Computer Network Technology

Put the steps of the penetration testing phase into the correct order. Attack Discovery Reporting Planning

3 2 4 1

The following statements about advanced persistent threats (APTs) are true.

APTs use obfuscation techniques that help them remain undiscovered for months or even years. APTs are often long-term, multi-phase projects with a focus on reconnaissance. APTs typically originate from sources such as organized crime groups, activists or governments.

These are considered functional areas of network management as defined by ISO.

Accounting management Security management Fault management performance management

The number and types of layers needed for defense in depth are a function of:

Asset value, criticality, reliability of each control and degree of exposure.

In practical applications:

Asymmetric key encryption is used to securely obtain symmetric keys

Business continuity plans (BCPs) associated with organizational information systems should be developed primarily on the basis of:

Business needs

____________________ is defined as "a model for enabling convenient, on-demand network access to a shared pool of configurable resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management or service provider interaction."

Cloud Computing

These three elements of the current threat landscape have provided increased levels of access and connectivity, and therefore increased opportunities for cyber crime

Cloud computing, social media and mobile computing

A segmented network:

Consists of two or more security zones

Outsourcing poses the greatest risk to an organization when it involves

Core business functions

The Internet perimeter should:

Eliminate threats such as email spam, viruses and worms. Control user traffic bound toward the Internet. Detect and block traffic from infected internal end points. Monitor and detect network ports for rogue activity.

Updates in cloud-computing environments can be rolled out quickly because the environment is:

Homogenous

NIST defines a(n) BLANK as a "violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices."

Incident

NIST defines a(n) ________ as a "violation of imminent threat of violation of computer security policies, acceptable use policies, or standard security practices."

Incident

Risk assessments should be performed

On a regular basis

Choose three. The key benefits of the DMZ system are:

Private network addresses arc not disclosed to the Internet. An intruder must penetrate three separate devices. Internal systems do not have direct access to the Internet.

Which of the following interpret requirements and apply them to specific situations?

Standards

A cybersecurity architecture designed around the concept of a perimeter is said to be:

System-centric

A _____ is based on logical rather than physical connections, and thus, it allows great flexibility.

VLAN

Which of the following offers the strongest protection for wireless network traffic?

WPA2

Which element of an incident response plan involves obtaining and preserving evidence?

containment

To which of the following layers of the Open Systems Interconnect (OSI) model would one map Ethernet?

data link

_____, also called malicious code, is software designed to gain access to targeted computer systems, steal information or disrupt computer operations.Word options: Standards, Vulnerability, Guidelines, Attack Vector, Policies, Risk, Threat, Asset, Patches, Identity Management, Malware, Rootkit, Payload, Procedure

malware

_____ are solutions to software programming and coding errors.

patches

_____ are solutions to software programming and coding errors.Word options: Standards, Vulnerability, Guidelines, Attack Vector, Policies, Risk, Threat, Asset, Patches, Identity Management, Malware, Rootkit, Payload, Procedure

patches

In an attack, the container that delivers the exploit to the target is called a(n) _____.Word options: Standards, Vulnerability, Guidelines, Attack Vector, Policies, Risk, Threat, Asset, Patches, Identity Management, Malware, Rootkit, Payload, Procedure

payload

The attack mechanism directed against a system is commonly called a(n):

payload

A passive network hub operates at which layer of the OSI model?

physical

_____ communicate required and prohibited activities and behaviors.Word options: Standards, Vulnerability, Guidelines, Attack Vector, Policies, Risk, Threat, Asset, Patches, Identity Management, Malware, Rootkit, Payload, Procedure

policies

The core duty of cybersecurity is to identify, respond to and manage _____ to an organization's digital assets.Word options: Standards, Vulnerability, Guidelines, Attack Vector, Policies, Risk, Threat, Asset, Patches, Identity Management, Malware, Rootkit, Payload, Procedure

risk

_____ is a class of malware that hides the existence of other malware by modifying the underlying operating system.Word options: Standards, Vulnerability, Guidelines, Attack Vector, Policies, Risk, Threat, Asset, Patches, Identity Management, Malware, Rootkit, Payload, Procedure

rootkit

_____ are sued to interpret policies in specific situations.

standards

A _____ is anything capable of acting against an asset in a manner that can cause harm.

threat

A(n) _____ is anything capable of acting against an asset in a manner that can cause harm.Word options: Standards, Vulnerability, Guidelines, Attack Vector, Policies, Risk, Threat, Asset, Patches, Identity Management, Malware, Rootkit, Payload, Procedure

threat