CIS 56
A ____________ primarily address the processes, resources, equipment, and devices needed to continue conducting critical business activities when an interruption occurs that affects the business' viability.
(BCP) Business continuity plan
A ___ gives priorities to the functions an organization needs to keep going
(BCP)Business Continuity Plan
A ___________ will help identify not only which functions are critical, but also how quickly essential business functions must return to full operation following a major interruption
(BIA) Business Impact analysis
A _______ is a formal analysis of an organization's functions and activities that classifies them as critical or non critical.
(BIA) Business impact analysis
A ___________ defines how a business gets back on its feet after a major disaster like a fire or hurricane
(DRP)Disaster Recovery plan.
Software Vendors must protect themselves from the liabilities of their own vulnerabilities with a(n) _____.
(EULA) End-User License Agreement
This security appliance examines IP data streams for common attack and malicious intent patterns.
(IDS)Intrusion detection system.
A _____ is a collection of computers connected to one another or to a common connection medium
(LAN) local area network
The physical part of the LAN Domain includes a _________. which is an interface between the computer and the LAN physical media.
(NIC) Network Interface Card
The tunnel can be created between a remote workstation using the public Internet and a VPN router or a secure browser and ___ website.
(SSL-VPN) Secure Sockets Layer virtual private network
A connection protocol that is connectionless and popular for transferring small amounts of data is called _____
(UDP) User datagram protocol
With wireless LANS (WLANs), radio transceivers are used to transmit IP packets from a WLAN NIC to a _______.
(WAP) Wireless Access Point
As of 2013, Cisco estimated that there were more than________ devices connected to the Internet.
7 billion
Which of the following is the definition of botnet?
A botnet consists of a network of compromised computers that attackers use to launch and spread malware.
What is meant by multi-tenancy?
A database feature that allows different groups of users to access the same database without being able to access each other's data.
What is the definition of a packet-filtering firewall?
A firewall that examines each packet and compares it to a list of rules configured by the network admin.
What is meant by risk register?
A list of identified risks that results from the risk-identification process.
Which of the following is the definition of netcat?
A network utility program that reads from and writes to network connections.
Which of the following is the definition of logic bomb?
A program that executes malicious functions under specific conditions
Which of the following best describes quantitative risk analysis?
A risk analysis method that uses mathematical formulas and numbers to assist in ranking severity.
How is decentralized access control defined?
A system that puts access control into the hands of people like department managers who are closest to system users.
What is meant by rootkit?
A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
What is meant by multipartite virus?
A type of virus that infects other files and spreads in multiple ways
What term is used to describe associating actions with users for later reporting?
Accountability
What is an asynchronous token?
An authentication token used to process challenge-response authentication with a server.
Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.
Availibility
_________ is the practice of hiding data and keeping it away from unauthorized users.
Cryptography
_______ is the duty of every government that wants to ensure its national security.
Cybersecurity
______ Allows computers to get information from the network instead of the network admin providing it.
DHCP(Dynamic Host Configuration Protocol)
Which OSI Layer uses MAC Addresses(Media Access Control) which are unique to each hardware device?
Data Link Layer
Which OSI Model Reference Layer is responsible for transmitting information on comps connected to the same LAN?
Data Link Layer
____ Is the process of transforming data from cleartext into ciphertext.
Encryption
IPv6 Addresses are 64-bit numbers
False; 128 bit
______ is a type of attack in which the attacker takes control of a session between two machines and masquerades as one of them.
Hijacking
_______ is a suite of protocols designed to connect sites securely using IP Addresses
IPSec
Prior to VoIP, attackers would use wardialers to _______.
Identify analog modem signals to gain access, gain access to PBX phone systems to commit toll fraud, identify the operating system running on a computer, I.E all of the above
Malicious code attacks all three information security properties.Malware can modify database records either immediately or over a period of time. This property is ________.
Integrity
Connecting your computers or devices to the ____ immediately exposes them to attack.
Internet
Whether software or hardware based, a ____________ captures keystrokes, or user entries, and then forwards that information to the attacker.
Keylogger
What term is used to describe an attack in which the attacker gets between two parties and intercepts messages before transferring them on to their intended destination?
Man-in-the-middle-attack
What term is used to describe a method of IP Address assignment that uses an alternate, public IP address to hide a system's real address?
NAT(Network address translation)
_______ is used to describe a property that indicates a specific object needs access to a specific object. This is necessary for access to the object in addition to the necessary clearance for the object's classification.
Need to know.
What is the name of a protocol to implement a VPN connection between two computers?
PTPP(Point-to-Point Tunneling Protocol)
A ___________ is a software program that performs one of two functions: brute-force password attack to gain unauthorized access to a system, or recovery of passwords stored in a computer system.
Password cracker
Which OSI Layer translates binary into the language of the transport medium?
Physical Layer
________include a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus.
Polymorphic virus
Which OSI Model Reference Layer is responsible for the coding of data?
Presentation Layer
What name is given to a risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them?
Qualitative risk analysis
The goal of ______ is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high-impact risks, and develop plans based on risks.
Quantitative risk analysis.
What is the access control method that bases approval on the jobs the user is assigned?
RBAC(Role based access control)
In a ____. the attacker sends a large number of packets requesting connections to the victim computer.
SYN flood
Which OSI Layer creates, maintains, and disconnections communications that take place between processes over the network?
Session Layer
What is meant by annual rate of occurrence (ARO)?
The annual probability that a stated threat will be realized.
Which of the following is the definition of business drivers?
The collection of components, including people, information, and conditions that support business objectives.
What is meant by promiscuous mode?
The mode in which sniffers operate; it is non intrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.
Which of the following is the definition of ciphertext?
The opposite of cleartext. Data sent as ciphertext is not visible and not decipherable.
Which of the following is the definition of access control?
The process of protecting a resource so that it is used only by those allowed to use it; Used to restrict or allow access to resources.
The Physical Layer of OSI Reference must translate binary to the language of the transport medium(T/F)
True
Today's LAN standard is the Institute of Electrical and Electronics engineers(IEEE) 802. (T/F)
True
the OSI Reference Layer model is a theoretical model of networking with interchangeable layers(T/F)
True
Malicious software can be hidden in a _____.
URL link, PDF file, ZIP file, I.E All of the above.
What is the current encryption standard for wireless networks?
WPA(wi-fi protected Access Point)
What is meant by firewall?
What is meant by firewall? A program or dedicated hardware device that inspects network traffic passing through it and denies or permits that traffic based on a set of rules you determine at configuration.
What is the definition of a hub?
a Network device that connects network segments and echos all received traffics to all other ports
What is the definition of NAT(network address translation)?
a method of ip address assignment that uses a public alternative ip address to hides the system's true IP Address
A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network admin is called a ______.
a packet-filtering firewall
What name is given to an event that results in a violation of any of the C-I-A tenets?
a security breach
Biometrics is another _______ for identifying subjects.
access control
A software program that collects information about Internet usage and uses it to present targeted advertisements to users is the definition of ______.
adware
What describes continuous authentication?
an authentication method in which a user is authenticated multiple times or event intervals
How often should an organization perform a risk management plan?
annually.
Which OSI Model Reference Layer includes all programs on a computer that interact with the network
application layer
The first step in risk analysis is to determine what and where the organization's _______ are located
assets
Two-factor __________ should be the minimum requirement for valuable resources
authentication.
When an attack discovers a ______. he or she can use it to bypass existing security controls such as passwords, encryption, and so on.
backdoor
_____________ are the main source of distributed denial of service (DDoS) attacks and spam.
bot nets
The requirement to keep information private or secret is the definition of _____.
confidentiality
The Bell-la Padula access control model is primarily focused on _____.
confidentiality of data and control of access to classified information
A ______ has a hostile intent, possess sophisticated skills, and may be interested in financial gain. They represent the greatest threat to networks and information resources.
cracker
The recovery point object(RPO) identifies the amount of ______ that is acceptable.
data loss
What name is given to an exterior network that acts as a buffer zone between the public Internet and an organization's IT infrastructure(ie, LAN to WAN Domain)?
demilitarized zone (DMZ)
What is meant by the term risk management?
describes the process of identifying, assessing, prioritizing, and addressing risks.
What term is used to describe the amount of time that an IT system, application, or data is not available to users?
downtime
The act of transforming cleartext data into undecipherable ciphertext is the definition of _____.
encryption
Are most enterprises essentially prepared for a disaster when it happens?(T/F)
false
A _______ virus is a type of virus that attacks and modifies executable programs(like COM, EXE, SYS, and DLL files).
file infector
A _______ contains rules that defines the types of traffic that can come and go through a network
fire wall
a _______ controls the flow of traffic by preventing unauthorized traffic from entering or leaving a portion of the network.
firewall
In popular usage and in the media, the term ______ often describes someone who breaks into a computer system with authorization.
hacker
_________ is not a type of authentication.
identification
A ___________ is a program that executes a malicious function of some kind when it detects certain conditions.
logic bomb
You can use quantitative risk analysis for all risks on the register, however, the amount of effort required may be overkill for __________ risks
low impact AND low probability risks
A protocol analyzer or _________ is a software program that enables a computer to monitor and capture network traffic.
packet sniffer
______ is an authentication credential that is longer/more complex than a password
passphrase
A ____________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.
phishing attack
What term is used to describe a type of virus that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus?
polymorphic virus
A ________ is a tool used to scan IP host devices for open ports that have been enabled.
port scanner
________ attack countermeasures such as antivirus signature files or integrity databases.
retro virus
Any organization that is serious about security will view ______ as an ongoing process.
risk management.
The process of managing risks starts by identifying _______.
risks.
Another type of attacker is called a _______. This is a person with little or no skill who simply follows directions or uses a "cookbook" approach to carrying out a cyberattack without understanding the meaning of the steps he or she is performing.
script kiddie
The world needs people who understand computer-systems ________ and who can protect computers and networks from criminals and terrorists.
security
the ______ is central part of a computing environment's hardware, software, and firmware that enforces access control for computer systems.
security kernel
what is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task.
separation of duties
A security card programmed with your employee ID is called a _____
smart card
What name is given to a type of virus that uses a number of techniques to conceal itself from the user or detection software?
stealth virus
In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.
syn flood
Today, people working in cyberspace must deal with new and constantly evolving _____
threats
When you apply an account lockout policy set the ________ to a high enough number that authorized users aren't locked out for mistyping their passwords.
threshold
RTO determines the maximum allowable ______ to recovery the function.
time.
Unrecognized new processes running, startup messages indicating that new software has been (or is being) installed (registry updating), unresponsiveness of applications to normal commands, and unusual redirection of normal Web requests to unknown sites are all telltale symptoms of a ________.
trojan
A computer virus is an executable program that attaches to, or infects, other executable programs. (T/F)
true
MAC(Mandatory access control) is a means of restricting access to an object based on the object's classification and the user's security clearance.
true
Spoofing means a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.
true
The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.(T/F)
true
Unlike viruses, worms do not require a host program in order to survive and replicate.(T/F)
true
the term annual rate of occurrence(ARO) describes the annual probability that a stated threat will be realized(T/F)
true
A Dos attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task.(T/F)
true; What is a dos attack's purpose?
Which biometric authentication method is not as accurate as several others?
voice pattern
Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarm thresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________.
worm