Midterm cybersec
What term describes the longest period of time that a business can survive without a particular critical system?
Maximum tolerable downtime (MTD)
________________ is the fundamental security principle of keeping information and communications private and protection them from unauthorized access
Confidentiality
Takako is a security engineer for her company's IT department. She has been tasked with developing a security monitoring system for the company's infrastructure to determine when any network activity occurs outside the norm. What essential technique does she start with?
Baselines
Your organization has contracted with a security organization to test your network's vulnerability. The security organization is not given access to any internal information from the company. What type of test will the organization perform?
Black box testing
What is SSO?
A system that requires user credentials once and uses the same credentials for the entire session
Devaki is evaluating different biometric systems. She understands that users might not want to subject themselves to retinal scans due to privacy concerns. Which concern of a biometric system is she considering?
Acceptability
Your organization uses strong authentication and authorization mechanisms and has robust logging capabilities. Combined, what do these three elements provide?
Accountability
Which recovery site option provides readiness in minutes to hours?
Hot site
A user professes an identity by entering a user logon name and then enters a password. What is the purpose of the logon name?
Identification
Jane is in the finance department. Although she should not be able to modify files or folders from the marketing department, she can, and does. What security goal is compromised here? ___________.
Integrity
Of the following choices, what most accurately identifies the major drawback of SSO systems?
It risks maximum unauthorized access with compromised accounts.
You want to monitor the network for possible intrusions or attacks and report on any activity. What would you use?
NIDS
W__________________ is an executable program that attaches to, or infects, other executable programs and then replicates to infect yet more programs
Virus
A vulnerability assessment reports that a patch is not installed on a system, but you've verified that the patch is installed. What is this called?
False positive
What type of malware can spread without any user intervention?
Worm
Define the terms risk, threat and vulnerability
A risk is the likelihood that something will damage an asset A threat is something that can potentially damage an asset A vulnerability is a weakness or gap in a security system
Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the single loss expectancy (SLE)?
$2,000,000
Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore?
2
What is the primary goal of the Bell-LaPadula model?
Enforce confidentiality
Security professionals within your organization recently completed a security audit. Which of the following are valid steps to take after the audit is complete? (Select three.)
Evaluate controls Correct! Approve changes Correct! Implement fixes
An organization has hired you to perform a vulnerability assessment. Which of the following steps would you perform first?
Perform reconnaissance
________________________ is an attack that tricks users into revealing credentials or confidential information
Phishing
Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis?
Qualitative
When Sally turns her computer on, she sees a screen indicating software has encrypted all of her data files. A message indicates she must pay $300 within 48 hours to access the decryption key. What type of malware does this describe?
Ransomware
Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take?
Reduce
Which of the following identifies a system that requires a database to detect attacks?
Signature-based IDS
Authentication includes three types, or factors. Which of the following best describes these authentication methods?
Something you know, something you have, and something you are
A successful business impact analysis (BIA) maps the context, the critical business functions, and the processes on which they rely.
T
Arturo is a network engineer. He wants to implement an access control system in which the owner of the resource decides who can change permissions, and permission levels can be granted to specific users, groups of people in the same or similar job roles, or by project. Which of the following should Arturo choose?
dac
A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime.
disaster
A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.
f
A structured walk-through test is a review of a business continuity plan to ensure that contact numbers are current and that the plan reflects the company's priorities and structure.
f
Risk refers to the amount of harm a threat exploiting a vulnerability can cause.
f
The first step in the risk management process is to monitor and control deployed countermeasures.
f
With adequate security controls and defenses, an organization can oftenreduce its risk to zero.
f
Any component that, if it fails, could interrupt business processing is called a single point of failure (SPoF).
t
Implementing and monitoring risk responses are part of the risk management process.
t
In an incremental backup, you start with a full backup when network traffic is light. Then, each night, you back up only that day's changes.
t
Organizations should seek a balance between the utility and cost of various risk management options.
t
The recovery point objective (RPO) can come from the business impact analysis or sometimes from a government mandate, such as banking laws.
t
Which of the following actions is most appropriate if an employee leaves the company?
Disable the user's account as soon as possible.
What is a key principle of risk management programs?
Don't spend more to protect an asset than it is worth.
What term describes the risk that exists after an organization has performed all planned countermeasures and controls?
Residual risk
Your organization is updating its security policy. Management indicated that they want to address best practices associated with audit logs. Of the following choices, which ones are recommended best practices with audit logs? (Select all that apply.)
Review the logs regularly Correct! Archive logs for later review Store logs on remote servers
What type of malware takes control of the operating system at the kernel level?
Rootkit
Aditya is a network technician. He is collecting system data for an upcoming internal system audit. He is currently performing vulnerability testing to determine what weaknesses may exist in the network's security. What form of assessment is he conducting?
Security testing