issue.
Authorized access and usage of equipment
1. User access. 2. Fair and responsible use. 3. Protection of privacy.
ISSP Components of Policy:
-Statement of policy -Authorized access and usage of equipment -Prohibited use of equipment -Systems management -Violations of policy -Policy review and modification -Limitations of liability
Violations of policy:
. Procedures for reporting violations . Penalties for violations
EISP Elements should include:
1. An overview of the corporate philosophy on security. 2. Information on the structure of the information security organization and people who fulfill the information security role. 3. Fully articulated responsibilities for security that are shared by all members of the organization (employees, contractors, consultants, partners, and visitors) 4. Fully articulated responsibilities for security that are unique to each role within the organization.
PCI DSS (Payment Card Industry Data Security Standard) addresses six areas:
1. Build and maintain secure networks/systems. 2. Protect card holder data. 3. Maintain a vulnerability management program. 4. Implement strong access control measures. 5. Regularly monitor and test networks. 6. Maintain information security policy.
Security planning, who are the big players?
1. CIO. 2. CEO. 3. Board of Governers.
List at least six general categories of threat.
1. Compromises to intellectual property. 2. Software attacks 3. Deviations in quality of service 4. Espionage or trespass 5. Forces of nature 6. Human error or failure 7. Information extortion 8. Missing, inadequate, or incomplete 9. Missing, inadequate, or incomplete controls 10. Sabotage or vandalism 11. Theft 12. Technical hardware failures or errors 13. Technical software failures or errors 14. Technological obsolescence
List the five fundamental principles of HIPAA.[page 132]
1. Consumer control of medical information 2. Boundaries on the use of medical information 3. Accountability for the privacy of private information 4. Balance of public responsibility for the use of medical information for the greater good measured against impact to the individual 5. Security of health information
HIPPA has five fundamental privacy principles:
1. Consumer control of medical information. 2. Boundaries of the use of medical information. 3. Accountability for the privacy of private information. 4. Balance of public responsibility for the use of medical information for the greater good measured against impact to the individual. 5. Security in health information.
Prohibited use of equipment:
1. Disruptive use or misuse 2. Criminal use 3. Offensive or harassing materials 4. Copyrighted, licensed, or other intellectual property 5. Other restrictions
Deterrence: Laws and policies only deter if three conditions are present:
1. Fear of penalty. 2. Probability of being apprehended. 3. Probability of penalty being applied.
National Information Infrastructure Act of 1996 severity penalties was judged on the value of information and the purpose:
1. For purposes of commercial advantage. 2. For private financial gain. 3. In furtherance of a criminal act.
EISP addresses compliance in two areas:
1. General compliance. 2. use of specific penalties and disciplinary action.
What are the three general categories of unethical behavior that organizations and society should seek to eliminate?
1. Ignorance. 2. Accident. 3. Intent.
Systems Management
1. Management of stored materials 2.Employee monitoring 3.Virus protection 4.Physical security 5.Encryption
SysSPs fall into two groups:
1. Managerial guidance. 2. Technical specifications.
If someone suspects identity theft, the FTC recommends:
1. Place an initial fraud alert. 2. Order your credit reports. 3. Create an identity theft report. 4. Monitor your progress.
Statement of policy
1. Scope and applicability. 2. Definition of technology addressed. 3. Responsibilities.
CSO, CIO, CRO, and Department/Agency Head responsiblities:
1. Set security policy, procedures, program, training for company. 2. Respond to security breaches(investigate, mitigate, litigate). 3. Responsible for independent annual audit coordination. 4. Implement/audit/enforce/assess compliance.
List seven key areas identified by Microsoft as best security practices for home users.
1. Use antivirus software. 2. Use strong passwords. 3. Verify your software security settings. 4. Update product security. 5. Build personal firewalls. 6. Back up early and often. 7. Protect against power surges and loss.
Access Control List (ACL) is a
A clearly defined list of permissions that specifies what actions an authenticated user may perform on a shared resource.
Describe viruses and worms.
A computer virus consists of segments of code that perform malicious actions. This code behaves very much like a virus pathogen attacking animals and plants, using the cell's own replication machinery to propagate and attack. The code attaches itself to the existing program and takes control of that program's access to the targeted computer. The virus-controlled target program then carries out the virus's plan, by replicating itself into additional targeted systems. A worm is a malicious program that replicates itself constantly, without requiring another program to provide a safe environment for replication. Worms can continue replicating themselves until they completely fill available resources, such as memory, hard drive space, and network bandwidth.
Digital Millennium Copyright Act (DMCA)
A federal statute that prohibits unauthorized access to copyrighted digital works by circumventing encryption technology or the manufacture and distribution of technologies designed for the purpose of circumventing encryption protection of digital works.
intellectual property
A product of the intellect, such as an expressed idea or concept, that has commercial value.
issue-specific security policy(ISSP)
A security policy that addresses specific security issues.
A(n) ____________________ is a detailed examination of the events that occurred from first detection to final recovery.
AAR after-action review AAR (after-action review) after-action review (AAR)
What must a VPN that proposes to offer a secure and reliable capability while relying on public networks accomplish?
ANS: - Encapsulation of incoming and outgoing data, wherein the native protocol of the client is embedded within the frames of a protocol that can be routed over the public network as well as be usable by the server network environment. - Encryption of incoming and outgoing data to keep the data contents private while in transit over the public network but usable by the client and server computers and/or the local networks on both ends of the VPN connection. - Authentication of the remote computer and, perhaps, the remote user as well. Authentication and the subsequent authorization of the user to perform specific actions are predicated on accurate and reliable identification of the remote system and/or user.
List and describe the four advantages of HIDPSs.
ANS: 1. A HIDPS can detect local events on host systems and also detect attacks that may elude a network-based IDS. 2. A HIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing. 3. The use of switched network protocols does not affect a HIDPS. 4. A HIDPS can detect inconsistencies in how applications and systems programs were used by examining the records stored in audit logs. This can enable it to detect some types of attacks, including Trojan Horse programs.
Briefly describe the seven best practices rules for firewall use.
ANS: 1. All traffic from the trusted network is allowed out. 2. The firewall device is never directly accessible from the public network for configuration or management purposes. 3. Simple Mail Transport Protocol (SMTP) data is allowed to pass through the firewall, but it should all be routed to a well-configured SMTP gateway to filter and route messaging traffic securely. 4. All Internet Control Message Protocol (ICMP) data should be denied. 5. Telnet (terminal emulation) access to all internal servers from the public networks should be blocked. 6. When Web services are offered outside the firewall, HTTP traffic should be denied from reaching your internal networks through the use of some form of proxy access or DMZ architecture. 7. All data that is not verifiably authentic should be denied.
List and describe the three advantages of NIDPSs.
ANS: 1. Good network design and placement of NIDPS devices can enable an organization to use a few devices to monitor a large network. 2. NIDPSs are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. 3. NIDPSs are not usually susceptible to direct attack and, in fact, may not be detectable by attackers.
List and describe at least four reasons to acquire and use an IDPS.
ANS: 1. To prevent problem behaviors by increasing the perceived risk of discovery and punishment for those who would attack or otherwise abuse the system 2. To detect attacks and other security violations that are not prevented by other security measures 3. To detect and deal with the preambles to attacks (commonly experienced as network probes and other 'doorknob rattling' activities) 4. To document the existing threat to an organization 5. To act as quality control for security design and administration, especially of large and complex enterprises 6. To provide useful information about intrusions that do take place, allowing improved diagnosis, recovery, and correction of causative factors.
List and describe the three interacting services of the Kerberos system.
ANS: Kerberos consists of three interacting services, all of which use a database library: 1. Authentication server (AS), which is a Kerberos server that authenticates clients and servers. 2. Key Distribution Center (KDC), which generates and issues session keys. 3. Kerberos ticket granting service (TGS), which provides tickets to clients who request services. In Kerberos a ticket is an identification card for a particular client that verifies to the server that the client is requesting services and that the client is a valid member of the Kerberos system and therefore authorized to receive services. The ticket consists of the client's name and network address, a ticket validation starting and ending time, and the session key, all encrypted in the private key of the server from which the client is requesting services.
Freedom of Information Act of 1966[FOIA]
Allows access to federal agency records or information not determined to be matter of national security.
____________________ are defined as information and the systems that use, store, and transmit information.
Assets
The ____________________ is a respected professional society that was established in 1947 as "the world's first educational and scientific computing society."
Association of Computing Machinery
The Remote ____________________ Dial-In User Service system centralizes the management of user authentication by placing the responsibility for authenticating each user in the central RADIUS server.
Authentication
Of the three types of mitigation plans, the ____________________ plan is the most strategic and long term.
BC Business Continuity BC (business continuity) business continuity (BC)
____________________ is the process of seeking out and studying the practices used in other organizations that produce results you would like to duplicate in your organization.
Benchmarking
____________________ are the fixed moral attitudes or customs of a particular group.
Cultural mores
In the well-known ____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. a. zombie-in-the-middle c. server-in-the-middle b. sniff-in-the-middle d. man-in-the-middle
D. man-in-the-middle
____________________ components account for the management of information in all its states: transmission, processing, and storage.
Data
DHS
Department of Homeland Security
____ and ____ are emerging accelerated development models that merge development and operational skills.
DevOps and SecOps
The ____________________ is the American contribution to an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures.
Digital Millennium Copyright Act (DMCA) Digital Millennium Copyright Act DMCA
T or F: Database shadowing only processes a duplicate in real-time data storage but does not duplicate the databases at the remote site.
F; page 240; a backup strategy to store duplicate online transaction data along with duplicate database at the remote site on a redundant server.
T or F: A cold site provides many of the same services and options of a hot site.
F; page 241; a cold site provides ONLY rudimentary services and facilities
T or F: Risk control is the examination and documenting of the security posture of an organization's information technology and the risks it faces.
F; page 256 ; control is identification
T or F: "If you realize you do not know the enemy, you will gain an advantage in every battle." (Sun Tzu)
F; page 256; "If you know the enemy and know yourself, ..."
T or F: Information security managers and technicians are the creators of information.
F; page 256; Information security managers and technicians are the DEFENDERS of information
T or F: Know yourself means identifying, examining, and understanding the threats facing the organization.
F; page 257; You must identify, examine, and understand the CURRENT INFORMATION AND SYSTEMS in your organization.
T or F: Once the organizational threats have been identified, an assets identification process is undertaken.
F; page 258; ...determine which threat aspects most directly affect the security of the organization....
T or F: Likelihood risk is the risk to the information asset that remains even after the application of controls.
F; page 259 ; Likelihood to Residual
T or F: Comprehensive means that an information asset should fit in only one category.
F; page 266; Comprehensive means that all information assets must fit in the list somewhere.
T or F: Each of the threats faced by an organization must be examined to assess its potential to endanger the organization and this examination is known as a threat profile.
F; page 275 ; profile is assessment
T or F: You cannot use qualitative measures to rank values.
F; page 276; You can use both quantitative and qualitative measures to rank values.
T or F: Risk evaluation assigns a risk rating or score to each information asset.
F; page 282 ; evaluation is assessment
T or F: Eliminating a threat is an impossible proposition.
F; page 296; It is difficult, but possible to eliminate a threat.
T or F: A(n) disaster recovery plan dictates the actions an organization can and perhaps should take while an incident is in progress.
F; page 297; disaster recover is incident
T or F: If every vulnerability identified in the organization is handled through mitigation, it may reflect an inability to conduct proactive security activities and an apathetic approach to security in general.
F; page 298; If the ACCEPTANCE STRATEGY is used to handle every vulnerability in the organization, its managers may be unable to conduct proactive security activities and portray an apathetic approach to security in general.
T or F: CBAs cannot be calculated after controls have been functioning for a time.
F; page 305; CBAs may be calculated before a control or safeguard is implemented to determine if the control is worth implementing.
T or F: Metrics-based measures are generally less focused on numbers and more strategic than process-based measures.
F; page 308; The other measures commonly used in bench-marking are processed-based measures, which are generally less focused on number and are more strategic than metrics-based measures.
T or F: A best practice proposed for a small home office setting is appropriate to help design control strategies for a multinational company.
F; page 309; NOT appropriate.
T or F: One problem with benchmarking is that there are many organizations that are identical.
F; page 311; Another problem with benchmarking is that NO TWO organizations are identical.
T or F: Internal benchmarking can provide the foundation for baselining.
F; page 311; In information security, BASELINING can provide the foundation for INTERNAL BASELINING.
T or F: Proxy servers can temporarily store a frequently visited Web page, and thus are sometimes called demilitarized servers.
F; page 348; chpt 6; demilitirized is cache
T or F: Information security's primary mission is to ensure that systems and their contents retain their confidentiality at all costs.
F; page 51: primary mission is to ensure that information assets remain safe and useful.
T or F: Two watchdog organizations that investigate allegations of software abuse: SIIA and NSA.
F; page 61, Two watchdog organizations are: SIIA [Software & Information Industry Association]and BSA[Business Software Alliance].
T or F: When voltage levels surge (experience a momentary increase), the extra voltage can severely damage or destroy equipment.
F; page 66 ; When voltage levels SPIKE, the extra voltage can severely damage or destroy equipment.
T or F: Packet kiddies use automated exploits to engage in distributed denial-of-service attacks.
F; page 68 ; Packet MONKEYS use automated exploits to engage in distributed denial-of-service attacks.
T or F: Attacks conducted by scripts are usually unpredictable.
F; page 70; script attacks are usually PREDICTABLE.
T or F: The term phreaker is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication
F; page 73.; The term CRACKER
T or F: The application of computing and network resources to try every possible combination of options of a password is called a brute crack attack.
F; page 75 ; The application of computing and network resources to try every possible combination of options of a password is called a brute FORCE attack.
T or F: Compared to Web site defacement, vandalism within a network is less malicious in intent and more public
F; page 88.
T or F: The activities that gather information about the organization and its network activities and assets is called fingerprinting.
False; fingerprinting is FOOTPRINTING; page 390; Footprinting refers to activities that gather information about the organization and its network activities and assets.
T or F: Port fingers are tools used by both attackers and defenders to identify (or fingerprint) the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information.
False; fingers is SCANNERS; page 432; port scanners Tools used both by attackers and defenders to identify or fingerprint active computers on a network, the active ports and services on those computers, the functions and roles of the machines, and other useful information.
T or F: When a dual-homed host approach is used, the bastion host contains four NICs.
False; four is TWO
T or F: Address grants prohibit packets with certain addresses or partial addresses from passing through the device.
False; grants is RESTRICTIONS
T or F: A padded cell is a hardened honeynet.
False; honeynet is HONEYPOT; page 424; padded cell system A protected honeypot that cannot be easily compromised.
T or F: An alert or intrusion is an indication that a system has just been attacked or is under attack.
False; intrusion is ALARM; page389; False positive: An alert or ALARM that occurs in the absence of an actual attack.
T or F: A(n) listener vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software.
False; listners is PASSIVE; page 437; A passive vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software.
T or F: A Web server is often exposed to higher levels of risk when placed in the DMZ than when it is placed in the untrusted network.
False; page
T or F: A content filter is technically a firewall.
False; page
T or F: All organizations with an Internet connection have some form of a router at the boundary between the organization's internal networks and the external service provider.
False; page
T or F: Even if Kerberos servers are subjected to denial-of-service attacks, a client can request additional services.
False; page
T or F: Firewall Rule Set 1 states that responses to internal requests are not allowed.
False; page
T or F: Internal computers are always visible to the public network.
False; page
T or F: Internet connections via dial-up and leased lines are becoming more popular.
False; page
T or F: Syntax errors in firewall policies are usually difficult to identify.
False; page
T or F: The DMZ cannot be a dedicated port on the firewall device linking a single bastion host.
False; page
T or F: The Extended TACACS version uses dynamic passwords and incorporates two-factor authentication.
False; page
T or F: The SMC Barricade residential broadband router does not have an intrusion detection feature.
False; page
T or F: A packet's structure is independent from the nature of the packet.
False; page 345; Packet structure VARIES DEPENDING on the nature of the packet
T or F: Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected.
False; page 388; Intrusion detection consists of procedures and systems that identify system intrusions.
T or F: The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus.
False; page 389; False attack stimulus: An event that triggers an alarm when no actual attack is in progress. Scenarios that test the configuration of IDPSs may use false attack stimuli to determine if the IDPSs can distinguish between these stimuli and real attacks.
T or F: A false positive is the failure of an IDPS system to react to an actual attack event.
False; page 389; False positive: A false positive can sometimes be produced when an IDPS mistakes normal system activity for an attack. An IDPS administrator can set up alarm filtering by running the system for a while to track the types of false positives it generates and then adjusting the alarm classifications.
T or F: NIDPSs can reliably ascertain if an attack was successful or not.
False; page 397; NIDPSs CANNOT reliably ascertain whether an attack was successful, which requires ongoing effort by the network administrator to evaluate logs of suspicious network activity.
T or F: All IDPS vendors target users with the same levels of technical and security expertise.
False; page 397; Some IDPS vendors are accommodating the need for ever faster network performance by improving the processing of detection algorithms in dedicated hardware circuits.
T or F: A HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches.
False; page 402; An HIDPS is NOT optimized to detect multihost scanning, nor is it able to detect scan ning from network devices that are not hosts, such as routers or switches. Unless complex correlation analysis is provided, the HIDPS will not be aware of attacks that span multiple devices in the network.
T or F: A passive response is a definitive action automatically initiated when certain types of alerts are triggered.
False; page 406; Passive-response IDPSs simply report the information they have collected and wait for the administrator to act. Generally, the administrator chooses a course of action after analyzing the collected data. - Passive response: setting off alarms or notifications, and collecting passive data through SNMP traps.
T or F: Your organization's operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems.
False; page 410; Your organization's operational goals, constraints, and culture WILL AFFECT the selection of the IDPS and other security tools and technologies to protect your systems.
T or F: Intrusion detection and prevention systems can deal effectively with switched networks.
False; page 414; Intrusion detection and prevention systems CANNOT deal effectively with switched networks.
T or F: Services using the TCP/IP protocol can run only on port 80.
False; page 433; Services that use the TCP/IP protocol can run on any port; however, services with reserved ports generally run on ports 1-1023.
T or F: Nmap uses incrementing Time-To-Live packets to determine the path into a network as well as the default firewall policy.
False; page 434; The Nmap tool mentioned earlier has some advanced options that are useful for firewall analysis. For example, the option called idle scanning, which is run with the -I switch, allows the-Nmap user to bounce a scan across a firewall by using one of the idle DMZ hosts as the initia tor of the scan.
T or F: A starting scanner is one that initiates traffic on the network in order to determine security holes.
False; page 435; An active scanner is one that initiates traffic on the network to determine security holes.
T or F: Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing.
False; page 437; The advantage of using passive scanners is that they DO NOT require vulnerability analysts to obtain approval prior to testing.
T or F: A sniffer cannot be used to eavesdrop on network traffic.
False; page 438; a sniffer CAN be used to eavesdrop on network traffic.
T or F: A(n) perimeter is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public.
False; perimeter is EXTRANET
T or F: For Linux or BSD systems, there is a tool called "scanner" that allows a remote individual to "mirror" entire Web sites.
False; scanner is WGET; page 431; For Linux or BSD systems, a tool called GNU Wget allows a remote user to "mirror" entire Web sites.
T or F: The static packet filtering firewall allows only a particular packet with a particular source, destination, and port address to enter through the firewall.
False; static is DYNAMIC
T or F: The trace usually consists of a honeypot or padded cell and an alarm.
False; trace it TRAP; page 427; The trap usually consists of a honeypot or padded cell and an alarm.
T or F: The trap is a process by which the organization attempts to identify an entity discovered in unauthorized areas of the network or systems.
False; trap is TRACE; page 427; The trace— which is similar to caller ID—is a process by which the organization attempts to identify an entity discovered in unauthorized areas of the network or systems
T or F: The outside world is known as the trusted network (e.g., the Internet).
False; trusted is UNTRUSTED
T or F: The popular use for tunnel mode VPNs is the end-to-end transport of encrypted data.
False; tunnel is TRANSPORT.
The ____________________ Act of 1999 contains a number of provisions focusing on facilitating affiliation among banks, securities firms, and insurance companies.
Financial Services Modernization Gramm-Leach-Bliley
____________________ is a systematic survey of all of the target organization's Internet addresses.
Fingerprinting
What are the requirements for a policy to become enforceable? [page 126]
For a policy to become enforceable, it must be: Dissemination (distribution) - The organization must be able to demonstrate that the relevant policy has been made readily available for review by the employee. Review (reading) - The organization must be able to demonstrate that it disseminated the document in an intelligible form, including versions for illiterate, non-English reading, and reading-impaired employees. Comprehension (understanding) - The organization must be able to demonstrate that the employee understood the requirements and content of the policy. Compliance (agreement) - The organization must be able to demonstrate that the employee agrees to comply with the policy, through act or affirmation. Uniform enforcement - The organization must be able to demonstrate that the policy has been uniformly enforced, regardless of employee status or assignment.
The ____________________ Act of 1966 allows any person to request access to federal agency records or information not determined to be a matter of national security.
Freedom of Information
SANS offers a set of certifications called ____.
Global Information Assurance Certification[GIAC]
____________________ firewalls combine the elements of other types of firewalls — that is, the elements of packet filtering and proxy services, or of packet filtering and circuit gateways.
Hybrid
USA PATRIOT Improvement and Reauthorization Act
Made permanent 14 of the 16 expanded powers of the Department of Homeland Security and the FBI in investigating terrorist activity
____________________ scanning will allow the Nmap user to bounce your scan across a firewall by using one of the idle DMZ hosts as the initiator of the scan.
Idle
Enterprise Staff/Employees responsibilities:
Implement policy; report security vulnerabilities and breaches.
The ____________________ Association is a professional association that focuses on auditing, control, and security and whose membership comprises both technical and managerial professionals.
Information Systems Audit and Control
ISACA
Information Systems Audit and Control Association
ISSA
Information Systems Security Association
Personally Identifiable Information (PII)
Information about individuals that can be used to trace a person's identity, such as a full name, birthdate, biometric data, and identifying numbers such as a Social Security number (SSN). Organizations have an obligation to protect PII and often identify procedures for handling and retaining PII in data policies.
The ____________________2 manages a body of knowledge on information security and administers and evaluates examinations for information security certifications.[page 154, 155]
International Information Systems Security Certification Consortium, Inc. (ISC) International Information Systems Security Certification Consortium, Inc. (ISC)
HIPPA (Health Insurance Portability and Accountability Act) is also know as
Kennedy-Kassebaum Act
The ____________________ authentication system is named after the three-headed dog of Greek mythology, that guards the gates to the underworld.
Kerberos
List Microsoft's "Ten Immutable Laws of Security" in any order
Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore. Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore. Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore. Law #4: If you allow a bad guy to upload programs to your Web site, it's not your Web site anymore. Law #5: Weak passwords trump strong security. Law #6: A machine is only as secure as the administrator is trustworthy. Law #7: Encrypted data is only as secure as the decryption key. Law #8: An out-of-date virus scanner is only marginally better than no virus scanner at all. Law #9: Absolute anonymity isn't practical, in real life or on the Web. Law #10: Technology is not a panacea.
____________________ are rules that mandate or prohibit certain behavior in society.
Laws
____________________ is the probability that a specific vulnerability within an organization will be successfully attacked.
Likelihood
The Secure European System for Applications in a(n) ____________________ Environment is the result of a European research and development project partly funded by the European Commission.
Multivendor
NSA
National Security Agency
Describe five new subdivisions of information system components of SecSDLC/risk management.
People comprise employees and nonemployees. Procedures fall into two categories: IT and business standard procedures, and IT and business sensitive procedures. Data components account for the management of information in all its states: transmission, processing, and storage. Software components are assigned to one of three categories: applications, operating systems, or security components. Hardware is assigned to one of two categories: the usual systems devices and their peripherals, and the devices that are part of information security control systems. Hardware components are separated into two categories: devices and peripherals, and networks.
PII
Personally Identifiable Information
information aggregation
Pieces of nonprivate data that, when combined, may create information that violates privacy.
Systems-Specific Security Policies (SysSPs)
Policy documents designed to bridge the gap between managerial guidance and technical implementation of a specific technology
T or F: The Information Systems Security Association (ISSA) is a nonprofit society of information security professionals whose primary mission is to bring together qualified information security practitioners for information exchange and educational development.
T ; page 155;
List three of the provisions included in the Security And Freedom Through Encryption Act of 1999.[page 139]
Reinforce an individual's right to use or sell encryption algorithms, without concern for regulations requiring some form of key registration. Key registration is the storage of a cryptographic key (or its text equivalent) with another party to be used to break the encryption of data. This is often called "key escrow." Prohibit the federal government from requiring the use of encryption for contracts, grants, and other official documents, and correspondence. State that the use of encryption is not probable cause to suspect criminal activity. Relax export restrictions by amending the Export Administration Act of 1979. Provide additional penalties for the use of encryption in the commission of a criminal act.
Gram-Leach-Bliley Act of 1999
Repeals the last vestiges of the Glass-Stegall Act of 1933 and created new financial holding companies allowed to engage in underwriting, selling insurance and securities and conducting both commercial and merchant banking
Privacy Act of 1974
Restricts the way in which personal data can be used by federal agencies Individuals must be permitted access to information stored about them and may correct any information that is incorrect. Agencies must insure both the security and confidentiality of any sensitive information.
____________________ involves three major undertakings: risk identification, risk assessment, and risk control.
Risk management
____________________ is the process of identifying risk, as represented by vulnerabilities, to an organization's information assets and infrastructure, and taking steps to reduce this risk to an acceptable level.
Risk management
The general approach of the ____________________ protocol is to place the filtering requirements on the individual workstation rather than on a single point of defense (and thus point of failure).
SOCKS
Policy review and modificaiton:
Scheduled review of policy procedures for modification . Legal disclaimers
Access Control List (ACL)
Specifications of authorization that govern the rights and privileges of users to a particular information asset. ACLs include user access lists, matrices, and capabilities tables.
Limitations of liability:
Statements of liability . Other disclaimers as needed
USA Patriot Act of 2001
Strengthens the federal government's power to conduct surveillance, perform searches, and detain individuals in order to combat terrorism.
____________________-specific security policies often function as standards or procedures to be used when configuring or maintaining systems.
Systems
T or F: A service bureau is an agency that provides a service for a fee.
T
T or F: A(n) contingency plan is prepared by the organization to anticipate, react to, and recover from events that threaten the security of information and information assets in the organization, and, subsequently, to restore the organization to normal modes of business operations.
T
T or F: Evidence is the physical object or documented information that proves an action occurred or identifies the intent of a perpetrator.
T
T or F: Technical controls are the tactical and technical implementations of security in the organization.
T
T or F: Host-based IDPSs are usually installed on the machines they protect to monitor the status of various files stored on those machines.
T;
____________________ (terminal emulation) access to all internal servers from the public networks should be blocked.
Telnet.
The ____________________ Access Controller Access Control System contains a centralized database, and it validates the user's credentials at this TACACS server.
Terminal
What three purposes does the ISSP serve?
The issue-specific security policy, or ISSP, 1) addresses specific areas of technology as listed below, 2) requires frequent updates, and 3) contains a statement on the organization's position on a specific issue. An ISSP may cover the following topics, among others: -Electronic mail -Use of the Internet -Specific minimum configurations of computers to defend against worms and viruses -Prohibitions against hacking or testing organization security controls -Home use of company-owned computer equipment -Use of personal equipment on company networks -Use of telecommunications technologies (fax and phone) -Use of photocopy equipment
What is the purpose of security education, training, and awareness (SETA)?
The purpose of SETA is to enhance security by: Improving awareness of the need to protect system resources Developing skills and knowledge so computer users can perform their jobs more securely Building in-depth knowledge, as needed, to design, implement, or operate security programs for organizations and systems
Information security governance
The set of responsibilities and practices exercised by the board and executive management. Goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risk is managed appropriately and verifying that the enterprise's resources are used responsibly.
Compare electronic vaulting and remote journaling.
The transfer of large batches of data to an offsite facility is called electronic vaulting. The transfer of live transactions to an offsite facility is called remote journaling. It differs from electronic vaulting in that 1) only transactions are transferred, not archived data, and 2) the transfer is in real-time. Electronic vaulting is much like a traditional backup, with a dump of data to the off-site storage, but remote journaling involves activities on a systems level, much like server fault tolerance, with the data written to two locations simultaneously.
True of False: Cultural difference create difficulty in determine what is and is not ethical.
True.
T or F: A VPN allows a user to use the Internet into a private network.
True; page
T or F: A benefit of a(n) dual-homed host is its ability to translate between many different protocols at their respective data link layers, including Ethernet, token ring, Fiber Distributed Data Interface, and asynchronous transfer mode.
True; page
T or F: A content filter is essentially a set of scripts or programs that restricts user access to certain networking protocols and Internet locations.
True; page
T or F: Access control is achieved by means of a combination of policies, programs, and technologies. _
True; page
T or F: Firewalls can be categorized by processing mode, development era, or structure.
True; page
T or F: Good policy and practice dictates that each firewall device, whether a filtering router, bastion host, or other firewall implementation, must have its own set of configuration rules.
True; page
T or F: In a DMZ configuration, connections into the trusted internal network are allowed only from the DMZ bastion host servers
True; page
T or F: It is important that e-mail traffic reach your e-mail server and only your e-mail server.
True; page
T or F: Most firewalls use packet header information to determine whether a specific packet should be allowed to pass through or should be dropped.
True; page
T or F: On the client end, a user with Windows 2000 or XP can establish a VPN by configuring his or her system to connect to a VPN server.
True; page
T or F: One method of protecting the residential user is to install a software firewall directly on the user's system.
True; page
T or F: Packet filtering firewalls scan network data packets looking for compliance with or violation of the rules of the firewall's database.
True; page
T or F: Secure VPNs use security protocols and encrypt traffic transmitted across unsecured public networks like the Internet.
True; page
T or F: Some firewalls can filter packets by protocol name.
True; page
T or F: Static filtering is common in network routers and gateways
True; page
T or F: The Cisco security kernel contains three component technologies: the Interceptor/Packet Analyzer, the Security Verification ENgine (SVEN), and Kernel Proxies.
True; page
T or F: The ability to restrict a specific service is now considered standard in most routers and is invisible to the user
True; page
T or F: The application firewall runs special software that acts as a proxy for a service request.
True; page
T or F: The firewall can often be deployed as a separate network containing a number of supporting devices.
True; page
T or F: The presence of external requests for Telnet services can indicate a potential attack.
True; page
T or F: The screened subnet protects the DMZ systems and information from outside threats by providing a network of intermediate security.
True; page
T or F: There are limits to the level of configurability and protection that software firewalls can provide.
True; page
T or F: Though not used much in Windows environments, Telnet is still useful to systems administrators on Unix/Linux systems.
True; page
T or F: When Web services are offered outside the firewall, HTTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture.
True; page
T or F; In addition to recording intrusion attempts, a(n) router can be configured to use the contact information to notify the firewall administrator of the occurrence of an intrusion attempt.
True; page
In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security. a. confidential c. top secret b. secret d. sensitive
a. confidential
T or F: Minutiae are unique points of reference that are digitized and stored in an encrypted format when the user's system access credentials are created.
True; page 334; minutiae In biometric access controls, unique points of reference that are digitized and stored in an encrypted format when the user's system access credentials are created.
T or F: Most of the technologies that scan human characteristics convert these images to some form of minutiae.
True; page 335; Most of the technologies that scan human characteristics convert these images to some form of minutiae.
T or F: In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network.
True; page 397; One example of this kind of attack is DNS cache poisoning, in which valid packets exploit poorly configured DNS servers to inject false information and corrupt the servers' answers to routine DNS queries from other systems on the network.
T or F: A HIDPS can monitor systems logs for predefined events.
True; page 400; An HIDPS can also monitor systems logs for predefined events.
T or F: HIDPSs are also known as system integrity verifiers.
True; page 400; HIDPSs are also known as system integrity verifiers because they benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.
T or F: An HIDPS can detect local events on host systems and also detect attacks that may elude a network-based IDPS.
True; page 402; An HIDPS or one of its sensors can detect local events on host systems and detect attacks that may elude a network-based IDPS.
T or F: Preconfigured, predetermined attack patterns are called signatures.
True; page 403; signatures—that is, preconfigured, predetermined attack patterns.
T or F: A(n) log file monitor is similar to a NIDPS.
True; page 405; A log file monitor (LFM) IDPS is similar to an NIDPS.
T or F: IDPS responses can be classified as active or passive.
True; page 406; IDPS responses.
T or F: The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.
True; page 406; SNMP traps and plug-ins: The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.
T or F: An IDPS can be configured to dial a phone number and produce an alphanumeric page or a modem noise.
True; page 407; Phone, pager, or SMS message: The IDPS can be configured to dial a phone number and send a preconfigured pager or SMS text message.
T or F: In order to determine which IDPS best meets an organization's needs, first consider the organizational environment in technical, physical, and political terms.
True; page 408; To determine which IDPS best meets an organization's needs, first consider its environment in technical, physical, and political terms.
T or F: Intrusion detection and prevention systems perform monitoring and analysis of system events and user behaviors.
True; page 414; Monitoring and analysis of system events and user behaviors.
T or F: A(n) partially distributed IDPS control strategy combines the best of the other two strategies.
True; page 415; partially distributed IDPS control strategy An IDPS implementation approach that combines the best aspects of the centralized and fully distributed strategies.
T or F: The IDPS console includes the management software, which collects information from the remote sensors, analyzes the systems or networks, and determines whether the current situation has deviated from the preconfigured baseline.
True; page 416;
T or F: A fully distributed IDPS control strategy is the opposite of the centralized strategy.
True; page 417; A fully distributed IDPS control strategy, illus trated in Figure 7-6, is the opposite of the centralized strategy.
T or F: A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers.
True; page 429; To truly assess the risks within a computing environment, you must deploy technical controls using a strategy of defense in depth, which is likely to include IDPSs, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers (commonly referred to as sniffers).
T or F: To assist in the footprint intelligence collection process, you can use an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses.
True; page 431; To assist in footprint intelligence collection, you can use an enhanced Web scanner that examines entire Web sites for valuable pieces of information, such as server names and e-mail addresses.
T or F: A(n) port is a network channel or connection point in a data communications system.
True; page 433
T or F: Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined.
True; page 434; Once the OS is known, the attacker can easily determine all of the vulnerabilities to which it is susceptible.
T or F: The Metasploit Framework is a collection of exploits coupled with an interface that allows the penetration tester to automate the custom exploitation of vulnerable systems.
True; page 437; Metasploit Framework is a collection of exploits coupled with an interface that allows penetration testers to automate the custom exploitation of vulnerable systems.
T or F: A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network.
True; page 442
In a ____ attack, the attacker sends a large number of connection or information requests to a target. a. denial-of-service c. virus b. distributed denial-of-service d. spam
a. denial-of-service.
Association of Computing Machinery[ACM]
___ is a respected professional society founded in 1947 as "the world's first educational and scientific computing society."
Economic Espionage Act (1996)
a law that makes the theft of trade secrets by foreign entities a federal crime in the United States
Sofware assurance is
a methological approach to the development of software that seeks to build security into the development life cycle rather than address it at later stages.
World Trade Organization (WTO)
a permanent global institution to promote international trade and to settle international trade disputes.
In TCP/IP networking, port ____ is not used. a. 0 c. 13 b. 1 d. 1023
a. 0;
____ is simply how often you expect a specific type of attack to occur. a. ARO c. ALE b. CBA d. SLE
a. ARO; annualized rate of occurrence (ARO)
T or F: ____ is the process of classifying IDPS alerts so that they can be more effectively managed. a. Alarm filtering c. Alarm compaction b. Alarm clustering d. Alarm attenuation
a. Alarm filtering; page 389
The first phase in the development of the contingency planning process is the ____. a. BIA c. DP9 b. BRP d. IRP
a. BIA; business impact analysis (BIA)
____ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user. a. Biometric access control c. Software access control b. Physical access control d. System access control
a. Biometric access control;
Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications? a. Electronic Communications Privacy Act b. Financial Services Modernization Ac c. Sarbanes-Oxley Act d. Economic Espionage Act
a. Electronic Communications Privacy Act
____ is the action of luring an individual into committing a crime to get a conviction. a. Entrapment c. Intrusion b. Enticement d. Padding
a. Entrapment;
What is the subject of the Computer Security Act? a. Federal Agency Information Security b. Telecommunications Common Carriers c. Cryptography Software Vendors d. Banking Industry
a. Federal Agency Information Security
Which of the following acts is also widely known as the Gramm-Leach-Bliley Act? a. Financial Services Modernization Act b. Communications Act c. Computer Security Act d. Economic Espionage Act
a. Financial Services Modernization Act
____ are decoy systems designed to lure potential attackers away from critical systems. a. Honeypots c. Padded cells b. Honeycells d. Padded nets
a. Honeypots;
T or F: A(n) ____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. a. IDS [intrusion detection system] c. ITS b. IIS d. SIS
a. IDS;page 388
The Security Area Working Group acts as an advisory board for the protocols and areas developed and promoted by the Internet Society and the ____. a. IETF c. ISOC b. ISO/IEC d. IRTF
a. IETF; Internet Engineering Task Force (IETF)
____ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall. a. Inline c. Passive b. Offline d. Bypass
a. Inline; page 399
Using ____, the system reviews the log files generated by servers, network devices, and even other IDPSs. a. LFM [log file monitor] c. AppIDPS b. stat IDPS d. HIDPS[host-based IDPS]
a. LFM[log file monitor];
____ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model. a. MAC layer c. Application gateways b. Circuit gateway d. Packet filtering
a. MAC layer
____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. a. NIDPSs c. AppIDPSs b. HIDPSs d. SIDPSs
a. NIDPSs; page 397; NIDPSs are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.
T or F: ____ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information. a. Packet-filtering c. Circuit gateways b. Application gateways d. MAC layer firewalls
a. Packet-filtering.
____ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. a. Public c. Civil b. Private d. Criminal
a. Public. page 127
____ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection. a. RADIUS c. TUNMAN b. RADIAL d. IPSEC
a. RADIUS
____ is the protocol for handling TCP traffic through a proxy server. a. SOCKS c. FTP b. HTTPS d. Telnet
a. SOCKS
According to Mark Pollitt, ____ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents. a. infoterrorism c. hacking b. cyberterrorism d. cracking
b.cyberterrorism.
A virus or worm can have a payload that installs a(n) ____________________ door or trap door component in a system, which allows the attacker to access the system at will with special privileges.
back
Under the guise of justice, some less scrupulous administrators may be tempted to ____________________, or hack into a hacker's system to find out as much as possible about the hacker.
back hack
A(n) ____________________ is a "value or profile of a performance metric against which changes in the performance metric can be usefully compared."
baseline
A(n) ____________________ is an application error that occurs when more data is sent to a program buffer than it is designed to handle.
buffer overrun buffer overflow
A(n) ____________________ plan ensures that critical business functions continue if a catastrophic incident or disaster occurs.
business continuity business continuity (BC) BC
IDPS researchers have used padded cell and honeypot systems since the late ____. a. 1960s c. 1980s b. 1970s d. 1990s
c. 1980s;
Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) which is longer than ____ characters in Internet Explorer 4.0, the browser will crash. a. 64 c. 256 b. 128 d. 512
c. 256
The SETA program is the responsibility of the ____ and is a control measure designed to reduce the incidences of accidental security breaches by employees. a. CIO c. CISO b. CISCO d. end users
c. CISO
Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses? a. Electronic Communications Privacy Act of 1986 b. Freedom of Information Act (FOIA) c. Computer Fraud and Abuse Act d. Federal Privacy Act of 1974
c. Computer Fraud and Abuse Act
A buffer against outside attacks is frequently referred to as a(n) ____. a. proxy server c. DMZ b. no-man's land d. firewall
c. DMZ
The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the ____ plan. a. BC c. IR b. DR d. BR
c. IR; incident response (IR),
The stated purpose of ____ is to "give recommendations for information security management for use by those who are responsible for initiating, implementing, or maintaining security in their organization." a. NIST SP800-18 c. ISO/IEC 27002 b. RFC 2196 d. BS7799 (Part 2)
c. ISO/IEC 27002
____-based IDPSs look at patterns of network traffic and attempt to detect unusual activity based on previous baselines. a. Firewall c. Network b. Host d. Domain
c. Network
____ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders. a. Organizational c. Operational b. Technical d. Political
c. Operational
Which of the following countries reported generally intolerant attitudes toward personal use of organizational computing resources? a. Australia c. Singapore b. United States d. Sweden
c. Singapore
____ inspection firewalls keep track of each network connection between internal and external systems. a. Static c. Stateful b. Dynamic d. Stateless
c. Stateful
____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack. a. Drones c. Zombies b. Helpers d. Servants
c. Zombies.
Standards may be published, scrutinized, and ratified by a group, as in formal or ____ standards. a. de formale c. de jure b. de public d. de facto
c. dejure
The proxy server is often placed in an unsecured area of the network or is placed in the ____ zone. a. fully trusted c. demilitarized b. hot d. cold
c. demilitarized
The transfer of large batches of data to an off-site facility is called ____. a. security perimeter c. electronic vaulting b. remote journaling d. database shadowing
c. electronic vaulting
The military uses a _____-level classification scheme. a. three c. five b. four d. six
c. five
As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ____. a. false alarms c. hoaxes b. power faults d. urban legends
c. hoaxes.
The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources. a. defense c. security b. assessment d. information
c. security
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base. a. fingernails c. signatures b. fingerprints d. footprints
c. signatures; page403; signatures Patterns that correspond to a known attack.
A(n) ____ is a proposed systems user. a. authenticator c. supplicant b. challenger d. activator
c. supplicant;
According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except ____. a. for purposes of commercial advantage c. to harass b. for private financial gain d. in furtherance of a criminal act
c. to harass; page 128.
Acts of ____ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter. a. bypass c. trespass b. nature d. security
c. trespass
The ____ of 1999 provides guidance on the use of encryption and provides protection from government intervention. a. Sarbanes-Oxley Act b. Gramm-Leach-Bliley Act c. U.S.A. Patriot Act d. Security and Freedom through Encryption Act
d. Security and Freedom through Encryption Act
____ often function as standards or procedures to be used when configuring or maintaining systems. a. ESSPs c. ISSPs b. EISPs d. SysSPs
d. SysSPs; systems-specific security policies (SysSPs);
____ are software programs that hide their true nature, and reveal their designed behavior only when activated. a. Viruses c. Spam b. Worms d. Trojan horses
d. Trojan horse.
In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ____. a. UDPs c. WANs b. MACs d. WAPs
d. WAPs
The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation. a. avoidance of risk c. mitigation b. transference d. accept control
d. accept control
Management of classified data includes its storage and ____. a. distribution c. destruction b. portability d. All of the above
d. all of the above
Which of the following functions does information security perform for an organization? a. Protecting the organization's ability to function. b. Enabling the safe operation of applications implemented on the organization's IT systems. c. Protecting the data the organization collects and uses. d. All of the above.
d. all of the above.
Which of the following is a valid version of TACACS? a. TACACS c. TACACS+ b. Extended TACACS d. All of the above
d. all of the above.
Among all possible biometrics, ____ is(are) considered truly unique. a. retina of the eye c. iris of the eye b. fingerprints d. All of the above
d. all of the above;
SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ____. a. plan c. policy b. standard d. blueprint
d. blueprint
A ____ site provides only rudimentary services and facilities. a. cool c. hot b. warm d. cold
d. cold
Intrusion ____ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again. a. prevention c. detection b. reaction d. correction
d. correction; page 388
Many corporations use a ____ to help secure the confidentiality and integrity of information. a. system classification scheme c. data hierarchy b. data restoration scheme d. data classification scheme
d. data classification scheme
Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____. a. filtering c. footprinting b. doorknob rattling d. fingerprinting
d. fingerprinting; page 390
T or F: Firewalls fall into ____ major processing-mode categories. a. two c. four b. three d. five
d. five
The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any ____ purposes. a. troubleshooting c. customer service b. billing d. marketing
d. marketing. page 130.
In most common implementation models, the content filter has two components: ____. a. encryption and decryption c. rating and decryption b. filtering and encoding d. rating and filtering
d. rating and filtering
Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____ host. a. trusted c. single b. domain d. sacrificial
d. sacrificial
The dominant architecture used to secure network access today is the ____ firewall. a. static c. unlimited b. bastion d. screened subnet
d. screened subnet
When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) ____. a. due diligence action c. golden standard action b. best practice d. standard of due care
d. standard of due care
Strategic planning is the process of moving the organization towards its ____. a. standard c. mission b. policy d. vision
d. vision
The ____________________ strategy is the risk control strategy that attempts to prevent the exploitation of the vulnerability.
defend control
Payment Card Industry Data Security Standard (PCI DSS)
designed to enhance security of customer's account data.
A(n) ____________________ backup is the storage of all files that have changed or been added since the last full backup.
differential
Due ____________________ is the demonstration that the organization is diligent in ensuring that the implemented standards continue to provide the required level of protection.
diligence
ESD means electrostatic ____________________.
discharge
The ____________________ packet-filtering firewall allows only a particular packet with a particular source, destination, and port address to enter through the firewall.
dynamic
Key studies reveal that the overriding factor in leveling the ethical perceptions within a small population is ____________________.
education
HIDPSs are also known as system ____________________ verifiers.
integrity;
Some information gathering techniques are quite legal, for example, using a Web browser to perform market research. These legal techniques are called, collectively, competitive ____________________.
intelligence
A(n) ____________________ occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm.
intrusion;
The Electronic Communications Privacy Act of 1986[ECPA]
is a collection of statutes that regulates the interception of wire, electronic, and oral communications and is commonly referred to as the "wiretapping act"
U.S. Secret Service
is charged with safeguarding the nation's financial infrastructure and payments system to preserve the integrity of the economy.
Computer Fraud and Abuse Act of 196[CFA Act]:
is the Cornerstone of many-computer related federal laws and enforcement efforts.
**For a policy to be effective
it must be properly disseminated, read, understood, and agreed to by all members of the organization, and uniformly enforced.
"Long arm ____________________" refers to the long arm of the law reaching across the country or around the world to draw an accused individual into its court systems.
jurisdiction
The fifth generation firewalls include the ____________________ proxy, a specialized form that works under Windows NT Executive, which is the kernel of Windows NT.
kernel
Script ____________________ are hackers of limited skill who use expertly written software to attack a system.
kiddies
A signature-based IDPS is sometimes called a(n) ____________________-based IDPS.
knowledge;
A trusted VPN is also known as a(n) ____________________ VPN.
legacy
____________________ is the legal obligation of an entity that extends beyond criminal or contract law.
liability
A computer virus consists of segments of code that perform ____________________ actions.
malicious
Policies is sanctioned by ___.
management.
Policies
managerial directives that specify acceptable and unacceptable employee behavior in the workplace
Combination SysSPs combine ___.
managerial guidance and technical specification.
Performance Measurement
measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved
RAID Level 1 is commonly called disk ____________________.
mirroring
The ____________________ control strategy attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.
mitigation
National Information Infrastructure Protection Act of 1996
modified several sections of the CFA Act and increased the penalties for selected crimes.
The ____________________ port is also known as a switched port analysis port or mirror port.
monitoring
Computer Security Act of 1987
one of the first attempts to protect federal computer systems by establishing minimum acceptable security practices
Behavioral feasibility is also known as ____________________.
operational feasibility
Value Delivery
optimizing information security investments in support of organization objectives.
A(n) ____________________ is a honey pot that has been protected so that it cannot be easily compromised.
padded cell
A security ____________________ defines the boundary between the outer limit of an organization's security and the beginning of the outside world.
perimeter
A(n) ____________________ hacks the public telephone network to make free calls or disrupt services.
phreaker
There are many types of security:
physical, personal, operations, communications, national, and network
Duplication of software-based intellectual property is more commonly known as software ____________________.
piracy
Software license infringement is also often called software ____________________.
piracy
Guidelines that describe acceptable and unacceptable employee behaviors in the workplace are known as ____________________.
policies
Information security protection is implemented by multiple measures that include;
policies, education, training and awareness, and technology.
A(n) ____________________ is a plan or course of action that conveys instructions from an organization's senior management to those who make decisions, take actions, and perform other duties.
policy
Family law, commercial law, and labor law are all encompassed by ____________________ law.
private
System Administration, Networking, and Security Institute [SANS]
professional organization dedicated to the protection of information and systems.
An attack ____________________ is a detailed description of the activities that occur during an attack.
profile
Security is
protection from danger.
The attack ____________________ is a series of steps or processes used by an attacker, in a logical sequence, to launch an attack against a target system or network.
protocol
Security and Freedom through Encryption Act of 1999
provides guidance for use of encryption and provides protection from government intervention.
United States Computer Emergency Readiness Team(US-CERT)
provides mechanisms to report phishing and malware.
A(n) ____________________ server performs actions on behalf of another system.
proxy
The application firewall is also known as a(n) ____________________ server.
proxy
SESAME uses ____________________ key encryption to distribute secret keys.
public
The firewall device is never accessible directly from the ____________________ network.
public untrusted
The initial estimation of the defensive state of an organization's networks and systems is called doorknob ____________________.
rattling; page 390
Implementing multiple types of technology and thereby precluding that the failure of one system will compromise the security of information is referred to as ____________________.
redundancy
ethics
regulate and define socially acceptable behavior.
The transfer of live transactions to an off-site facility is called
remote journaling
USA Freedom Act (2015)
replaced patriot act when it expired on June 1, 2015. banned bulk collection of data, new reporting requirements, extended the expiration of roving wiretaps and lone wolf surveillance authority to Dec. 2019
Incident ____________________ is the set of activities taken to plan for, detect, and correct the impact of an incident on information assets.
response
Policy Managment to remain viable must have:
responsible manager, a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and revision date.