ISMN 5730 exam 2 part 2
An IP address is composed of
32 bits, 4 number 254 digits possible
A complete conceptual model of systems including software, hardware and users is known as... Infrastructure diagram Architecture diagram Network topology System map
Architecture diagram (because it includes USERS)
Enterprise security architecture does not address... Configurations for technical infrastructure Strategic alignment Process enhancement Business enablement
Configurations for technical infrastructure COMPONENTS OF ESA - Strategic alignment - Process enhancement - Business enablement - Security foundation - Aligned with best practices
Which of the following is a common framework used to develop an Enterprise Security Architecture? Zechman Plott Goal-Process-Fit Cost-Benefit
Zechman/Zachman Framework
What is the initial requirement to be performed in establishing a business continuity plan? Agree on the scope of the plan Determine the site to be used during a disaster Demonstrate adherence to standard disaster recovery process Identify the applications to be run during a disaster
Agree on the scope of the plan
Which of the following best describes a hot site: Fully equipped back up center with external interfaces (power, water ect) and telecommunications, as well as complete computing resources on site Parallel processing location with actively running identical systems Prepared off site storage location containing basic facilities such as data connections and telecommunications but no computing resources Relocation of equipment during critical times
HOT SITE: Fully equipped back up center with external interfaces (power, water etc) and telecommunications, as well as complete computing resources on site MIRROR SITE: Parallel processing location with actively running identical systems
Which of the following is NOT a key strategy for developing a physical security program? Surveillance with high visual control Management support for physical measurements of security Controlled flow of movement through limited access Territoriality culture among employees
Management support for physical measurements of security
The most important goal of any BCP is: Preserve human life Ensure the survivability of the business Provide clear guidance for defining a disaster Minimize the downtime of critical systems
preserve human life (this is also the primary concern for physical security)
Which is not true of Enterprise Security Architecture? Development of the architecture is primarily end-user driven A strategic prospective of the organization is required to develop an enterprise security architecture A focus on alignment with business processes is important Architectures should be designed to support organizational goals
Development of the architecture is primarily end-user driven
Which of the following is generally not considered part of a data network? File server Mainframe Workstation End User
End User
A video streaming applet written in Java and downloaded to clients from a server presents the greatest threat of which type of attack? Denial of Service Buffer Overflow Back/Trap Doors Mobile Code/Content
Mobile Code/Content
When application developers fail to provide appropriate means in application source code to truncate or limit input string size into interface fields, the application becomes susceptible to which type of attack? Trap/Back Doors Mobile Code/Content Buffer Overflow Denial of Service
Buffer Overflow
Which of the following best explains BIA? It is the process of analyzing all business functions to determine the effect of IT outages in the business It is the process of updating the functions of the business after a disaster It is the process of documenting events during a disaster It is the process of managing the recovery at non-primary business sites
It is the process of analyzing all business functions to determine the effect of IT outages in the business
To resolve IP numbers to names and names to IP numbers is the function of
The DNS (domain name system)
Which should be the first step in establishing organization control for remote access? configure the open inbound parts on all network hardware devices Establish rules for the IPS and IDS devices Review all business use cases for users requesting remote access Publish a clear policy on remote access
publish a clear policy on remote access
Examples of types of physical access controls include all of the following EXCEPT: Passwords Gates Locks Guard stations
Passwords
Regarding application security, which is not a common issue that poses a potential threat? Trap/Back Doors Garbage Collection Check Sum Redistribution Object Reuse
Check sum redistribution
All of the following are goals of physical security, EXCEPT Detain Delay Detect Deter
Detain the goals are deter, delay, detect, assess, respond
Which of the following statements about OSI and TCI/IP is correct? TCP/IP includes seven layers OSI is the model upon which the TCP/IP protocol is based TCP/IP is a seven layer model of OSI OSI has 4 operational layers
OSI is the model upon which the TCP/IP is protocol is based
Which of the following examples would best fit the "Deter" goal of physical security? A ultrasonic sensor system that is deployed on the loading dock at the rear of a manufacturing facility A biometric lock system installed at an entry door in a building A dry pipe sprinkler systems that is installed in a data center server room A sign on a fence that reads "WARNING: Electrified Fence" that is installed around the HVAC system on the side of a building
A sign on a fence that reads "WARNING: Electrified Fence" that is installed around the HVAC system on the side of a building
In order of least allowable downtime to most allowable downtime, rank these recovery strategies: Mirror Site, Hot Site, Warm Site, Cold Site Warm Site, Cold Site, Hot Site, Mirror Site Mirror Site, Cold Site, Warm Site, Hot Site Cold Site, Warm Site, Hot Site, Mirror Site
Mirror Site, Hot Site, Warm Site, Cold Site
A camera located outside a server room door supports which of the following physical security objectives Process Delay Detect Review
Detect
In testing phase of an application development project, which is NOT a desirable characteristic of test data that will be used to evaluate a newly developed application? It should represent a wide range of possible data that could be entered in the system by users. It should be live real-time online data from the current production system. It should be able to be validate both before and after test runs. It should provide a means of checking upper and lower bounds of the system regarding field sizes, time, and dates.
It should be live real-time online data from the current production system. YOU'RE USING TEST DATA TO TEST A NEW APPLICATION
In the Project initiation phase of the system development life cycle, which is NOT an important consideration for a security professional? Perform Unit test to evaluate the security of code Conduct of Risk Analysis Identify appropriate security frameworks Identification of Security Needs
Perform Unit test to evaluate the security of code (the code hasn't been written yet!)
Which is not a principal benefit of an Enterprise Security Architecture? Promote a positive perspective for systems management across the enterprise Consistently manage IT risk across the enterprise Allow decision makers to make better and quicker security-related decisions across for the enterprise Reduce the costs of managing IT risk
Promote a positive perspective for systems management across the enterprise