IST 456 Final
Under lattice-based access controls, the column of attributes associated with a particular object (such as a printer) is referred to as which of the following? Sensitivity level Access matrix Access control list Capabilities table
Access control list
__________ are a component of the "security triple." Vulnerabilities Threats Assets All of the above
All of the above
Which of the following access control processes confirms the identity of the entity seeking access to a logical or physical area? Authorization Accountability Authentication Identification
Authentication
Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing is known as which of the following? Benchmarking Best practices Baselining Due diligence
Benchmarking
Problems with benchmarking include all but which of the following? Recommended practices change and evolve, thus past performance is no indicator of future success. Organizations being benchmarked are seldom identical. Organizations don't often share information on successful attacks. Benchmarking doesn't help in determining the desired outcome of the security process.
Benchmarking doesn't help in determining the desired outcome of the security process.
Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones? Clark-Wilson Common Criteria Bell-LaPadula Biba
Biba
A primary mailing list for new vulnerabilities, called simply __________, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited, and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists. Bugs Bugtraq Bugfix Buglist
Bugtraq
In the event of an incident or disaster, which planning element is used to guide off-site operations? Incident response Project management Disaster recovery Business continuity
Business continuity
When a disaster renders the current business location unusable, which plan is put into action? Incident response Business impact analysis Business continuity Crisis management
Business continuity
Which of the following is the first component in the contingency planning process? Business continuity training Disaster recovery planning Business impact analysis Incident response planning
Business impact analysis
The __________ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. US-CERT CM-CERT CERT/CC Bugtraq
CERT/CC
After an incident, but before returning to its normal duties, the CSIRT must do which of the following? Create the incident damage assessment. Conduct an after-action review. Restore data from backups. Restore services and processes in use.
Conduct an after-action review.
In which form of access control is access to a specific set of information contingent on its subject matter? Content-dependent access controls Temporal isolation None of these Constrained user interfaces
Content-dependent access controls
Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following? Preventative Compensating Deterrent Corrective
Corrective
What is the result of subtracting the postcontrol annualized loss expectancy and the ACS from the precontrol annualized loss expectancy? Cost-benefit analysis Exposure factor Annualized rate of occurrence Single loss expectancy
Cost-benefit analysis
Which of the following is a commonly used criteria used to compare and evaluate biometric technologies? Crossover error rate Valid accept rate False reject rate False accept rate
Crossover error rate
Which control category discourages an incipient incident? Compensating Remitting Preventative Deterrent
Deterrent
Strategies to reestablish operations at the primary site after an adverse event threatens continuity of business operations are covered by which of the following plans in the mitigation control approach? Business continuity plan Damage control plan Disaster recovery plan Incident response plan
Disaster recovery plan
What are the legal requirements that an organization adopts a standard based on what a prudent organization should do, and then maintain that standard? Baselining and benchmarking Best practices Due care and due diligence Certification and accreditation
Due care and due diligence
Which of the following InfoSec measurement specifications makes it possible to define success in the security program? Prioritization and selection Development approach Establishing targets Measurements templates
Establishing targets
Which of the following biometric authentication systems is considered to be truly unique, suitable for use, and currently cost-effective? Voice pattern recognition Fingerprint recognition Signature recognition Gait recognition
Fingerprint recognition
Which of the following is the best example of a rapid-onset disaster? Famine Hurricane Environmental degradation Flood
Flood
Which of the following is not a factor critical to the success of an information security performance measurement program? Quantifiable performance measurements Strong upper level management support High level of employee buy-in Results oriented measurement analysis
High level of employee buy-in
The optimum approach for escalation is based on a thorough integration of the monitoring process into the __________. ERP CERT IDE IRP
IRP
Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident? Incident registration Incident verification Incident identification Incident classification
Incident classification
Which of the following is true about a hot site? It is an empty room with standard heating, air conditioning, and electrical service. It duplicates computing resources, peripherals, phone systems, applications, and workstations. All communications services must be installed after the site is occupied. It includes computing equipment and peripherals with servers but not client workstations.
It duplicates computing resources, peripherals, phone systems, applications, and workstations.
Which of the following is true about symmetric encryption? It requires four keys to hold a conversation. It uses a secret key to encrypt and decrypt. It uses a private and public key. It is also known as public key encryption.
It uses a secret key to encrypt and decrypt.
Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary? Need-to-know Separation of duties Least privilege Eyes only
Least privilege
Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence? Information system faults Baselining Benchmarking Legal liability
Legal liability
The benefits of ISO certification to organizations achieving it include all of the following EXCEPT: Improved public image Lower taxes from governments Smoother operations Reduced costs
Lower taxes from governments
Which of the following describes an organization's efforts to reduce damage caused by a realized incident or disaster? Transference Avoidance Mitigation Acceptance
Mitigation
Once a control strategy has been selected and implemented, what should be done on an ongoing basis to determine their effectiveness and to estimate the remaining risk? Analysis and adjustment Evaluation and funding Review and reapplication Monitoring and measurement
Monitoring and measurement
Which access control principle limits a user's access to the specific information required to perform the currently assigned task? Eyes only Separation of duties Least privilege Need-to-know
Need-to-know
Which type of access controls can be role-based or task-based? Content-dependent Discretionary Constrained Nondiscretionary
Nondiscretionary
The __________ process is designed to find and document vulnerabilities that may be present because there are misconfigured systems in use within the organization. ISP ASP PSV SVP
PSV
What tool would you use if you want to collect information as it is being transmitted on the network and analyze the contents for the purpose of solving network problems? Content filter Vulnerability scanner Packet sniffer Port scanner
Packet sniffer
__________, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a malicious external source (hacker). Attack testing Penetration simulation Penetration testing Attack simulation
Penetration testing
Which of the following terms is described as the process of designing, implementing, and managing the use of the collected data elements to determine the effectiveness of the overall security program? Standards of due care/diligence Performance management Best practices Baselining
Performance management
In which cipher method are values rearranged within a block to create the ciphertext? Monoalphabetic Substitution Vernam Permutation
Permutation
Which of the following determines acceptable practices based on consensus and relationships among the communities of interest? Political feasibility Operational feasibility Organizational feasibility Technical feasibility
Political feasibility
Which tool can best identify active computers on a network? Packet sniffer Honey pot Port scanner Trap and trace
Port scanner
Which technology employs sockets to map internal private network addresses to a public address using a one-to-many mapping? Private address mapping Screened-subnet firewall Port-address translation Network-address translation
Port-address translation
__________ allows for major security control components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate. Program review System review Project review Application review
Program review
Which of the following is an organizational CP philosophy for overall approach to contingency planning reactions? After-action review Transfer to local/state/federal law enforcement Track, hack, and prosecute Protect and forget
Protect and forget
What does FAIR rely on to build the risk management framework that is unlike many other risk management frameworks? Subjective prioritization of controls Risk analysis estimates Qualitative assessment of many risk components Quantitative valuation of safeguards
Qualitative assessment of many risk components
Which of the following can be described as the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility? Risk assurance Risk termination Residual risk Risk appetite
Risk appetite
Which of the following is not a consideration when selecting recommended best practices? Threat environment is similar Resource expenditures are practical Organization structure is similar Same networking architecture
Same networking architecture
Which of the following specifies the authorization classification of information asset an individual user is permitted to access, subject to the need-to-know principle? Task-based access controls Discretionary access controls Sensitivity levels Security clearances
Security clearances
By multiplying the asset value by the exposure factor, you can calculate which of the following? Single loss expectancy Annualized cost of the safeguard Annualized loss expectancy Value to adversaries
Single loss expectancy
Which of the following is not among the three types of authentication mechanisms? Something a person sees Something a person has Something a person can produce Something a person knows
Something a person sees
Which type of firewall keeps track of each network connection established between internal and external systems? Cache server Stateful packet inspection Application layer Packet filtering
Stateful packet inspection
A time-release safe is an example of which type of access control? Temporal isolation Nondiscretionary Content-dependent Constrained user interface
Temporal isolation
Which of the following is a mathematical tool that is useful in assessing the relative importance of business functions based on criteria selected by the organization? Weighted table analysis Recovery time organizer BIA questionnaire MTD comparison
Weighted table analysis
Which of the following is not a question a CISO should be prepared to answer, about a performance measures program, according to Kovacich? What affect will measurement collection have on efficiency? Who will collect these measurements? Why should these measurements be collected? Where will these measurements be collected?
What affect will measurement collection have on efficiency?
At what point in the incident life cycle is the IR plan initiated? Before an incident takes place. Once the DRP is activated. Once the BCP is activate When an incident is detected that affects the organization.
When an incident is detected that affects the organization.
__________ penetration testing is usually used when a specific system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target. White box Black box Gray box Green box
White box
To evaluate the performance of a security system, administrators must establish system performance __________. profiles maxima baselines means
baselines
The financial savings from using the defense risk treatment strategy to implement a control and eliminate the financial ramifications of an incident is known as __________. asset valuation cost avoidance risk acceptance premium probability estimate
cost avoidance
One approach that can improve the situational awareness of the information security function is to use a process known as __________ to quickly identify changes to the internal environment. revision baselining differentials difference analysis
difference analysis
When vulnerabilities have been controlled to the degree possible, there is often remaining risk that has not been completely removed, shifted, or planned for and is called __________. residual risk risk assurance risk tolerance risk appetite
residual risk
