CIS intro cybersec Final ch. 5, 7, 9, 10

What is the maximum value for any octet in an IPV4 IP address?

255

An encryption cipher that uses the same key to encrypt and decrypt is called a(n) key.

ASymmetric (private)

During which phase of the access control process does the system answer the question, "What can the requestor access?"

Authorization

Which security model does NOT protect the integrity of information?

Bell-LaPadula

A ___ is a standard used to measure how effective your system is as it relates to industry expectations.

Benchmark

Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?

Black-box test

When the owner of the resource determines the access and changes permissions as needed, it's known as

Discretionary access control (DAC)

Cryptographic key distribution is typically done by phone.

False

DHCP provides systems with their MAC addresses.

False

Which answer best describes the identification component of access control?

Identification is the method a subject uses to request access to a system.

Which of the following is NOT a benefit of cloud computing to organizations?

Lower dependence on outside vendors

Which of the following is an example of a hardware security control?

MAC filtering

What technology allows you to hide the private IPV4 address of a system from the Internet?

NAT

Which security testing activity uses tools that scan for services running on systems?

Network mapping

Which regulatory standard would NOT require audits of companies in the United States?

Personal Information Protection and Electronic Documents Act (PIPEDA)

The review of the system to learn as much as possible about the organization, its systems, and networks is known as

Reconnaissance

Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?

Report writing

What is NOT a symmetric encryption algorithm?

Rivest-Shamir-Adelman (RSA)

What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications?

Security Assertion Markup Language (SAML)

Which intrusion detection system strategy relies upon pattern matching?

Signature detection

Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering?

Acceptability

A ___ is used to detect forgeries.

Checksum

Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works?

Chosen plaintext

An algorithm used for cryptographic purposes is known as a

Cipher

Physical access, security bypass, and eavesdrop- ping are examples of how access controls can be

Compromised

Which approach to cryptography provides the strongest theoretical protection?

Quantum cryptography

A common platform for capturing and analyzing log entries is

Security Information and Event Management (SIEM)

Barbara is investigating an attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place?

Smurf

A degausser creates a magnetic field that erases data from magnetic storage media.

True

Access controls are policies or procedures used to control access to certain items.

True

An algorithm is a repeatable process that produces the same result when it receives the same input.

True

Anomaly-based intrusion detection systems compare current activity with stored profiles of normal (expected) activity.

True

Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it.

True

Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it

True

Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.

True

Digital signatures require asymmetric key cryptography.

True

What is NOT an effective key distribution method for plaintext encryption keys?

Unencrypted email

Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?

Virtual LAN (VLAN)

The process of identifying, quantifying, and pri- oritizing the vulnerabilities in a system is known as a

Vulnerability assessment

What type of network connects systems over the largest geographic area?

Wide area network (WANI

What wireless security technology contains significant flaws and should never be used?

Wired Equivalent Privacy WEP)

What is NOT a service commonly offered by unified threat management (UTM) devices?

Wireless network access

Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?

Does the firewall properly block unsolicited network connection attempts?

_____ is used when it's not as critical to detect and respond to incidents immediately.

Non-real-time monitoring

When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal cryptography is Patricia attempting to achieve?

Nonrepudiation

Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working?

Presentation

What is NOT a valid encryption key length for use with the Blowfish algorithm?

512 bits

A ___ signature is a representation of a physical signature stored in a digital format.

Digital

When should an organization's managers have an opportunity to respond to the findings in an audit?

Managers should include their responses to the draft audit report in the final audit report.

A Chinese wall security policy defines a barrier and develops a set of rules that makes sure no subject gets to objects on the other side.

True

What is NOT an effective key distribution method forſplaintext encryption keys?

Unencrypted email

Which answer best describes the authentication component of access control?

Authentication is the validation or proof that the subject requesting access is indeed the same subject who has been granted that access.

Which answer best describes the authorization component of access control?

Authorization is the process of determining who is approved for access and what re- sources they are approved for.

A secure virtual private an authenticated and encrypted network (VPN) creates channel across some form of public network.

True

A smart card is a token shaped like a credit card that contains one or more microprocessor chips that accept, store, and send information through a reader.

True

A strong hash function is designed so that a forged message cannot result in the same hash as a legitimate message.

True

A symmetric (private) key and asymmetric Encryption ciphers fall into two general categories

True

A wireless access point (WAP) is the connection between a wired and wireless network.

True

Many jurisdictions require audits by law.

True

Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall?

25

Henry's last firewall rule must allow inbound access to a Windows Terminal Server. What port must he allow?

3389

Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?

443

Which of the following is one of the four basic forms of a cryptographic attack?

A. Ciphertext-only attack B. Known-plaintext attack C. Chosen-plaintext attack D. Chosen-ciphertext attack

Post-audit activities include which of the following?

A. Presenting findings to management B. Data analysis C. Exit interviews D. Reviewing of auditor's findings

Which of the following is an example of a level of permissiveness?

A. Prudent B. Permissive C Promiscuous D. Paranoid

Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concermed about?

Accountability

Which answer best describes the accountability component of access control?

Accountability is the process of creating and maintaining the policies and procedures nec- essary to ensure proper information is avail- able when an organization is audited.

An audit examines whether security controls are appropriate, installed correctly, and

Addressing their purpose

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?

Audit

Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?

Brute-force attack

Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy

Captive portal

Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?

Checklist

_____ offers a mechanism to accomplish four security goals: confidentiality, integrity, authentication, and nonrepudiation.

Cryptography

Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?

Decryption

What information should an auditor share with the client during an exit interview?

Details on major issues

Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key

Diffie-Helman

The act of scrambling plaintext into ciphertext is known as

Encryption

A border routercan provide enhanced features to internal networks and help keep subnet traffic separate.

False

A border traffic separate. router can provide enhanced features to internal networks and help keep subnet

False

A hardened configuration is a system that has had unnecessary services enabled.

False

A packet-filtering firewall remembers information about the status of a network communication.

False

A private key cipher is also called an asymmetric key cipher.

False

A report indicating that a system's disk is 80 percent full is a good indication that something is wrong with that system.

False

Access controls cannot be implemented in vari- ous forms, restriction levels, or different levels within the computing environment.

False

DIAMETER is a research and development project funded by the European Commission.

False

IP addresses are assigned to computers by the manufacturer.

False

David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use?

Fibre channel over ethernet (FCoE)

The basic job of a _____ is to enforce an access control policy at the border of a network.

Firewall

What type of function generates the unique value that corresponds to the contents of a message and used to create a digital signature?

Hash

Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?

Hub

Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?

Is the security control likely to become obsolete in the near future?

Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works?

Known plaintext

Challenges to access control include which of the following?

Laptop loss, Exploiting hardware, Eavesdropping, Exploiting applications, E. All of the above

When it comes to privacy, organizations are con- cerned about which of the following?

Liability in harassment suits Skyrocketing losses from employee theft Productivity losses from employees shopping or performing other nonwork-related tasks online

When you log on to a network, you are presented with some combination of username, password, token, smart card, or biometrics. You are then authorized or denied access by the system. This is an example of

Logical access controls

_____ corroborates the identity of an entity, whether the sender, the sender's computer, some device, or some information.

Nonrepudiation

Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time?

Online Certificate Status Protocol (OCSP)

The basic model for how you can build and use a network and its resources is known as the

Open Systems Interconnection (OSI) Reference Model

Which type of authentication includes smart cards?

Ownership

Which one of the following is an example of a logical access control?

Password

Which one of the following is NOT an advantage of biometric systems?

Physical characteristics may change.

Which simple network device helps to increase network performance by using the MAC address to send network traffic only to its intended destination?

Switch

DES, IDEA, RC4, and WEP are examples of

Symmetric algorithms (or standards)

Which set of characteristics describes the Caesar cipher accurately?

Symmetric, stream, substitution

_____ is a suite of protocols that was developed by the Department of Defense to provide a highly reliable and fault-tolerant network infrastructure.

TCP/IP

In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks.

True

Log files are records that detail who logged on to a system, when they logged on, and what information or resources they used.

True

Message authentication confirms the identity of the person who started a correspondence.

True

Network access control (NAC) works on wired and wireless networks.

True

Performing security testing includes vulnerability testing and penetration testing.

True

Physical access controls deter physical access to resources, such as buildings or gated parking lots.

True

Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than justin individual packets.

True

Some of the tools and techniques used in security monitoring include baselines, alarms, closed- circuit TV, and honeypots.

True

TCP/IP is a suite of protocols that operates at both the Network and Transport layers of the OSI Reference Model.

True

The Physical Layer of the OSI Reference Model must translate the binary ones and zeros of computer language into the language of the transport medium.

True

The financial industry created the ANSI X9.17 standard to define key management procedures

True

The hash message authentication code (HMAC) is a hash function that uses a key to create a hash, or message digest.

True

The security kernel enforces access control of computer systems.

True

The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them.

True

Gary is configuring a Smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity?

Wi-FI

A(n) _____ is critical element in every corporate network today, allowing access to an organization's resources from almost anywhere in the world.

Wide area network (WAN)

The ___ is the central part of a computing environment's hardware, software, and firmware that enforces access control.

security kernel

Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?

Alice's private key

Host isolation is the isolation of internal net. works and the establishment of a(n)

DMZ

IP addresses are eight-byte addresses that uniquely identify every device on the network.

False

In known-plaintext attack (KPA), the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data might be.

False

Product cipher is an encryption algorithm that has no corresponding decryption algorithm.

False

Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.

False

Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid.

False

Temporal isolation is commonly used in combination with rule-based access control.

False

Terminal Access Controller Access Control System Plus (TACACS+) is an authentication server that uses client and user configuration files.

False

The four main types of logs that you need to keep to support security auditing include event, access, user, and security.

False

The term certificate authority (CA) refers to a trusted repository of all public keys.

False

What layer of the OSI Reference Model is most commonly responsible for encryption?

Presentation

Which of the following does NOT offer authentication, authorization, and accounting (AAA) services?

Redundant Array of Independent Disks (RAID)

Which item is an auditor least likely to review during a system controls audit?

Resumes of system administrators

A ___ is a device that interconnects two or more networks and selectively interchanges packets of data between them.

Router

Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?

SOC 3

Which VPN technology allows users to initiate connections over the Web?

SSL

What firewall approach is shown in the fgure?

Screened subnet

What firewall topology supports the implementation of a DMZ?

Screened subnet

Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?

Security information and event management (SIEM)

Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?

Separation of duties

In methods, the IDS compares curren traffic with activity patterns of a known network intrusion consistent with thos via pattern match. ing and stateful matching.

Signature-based

Which one of the following is an example of two-factor authentication?

Smart card and personal identification number (PIN)

Which one of the following principles is NOT a component of the Biba integrity model?

Subjects cannot change objects that have a lower integrity level.

Which of the following is an example of a formal model of access control?

The Clark and Wilson integrity model

A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match.

True

A keyword mixed alphabet cipher uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet.

True

A network attacker wants to know IP addresses used on a network, remote access procedures, and weaknesses in network systems.

True

A person demonstrates anonymity when posting information to a web discussion site without authorities knowing who he or she is,

True

A person demonstrates anonymity when posting information to a web discussion site without authorities knowing who he or she is.

True

In security testing data collection, observation is the input used to differentiate between paper procedures and the way the job is really done.

True

The OSI Reference Model is a theoretical model of networking with interchangeable layers.

True

The three basic types of firewalls are packet filtering, application proxy, and stateful inspection.

True

The two basic types of ciphers are transposition and substitution.

True

When vou use a control that costs more than the risk involved, you're making a poor management decision.

True

What technology is the most secure way to encrypt wireless communications?

WPA