CIS intro cybersec Final ch. 5, 7, 9, 10
What is the maximum value for any octet in an IPV4 IP address?
255
An encryption cipher that uses the same key to encrypt and decrypt is called a(n) key.
ASymmetric (private)
During which phase of the access control process does the system answer the question, "What can the requestor access?"
Authorization
Which security model does NOT protect the integrity of information?
Bell-LaPadula
A ___ is a standard used to measure how effective your system is as it relates to industry expectations.
Benchmark
Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?
Black-box test
When the owner of the resource determines the access and changes permissions as needed, it's known as
Discretionary access control (DAC)
Cryptographic key distribution is typically done by phone.
False
DHCP provides systems with their MAC addresses.
False
Which answer best describes the identification component of access control?
Identification is the method a subject uses to request access to a system.
Which of the following is NOT a benefit of cloud computing to organizations?
Lower dependence on outside vendors
Which of the following is an example of a hardware security control?
MAC filtering
What technology allows you to hide the private IPV4 address of a system from the Internet?
NAT
Which security testing activity uses tools that scan for services running on systems?
Network mapping
Which regulatory standard would NOT require audits of companies in the United States?
Personal Information Protection and Electronic Documents Act (PIPEDA)
The review of the system to learn as much as possible about the organization, its systems, and networks is known as
Reconnaissance
Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?
Report writing
What is NOT a symmetric encryption algorithm?
Rivest-Shamir-Adelman (RSA)
What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications?
Security Assertion Markup Language (SAML)
Which intrusion detection system strategy relies upon pattern matching?
Signature detection
Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering?
Acceptability
A ___ is used to detect forgeries.
Checksum
Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works?
Chosen plaintext
An algorithm used for cryptographic purposes is known as a
Cipher
Physical access, security bypass, and eavesdrop- ping are examples of how access controls can be
Compromised
Which approach to cryptography provides the strongest theoretical protection?
Quantum cryptography
A common platform for capturing and analyzing log entries is
Security Information and Event Management (SIEM)
Barbara is investigating an attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place?
Smurf
A degausser creates a magnetic field that erases data from magnetic storage media.
True
Access controls are policies or procedures used to control access to certain items.
True
An algorithm is a repeatable process that produces the same result when it receives the same input.
True
Anomaly-based intrusion detection systems compare current activity with stored profiles of normal (expected) activity.
True
Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it.
True
Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it
True
Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.
True
Digital signatures require asymmetric key cryptography.
True
What is NOT an effective key distribution method for plaintext encryption keys?
Unencrypted email
Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?
Virtual LAN (VLAN)
The process of identifying, quantifying, and pri- oritizing the vulnerabilities in a system is known as a
Vulnerability assessment
What type of network connects systems over the largest geographic area?
Wide area network (WANI
What wireless security technology contains significant flaws and should never be used?
Wired Equivalent Privacy WEP)
What is NOT a service commonly offered by unified threat management (UTM) devices?
Wireless network access
Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?
Does the firewall properly block unsolicited network connection attempts?
_____ is used when it's not as critical to detect and respond to incidents immediately.
Non-real-time monitoring
When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal cryptography is Patricia attempting to achieve?
Nonrepudiation
Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working?
Presentation
What is NOT a valid encryption key length for use with the Blowfish algorithm?
512 bits
A ___ signature is a representation of a physical signature stored in a digital format.
Digital
When should an organization's managers have an opportunity to respond to the findings in an audit?
Managers should include their responses to the draft audit report in the final audit report.
A Chinese wall security policy defines a barrier and develops a set of rules that makes sure no subject gets to objects on the other side.
True
What is NOT an effective key distribution method forſplaintext encryption keys?
Unencrypted email
Which answer best describes the authentication component of access control?
Authentication is the validation or proof that the subject requesting access is indeed the same subject who has been granted that access.
Which answer best describes the authorization component of access control?
Authorization is the process of determining who is approved for access and what re- sources they are approved for.
A secure virtual private an authenticated and encrypted network (VPN) creates channel across some form of public network.
True
A smart card is a token shaped like a credit card that contains one or more microprocessor chips that accept, store, and send information through a reader.
True
A strong hash function is designed so that a forged message cannot result in the same hash as a legitimate message.
True
A symmetric (private) key and asymmetric Encryption ciphers fall into two general categories
True
A wireless access point (WAP) is the connection between a wired and wireless network.
True
Many jurisdictions require audits by law.
True
Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall?
25
Henry's last firewall rule must allow inbound access to a Windows Terminal Server. What port must he allow?
3389
Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?
443
Which of the following is one of the four basic forms of a cryptographic attack?
A. Ciphertext-only attack B. Known-plaintext attack C. Chosen-plaintext attack D. Chosen-ciphertext attack
Post-audit activities include which of the following?
A. Presenting findings to management B. Data analysis C. Exit interviews D. Reviewing of auditor's findings
Which of the following is an example of a level of permissiveness?
A. Prudent B. Permissive C Promiscuous D. Paranoid
Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concermed about?
Accountability
Which answer best describes the accountability component of access control?
Accountability is the process of creating and maintaining the policies and procedures nec- essary to ensure proper information is avail- able when an organization is audited.
An audit examines whether security controls are appropriate, installed correctly, and
Addressing their purpose
Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?
Audit
Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?
Brute-force attack
Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy
Captive portal
Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?
Checklist
_____ offers a mechanism to accomplish four security goals: confidentiality, integrity, authentication, and nonrepudiation.
Cryptography
Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?
Decryption
What information should an auditor share with the client during an exit interview?
Details on major issues
Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key
Diffie-Helman
The act of scrambling plaintext into ciphertext is known as
Encryption
A border routercan provide enhanced features to internal networks and help keep subnet traffic separate.
False
A border traffic separate. router can provide enhanced features to internal networks and help keep subnet
False
A hardened configuration is a system that has had unnecessary services enabled.
False
A packet-filtering firewall remembers information about the status of a network communication.
False
A private key cipher is also called an asymmetric key cipher.
False
A report indicating that a system's disk is 80 percent full is a good indication that something is wrong with that system.
False
Access controls cannot be implemented in vari- ous forms, restriction levels, or different levels within the computing environment.
False
DIAMETER is a research and development project funded by the European Commission.
False
IP addresses are assigned to computers by the manufacturer.
False
David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use?
Fibre channel over ethernet (FCoE)
The basic job of a _____ is to enforce an access control policy at the border of a network.
Firewall
What type of function generates the unique value that corresponds to the contents of a message and used to create a digital signature?
Hash
Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?
Hub
Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?
Is the security control likely to become obsolete in the near future?
Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works?
Known plaintext
Challenges to access control include which of the following?
Laptop loss, Exploiting hardware, Eavesdropping, Exploiting applications, E. All of the above
When it comes to privacy, organizations are con- cerned about which of the following?
Liability in harassment suits Skyrocketing losses from employee theft Productivity losses from employees shopping or performing other nonwork-related tasks online
When you log on to a network, you are presented with some combination of username, password, token, smart card, or biometrics. You are then authorized or denied access by the system. This is an example of
Logical access controls
_____ corroborates the identity of an entity, whether the sender, the sender's computer, some device, or some information.
Nonrepudiation
Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time?
Online Certificate Status Protocol (OCSP)
The basic model for how you can build and use a network and its resources is known as the
Open Systems Interconnection (OSI) Reference Model
Which type of authentication includes smart cards?
Ownership
Which one of the following is an example of a logical access control?
Password
Which one of the following is NOT an advantage of biometric systems?
Physical characteristics may change.
Which simple network device helps to increase network performance by using the MAC address to send network traffic only to its intended destination?
Switch
DES, IDEA, RC4, and WEP are examples of
Symmetric algorithms (or standards)
Which set of characteristics describes the Caesar cipher accurately?
Symmetric, stream, substitution
_____ is a suite of protocols that was developed by the Department of Defense to provide a highly reliable and fault-tolerant network infrastructure.
TCP/IP
In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks.
True
Log files are records that detail who logged on to a system, when they logged on, and what information or resources they used.
True
Message authentication confirms the identity of the person who started a correspondence.
True
Network access control (NAC) works on wired and wireless networks.
True
Performing security testing includes vulnerability testing and penetration testing.
True
Physical access controls deter physical access to resources, such as buildings or gated parking lots.
True
Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than justin individual packets.
True
Some of the tools and techniques used in security monitoring include baselines, alarms, closed- circuit TV, and honeypots.
True
TCP/IP is a suite of protocols that operates at both the Network and Transport layers of the OSI Reference Model.
True
The Physical Layer of the OSI Reference Model must translate the binary ones and zeros of computer language into the language of the transport medium.
True
The financial industry created the ANSI X9.17 standard to define key management procedures
True
The hash message authentication code (HMAC) is a hash function that uses a key to create a hash, or message digest.
True
The security kernel enforces access control of computer systems.
True
The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them.
True
Gary is configuring a Smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity?
Wi-FI
A(n) _____ is critical element in every corporate network today, allowing access to an organization's resources from almost anywhere in the world.
Wide area network (WAN)
The ___ is the central part of a computing environment's hardware, software, and firmware that enforces access control.
security kernel
Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?
Alice's private key
Host isolation is the isolation of internal net. works and the establishment of a(n)
DMZ
IP addresses are eight-byte addresses that uniquely identify every device on the network.
False
In known-plaintext attack (KPA), the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data might be.
False
Product cipher is an encryption algorithm that has no corresponding decryption algorithm.
False
Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.
False
Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid.
False
Temporal isolation is commonly used in combination with rule-based access control.
False
Terminal Access Controller Access Control System Plus (TACACS+) is an authentication server that uses client and user configuration files.
False
The four main types of logs that you need to keep to support security auditing include event, access, user, and security.
False
The term certificate authority (CA) refers to a trusted repository of all public keys.
False
What layer of the OSI Reference Model is most commonly responsible for encryption?
Presentation
Which of the following does NOT offer authentication, authorization, and accounting (AAA) services?
Redundant Array of Independent Disks (RAID)
Which item is an auditor least likely to review during a system controls audit?
Resumes of system administrators
A ___ is a device that interconnects two or more networks and selectively interchanges packets of data between them.
Router
Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?
SOC 3
Which VPN technology allows users to initiate connections over the Web?
SSL
What firewall approach is shown in the fgure?
Screened subnet
What firewall topology supports the implementation of a DMZ?
Screened subnet
Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?
Security information and event management (SIEM)
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?
Separation of duties
In methods, the IDS compares curren traffic with activity patterns of a known network intrusion consistent with thos via pattern match. ing and stateful matching.
Signature-based
Which one of the following is an example of two-factor authentication?
Smart card and personal identification number (PIN)
Which one of the following principles is NOT a component of the Biba integrity model?
Subjects cannot change objects that have a lower integrity level.
Which of the following is an example of a formal model of access control?
The Clark and Wilson integrity model
A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match.
True
A keyword mixed alphabet cipher uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet.
True
A network attacker wants to know IP addresses used on a network, remote access procedures, and weaknesses in network systems.
True
A person demonstrates anonymity when posting information to a web discussion site without authorities knowing who he or she is,
True
A person demonstrates anonymity when posting information to a web discussion site without authorities knowing who he or she is.
True
In security testing data collection, observation is the input used to differentiate between paper procedures and the way the job is really done.
True
The OSI Reference Model is a theoretical model of networking with interchangeable layers.
True
The three basic types of firewalls are packet filtering, application proxy, and stateful inspection.
True
The two basic types of ciphers are transposition and substitution.
True
When vou use a control that costs more than the risk involved, you're making a poor management decision.
True
What technology is the most secure way to encrypt wireless communications?
WPA