CYBR 3100 Final Exam Review (Chapter 6-12)

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Intrusion __________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.

Correction

Alarm filtering may be based on combinations of frequency, similarity in attack signature, similarity in attack target, or other criteria that are defined by the system administrators.

False

An advance-fee fraud attack involves the interception of cryptographic elements to determine keys and encryption algorithms.

False

An effective information security governance program requires constant change.

False

Authentication is a mechanism whereby unverified entities or supplicants who seek access to a resource provide a label by which they are known to the system.

False

Digital forensics involves chemical and microscopic analysis of evidence using computerized laboratory instruments.

False

Discretionary access control is an access control approach whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users.

False

Encryption methodologies that require the same secret key to encipher and decipher the message are using what is called public key encryption.

False

Hashing functions require the use of keys.

False

In the early stages of planning, the project planner should attempt to specify completion dates only for major employees within the project.

False

The __________ is typically considered the top information security officer in the organization.

CISO

The International Society of Forensic Computer Examiners (ISFCE) offers which certifications?

Certified Computer Examiner (CCE) and Master Certified Computer Examiner (MCCE)

__________ is the requirement that every employee be able to perform the work of another employee.

Task rotation

The capacity of UPS devices is measured using the voltage output rating.

False

The information security function cannot be placed within protective services in an organization's management structure.

False

The most common credential for a CISO-level position is the Security+ certification.

False

Mandatory access controls (MACs)

A required, structured data classification scheme that rates each collection of information as well as each user

__________ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.

HIDPSs

__________ occurs when an authorized person opens a door, and other people, who may or may not be authorized, also enter.

Tailgating

The use of standard job descriptions can increase the degree of professionalism in the information security field.

True

Access Control

A selective method by which systems specify who may use a particular resource and how they may use it. Rely on the following mechanisms: identification, authentication, authorization, and accountability

Discretionary access controls (DACs)

Access controls that are implemented at the discretion or option of the data user

Nondiscretionary controls

Access controls that are implemented by a central authority

Class __________ fires are best extinguished by agents that remove oxygen from the fire.

B

To evaluate the performance of a security system, administrators must establish system performance __________.

Baselines

Class __________ fires are safely extinguished only with non-conducting agents.

C

A(n) __________ is used to justify that the project will be reviewed and verified prior to the development of the project plan.

CBA

The __________ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.

CERT/CC

The __________ is an intermediate area between a trusted network and an untrusted network.

DMZ

One approach that can improve the situational awareness of the information security function uses a process known as __________ to quickly identify changes to the internal environment.

Difference analysis

A __________ system is designed to work in areas where electrical equipment is used. Instead of containing water, the system contains pressurized air.

Dry-pipe

__________ is the process of converting an original message into a form that is unreadable to unauthorized individuals.

Encryption

A technique used to compromise a system is known as a(n) ___________.

Exploit

A(n) _________ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.

FCO

A false positive is the failure of an IDPS system to react to an actual attack event.

False

The parallel operations strategy works well when an isolated group can serve as a test area, which prevents any problems with the new system from dramatically interfering with the performance of the organization as a whole.

False

The work breakdown structure (WBS) can only be prepared with a complex specialized desktop PC application.

False

Water damage from fire suppression systems is considered less dangerous to computer systems than hazardous chemicals like Halon.

False

Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as __________.

Fingerprinting

The Computer __________ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts.

Fraud

Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded.

Governance

__________ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.

Hash

A(n) __________ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.

IDPS

The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________.

Information security

The model commonly used by large organizations places the information security department within the __________ department.

Information technology

Detailed __________ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported.

Intelligence

_________ is the entire range of values that can possibly be used to construct an individual key.

Keyspace

Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs.

LFM

In the __________ process, measured results are compared against expected results.

Negative feedback loop

In a __________ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization.

Pilot

Interior walls only partially reach to the next floor, which leaves a space above the ceiling. This space is called a(n) __________.

Plenum

More advanced substitution ciphers use two or more alphabets, and are referred to as __________ substitutions.

Polyalphabetic

By managing the __________, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce.

Process of change

Using a database of precomputed hashes from sequentially calculated passwords called a(n) __________, an attacker can simply look up a hashed password and read out the text version.

Rainbow table

In most common implementation models, the content filter has two components: __________.

Rating and filtering

A __________ port, also known as a monitoring port, is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.

SPAN

The dominant architecture used to secure network access today is the __________ firewall.

Screened subnet

__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.

Security technicians

__________ is a cornerstone in the protection of information assets and in the prevention of financial loss.

Separation of duties

Authentication factors

Something you know (password, passphrase); something you have (dumb card, smart card, synchronous tokens, asynchronous tokens); something you are (relies upon individual characteristics, strong authentication)

__________ inspection firewalls keep track of each network connection between internal and external systems.

Stateful

Tasks or action steps that come after the task at hand are called __________.

Successors

A method of encryption that requires the same secret key to encipher and decipher the message is known as __________ encryption.

Symmetric

Accountability

The access control mechanism that ensures all actions on a system—authorized or unauthorized—can be attributed to an authenticated identity. Also known as auditability

Authorization

The access control mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels

identification

The access control mechanism that requires the validation and verification of an unauthenticated entity's purported identity

Authentification

The access control mechanism that requires the validation and verification of an unauthenticated entity's purported identity.

A process called __________ examines the traffic that flows through a system and its associated devices to identifies the most frequently used devices.

Traffic analysis

In IPSec's __________ mode, the data within an IP packet is encrypted, but the header information is not.

Transport

__________ applications use a combination of techniques to detect an intrusion and then trace it back to its source.

Trap and trace

A mandatory vacation provides the organization with the ability to audit the work of an individual.

True

A permutation cipher simply rearranges the values within a block to create the ciphertext.

True

A(n) known vulnerability is a published weakness or fault in an information asset or its protective systems that may be exploited and result in loss.

True

Authentication is the process of validating and verifying an unauthenticated entity's purported identity.

True

Each organization has to determine its own project management methodology for IT and information security projects.

True

If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well.

True

In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network.

True

In general, electrostatic discharge damage to chips produces two types of failures: immediate and latent.

True

Lattice-based access control is a form of access control in which users are assigned a matrix of authorizations for particular areas of access.

True

Over time, policies and procedures may become inadequate due to changes in the organization's mission and operational requirements, threats, or the environment.

True

Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall's database.

True

Physical security is as important as logical security to an information security program.

True

The Digital Signature Standard established by NIST is used for electronic document authentication by federal information systems. It is based on a variant of the ElGamal algorithm.

True

The primary benefit of a VPN that uses _________ is that an intercepted packet reveals nothing about the true destination system.

Tunnel mode

A device that assures the delivery of electric power without interruption is a(n) __________.

UPS

A __________ is the recorded state of a particular revision of a software or hardware configuration item.

Version

The goal of the project __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future.

Wrap-up


Kaugnay na mga set ng pag-aaral

The Old Testament-Ancestors of Faith

View Set

Maternity chapter 21: Intrapartum Nursing Assessment

View Set

Tableau Interview Questions for Exam 1

View Set

Section 4: Unit 8: Ethical Conduct Requirements for Licencees Exam

View Set

Question content area top Part 1 A list of cash receipts and cash payments for Exis Communications is presented below. Classify each amount as​ operating, investing, or financing. Use the direct method.

View Set

Literary Terms of the Week Definitions

View Set