MIS 415 TEST 2

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Many organizations are moving to virtualized infrastructures because (select all that apply):

- It reduces physical server counts - It reduces power & HVAC consumption - It reduces downtimes

Why do attackers find opportunities to fulfill their motives? Select all that apply.

- Poor infrastructure management - Install and forget dilemma - Poor account administration - Inadequate awareness

When a threat becomes a valid attack, it is classified as an information security incident if: (check all that apply):

-It is directed against information assets -It threatens the confidentiality, integrity, or availability of information assets -It has a realistic chance of success

New countermeasures have reduced a company's 40% vulnerability risk BY 30%. What is the new percentage of this company's remaining residual risk for the vulnerability?

28%

Given the address 128.196.35.40, which part of the address represents a host number on the subnet?

40

A multi-component threat that uses a variety of access points to penetrate or glean information is:

A Multi-vector threats

Which of the following is NOT true of Asymmetric encryption?

A receiver can use either of the two keys, used by the sender, to decrypt a message

The process of mutual authentication involves:

A user authenticating to a system and the system authenticating to the user

A vulnerability is:

A weakness in design, procedure or defenses

Disaster Recovery and Business Continuity are really the same thing. That is why many combine them into a Business Resumption Plan.

FALSE

Employees are not as much of a security problem as technology.

FALSE

For log files derived from high impact systems, encrypting rotated and archived log files is not recommended because it would increase the access difficulty for analysts.

FALSE

IPSec has two modes: Tunnel Mode and Connectionless Mode.

FALSE

If you use a Message Digest function on a 5 page document, the resulting signature will be 5 pages of cipher text.

FALSE

In business continuity, a cold site offers faster recovery time than a hot site.

FALSE

In cryptology, the smaller the size of the key space, the stronger the encryption and the more difficult it to break.

FALSE

In encryption, if one loses the key, the data can always be de-crypted by other means.

FALSE

In general, configuration management of a database management system is not a point of vulnerability because the default settings from the vendor are always set for the most secure scenario.

FALSE

In the second phase of the 6-phase planning approach cycle, risks are identified and ranked.

FALSE

Information Security policies only exist to avoid litigation.

FALSE

It is not a good idea to include components of information security in performance reviews.

FALSE

It is not possible to eavesdrop on modern smartphone conversations.

FALSE

MD5 and SHA-1 are examples of block encryption algorithms.

FALSE

Mandatory Access Controls are standard in all database managemetn systems.

FALSE

Metrics are really only useful to the CEO and top managers.

FALSE

Mobile applications are not susceptible to malware and virus problems.

FALSE

Most database encryption mechanisms solve the problem of securing data-at-reset as well as data-in-motion.

FALSE

Most planning approaches have 3 basic levels: strategic, tactical and disaster planning.

FALSE

Most technical vulnerabilities exist in hardware and firmware.

FALSE

NoSQL database use Structured Query Language.

FALSE

OSI is a set of rules that describes how security devices stop attacks.

FALSE

Oversimplification of a security metric, for the sake of clarity, is advisable.

FALSE

PCI DSS is a law applying to all federal, state, and local government agencies.

FALSE

PKI is a special encryption system.

FALSE

Risk assessment is the actual treatment of risk.

FALSE

SETA is a program that derives long-term benefits not short-term benefits.

FALSE

Security Information and Event Management (SIEM) systems are based on a single standard and most are non-proprietary.

FALSE

Strategic planning is "what are we going to do?" and "how are we going to do it?"

FALSE

The SQL statement "DROP TABLE employee" only removes the index associated with the employee table.

FALSE

The certificate revocation list (CRL) is an element of the registration portion of the PKI chain of trust.

FALSE

The majority of cyber attacks are shifting from financial gain motives to more ego and political motives.

FALSE

Today's threat trends show attackers having high knowledge and skill backgrounds regarding exploits.

FALSE

Transparent Data Encryption protects data-in-motion to and from the application and database system.

FALSE

Using a Message Digest is a good way to encrypt a document.

FALSE

While SQL injection can be used to gain unintended access, it can never be used to escalate privileges.

FALSE

Which of the following would not be an Applications Log File category? Select the best answer.

Firewall logs

Which of the following is not an advantage of a centralized access control administration?

Flexibility

COBOL Top-Down

Helps planners identify and prioritize critical unit functions

Why are business unit analysis important in the BIA process?

Helps planners identify and prioritize critical unit functions

An access control model should be applied in a _________ manner.

Preventive

Which of the following is not true regarding IPSec?

In Transport Mode, the entire IP packet is encrypted

A user with read-only view privileges is able to modify a value in a database field. This is an example of which primary database threat?

Integrity

What is the reason for enforcing the separation of duties?

No one person can complete all the steps of a critical activity

A company is considering two expensive countermeasures to reduce a risk. The impact of this particular attack type, on the company, is estimated at $1,500,000 in losses. The company feels there is a 40% chance of the incident occurring. Option-A would cost $100,000 and reduces the chance of the occurrence from 40% to 25%Option-B would cost $120,000 and reduces the chance of occurrence from 40% to 20%What is the Return on Security Investment (ROSI) for both options?

Option-A = $125,000 and Option-B = $180,000

A company is considering two expensive countermeasures to reduce a risk. The impact of this particular attack type, on the company, is estimated at $1,500,000 in losses. The company feels there is a 40% chance of the incident occurring.Option-A would cost $100,000 and reduces the chance of the occurrence from 40% to 25%Option-B would cost $120,000 and reduces the chance of occurrence from 40% to 20%What is the Return on Security Investment (ROSI) for both options?

Option-A = $125,000 and Option-B = $180,000

In discretionary access control security, who has delegation authority to grant access to data?

Owner

Which of the following is the industry standard for securing credit card data?

Payment Card Industry Data Security Standard

Which of the following roles in Log Management Planning is typically responsible for managing and monitoring the log management infrastructure?

Security Administrators

Which of the following would be an example of the awareness training aspect discussed in the NIST model?

Security awareness posters in staff lounges

What determines if an organization is going to operate under a discretionary, mandatory, or non-discretionary access control model?

Security policy

Log compression and reduction is a feature of which Log Management Infrastructure Function? Select the best answer.

Storage

What does SQL stand for?

Structured Query Language

Match each security policy type with its best match.

System-specific = Managerial and technical guidance Enterprise = Link to vision and mission statements Issue-specific = An overall policy regarding document storage

Which of the following protocols is considered connection oriented?

TCP

A Business Continuity Plan ensures that critical business functions can continue in the case of a disaster.

TRUE

A Business Continuity Plan is typically invoked or executed after a devastating attack or disaster that cripples an organization's primary site of business.

TRUE

A Key Performance Indicator (KPI) is a measure of how well something is being done.

TRUE

A Media Access Control address uniquely identifies a network interface card.

TRUE

A TCP handshake exchange is often used by hackers to gather information on which systems are reachable in a network.

TRUE

A layer 3 switch can also serve as a router.

TRUE

A major challenge for log file collection is that systems use different formats and date/time markings for log entries.

TRUE

A packet filtering firewall looks at the destination and source addresses, ports, and services.

TRUE

A single countermeasure may eliminate multiple threats beyond what the countermeasure was originally intended.

TRUE

A transaction Manager is a function of the database management software.

TRUE

After the creation of a formal policy to establish business continuity plans, a BIA is the first major phase in the business contingency planning cycle.

TRUE

An Intrusion Prevention System (IPS) monitors suspicious network traffic and can react to block traffic in real-time.

TRUE

An RFID tag is an electronic device that holds data.

TRUE

An organization's risk appetite defines the level of acceptance as it evaluates security control trade-offs.

TRUE

Awareness training is informational and attempts to provide recognition. It serves to answer the "what" questions of security.

TRUE

Because the attention span of people is short, awareness training must be repeated and refreshed frequently.

TRUE

Business Resumption focuses on the remaining unrestored functions of an organization after a disaster.

TRUE

Collecting logs from Tier-1 hosts onto multiple intermediate servers and subsequently transmitting the logs centrally is a valid configuration for Tier-2 architecture.

TRUE

Crisis Management is a series of focused steps that deal with the safety and state of employees and their families during and after a disaster.

TRUE

Cryptanalysis is a process of deciphering the original message from an encrypted message without knowing the algorithm and keys.

TRUE

DES is a less desirable encryption cipher than AES because of the size of its key space.

TRUE

Data can be easily transferred to a mobile device just like a USB thumb drive.

TRUE

Database Shadowing options for BC is essentially the same as combining capabilities of Electronic Vaulting and Remote Journaling.

TRUE

Digital signatures are used to verify the authorship or origin of digital data.

TRUE

Due to a lack of quality Business Continuity planning, over half of the businesses, forced to close their doors because of a disaster, never reopen.

TRUE

Encapsulation is a term that describes the addition of headers and trailers onto a data payload as it is makes its way from layer 7 to layer 1 of the OSI model.

TRUE

Encryption key management is often seen as a risk associated with database encryption.

TRUE

Ensuring a critical business partner has proper countermeasures in place is, in itself, a form of countermeasure for an organization.

TRUE

Full interruption testing of business continuity plans are not frequently (if at all) done by most organizations because they are expensive and disruptive to operations.

TRUE

HTTP is an example of a protocol handled at the Application layer of the OSI model.

TRUE

If a VPN connection is established from home with a device within a corporate network, any potentially harmful packets will go undetected by the corporate Intrusion Detection System.

TRUE

If a disaster is bad enough, a Business Continuity Plan could be executed prior to or concurrent with a Disaster Recovery Plan.

TRUE

If an ethical hacker hacks into a site, without explicit authorization, with the intend to notify the owner of a vulnerability, it is a crime.

TRUE

If an organization does not have a vulnerability for a known threat vector then an immediate threat does not exist.

TRUE

If countermeasures are adequate to stop an attack, then the attack does not become an incident.

TRUE

In DR Planning, the purpose of examining existing countermeasures is to identify how well an organization is prepared for a disaster or if new or updated controls are necessary.

TRUE

In SQL, system level privileges of CREATE, ALTER and DROP allow actions on database tables, indexes and views.

TRUE

In the Crisis Management phase of the 6-phase approach protocols are established to assess and limit damage.

TRUE

Incident Response Planning uses the BIA to focus in on what countermeasures, if any, exist and if they are adequate to mitigate an end-case scenario threat.

TRUE

Information Security training is oriented towards skills and practical knowledge and attempts to answer the "how" questions.

TRUE

It is possible to infect an RFID tag and have the malware transfer to back-end databases when the tag is scanned.

TRUE

Kerberos is a client/server authentication mechanism.

TRUE

Logs are necessary for regulatory compliance areas like FISMA and SOX.

TRUE

Man-in-the-Middle attacks are accomplished by ARP cache poisoning and becoming the "router" between two network nodes.

TRUE

Metrics enable an understanding of security controls and allow an organization to focus limited resources on that which most needs fixing.

TRUE

Most information security frameworks are initiated out of an organization's risk assessment and the need to mitigate risk.

TRUE

Operational planning is short term in nature.

TRUE

Oreck's disaster recovery plan was to use their New Orleans site in the case of a disaster at Long Beach and visa-versa.

TRUE

PCI DSS applies to public and private sectors where an organization accepts, processes, stores, and transmits credit or debit card data.

TRUE

PCI DSS focuses on merchants and merchant service providers.

TRUE

Planning is a process that creates and implements strategies oriented towards the accomplishment of organizational objectives.

TRUE

Policies must have enforced consequences to be effective.

TRUE

Qualitative metrics are subjective in nature.

TRUE

Quantitative metrics are actual number values that are tracked over time.

TRUE

Residual Risk is an uncovered element of a vulnerability (known or unknown) resulting from the level and effectiveness of safeguards.

TRUE

SQL injection is one of the most prominent forms of web hacking.

TRUE

Security awareness training must be taken to the employees and be consistent, to the point and repeated frequently.

TRUE

Security planning is the best first step towards effective countermeasures.

TRUE

Security reviews are a less formal means of auditing and are typically done to checkpoint the effectiveness of security measures.

TRUE

TDE allows for transparent data encryption for authorized access users.

TRUE

The DBA role has all database administration privileges.

TRUE

The OSI session layer handles connections between applications while the transport layer handles connections between systems.

TRUE

The bottom-up approach to metrics yields the most easily obtainable metrics however many metrics collected in this approach may not be suitable for top-management.

TRUE

The goal of SecSDLC is to ensure information security is addressed throughout a project's life cycle.

TRUE

The network database type is a modification of the Hierarchical type which added more flexibility and many-to-many relationship ability.

TRUE

Top-down approaches to metric formation is often easier when identifying the metrics that Should be in place.

TRUE

Transparent Data Encryption, whether column or table level, is a two-tiered based encryption architecture.

TRUE

WPA is preferred over WEP for use in wireless encryption.

TRUE

Wireless LANs are susceptible to the same protocol-based attacks that plague wired LANs.

TRUE

With TDE, individual columns in a table can be encrypted if they have sensitive information.

TRUE

Why did Oreck's disaster recovery plan fail?

The disaster recovery site was too close and was also rendered unusable

You run the phrase "I love fruit" through a message digest function. Then you change the phrase to "I love fruet" and run it through the message digest function again. What would you notice?

The signature or fingerprint of the message would change

A window of vulnerability is (select the best answer):

The time-frame within which defense measures are reduced, compromised or lacking

Which of the following statements correctly describes passwords?

They are the least expensive and least secure

Which of the following statements correctly describes biometric methods?

They are the most expensive and provide the most protection

DES and 3DES are examples of:

cipher algorithm

Which of the following information assurance areas is the main benefactor of encryption?

confidentiality

If a table has many columns that contain sensitive information, which TDE approach would be more applicable?

tablespace encryption

Which of the following are points of the threat vector model?

Agents Motive Means Opportunity

Which of the following would not be a security precaution for a mobile device? Select the best answer.

All of above are valid - VPN for connections - Screenlock password - File encryption -Disallow rogue Wi-Fi connections

Which of the following is true with respect to SETA programs? Select the best answer.

All of the above

Which of the following is true with respect to SETA programs? Select the best answer.

All of the above - Encourages desirable behavior from employees - Strengthens organizational defensive layers - Helps employees see their role in security - Reduces an organization's risk

From a media perspective, why is it important to consider log retention times?

All of the above -Media shelf-life -Media readability - Environmental requirements

Which of the following would be considered a Security Auditing tool? Select the best answer.

All of the above are Security Auditing tools - Social Engineering - Security Checklists - Web application testers - Vulnerability scanners

Which of the following would not be an element of a security program? Select the best answer.

All of the above are elements

Which of the following would not be considered a valid countermeasure (select the best answer)?

All of the above are valid countermeasures -- Anti-Spyware software Awareness training Spare hard drives for systems Encryption of data in transit Policy and procedures on account retirement

What is the major difference between security auditing and security monitoring? Select the best answer.

Audits are generally periodic evaluations while monitoring is an ongoing or constant activity to ensure compliance

A password is mainly used for what function?

Authentication

What role does biometrics play in access control?

Authentication

What type of attack attempts all possible solutions?

Brute force

A company's past year Annual Loss Expectancy (ALE) for a particular vulnerability was $50,000. New security measures were put in place which brought the current year's ALE down to $30,000. IF the annual cost of the security measure is $10,000, what is the current Cost Benefit Analysis (CBA) figure associated with this measure?

$10,000

The estimated annual impact cost of a particular security incident is $10,000. The probability of the incident occurring is estimated at 30%. If a security device is purchased (costing $5,000) the current probability of the incident occurring is reduced by (not reduced to) 5%. What is the Modified Annual Loss Expectancy (mALE)?

$2,850

Which of the following is the correct risk evaluation formula (L=likelihood, A=asset value, C=control mitigation, U=uncertainty):

(L x A) - C + U

Risk estimates for a particular vulnerability are calculated as

(Likelihood x Asset Value) -percentage of current controls + percentage of uncertainty

Risk estimates for a particular vulnerability are calculated as:

(Likelihood x Asset Value) -percentage of current controls + percentage of uncertainty

Which of the following are points of the threat vector model?

- Agents - Motive - Means - Opportunity

Place the risk assessment steps in the proper order.

1 - System Characterization 2 - Threat Identification 3 - Vulnerability Identification 4 - Control Analysis 5 - Likelihood Determination 6 - Impact Analysis 7 - Risk Determination 8 - Control Recommendation 9 - Results Documentation

Place the risk assessment steps in the proper order.

1 System Characterization 2 Threat Identification 3 Vulnerability Identification 4 Control Analysis 5 Likelihood Determination 6 Impact Analysis 7 Risk Determination 8 Control Recommendation 9 Results Documentation

Place the following SecSDLC phases in proper order.

1. Investigation 2. Analysis 3. Logical Design 4. Physical Design 5. Implementation 6. Maintenance

Place the following planning events in their most proper order.

1. Organizational Strategy 2. Information Technology Strategy 3. Information Security Strategy 4. Information Security Tactical Planning 5. Information Security Operational Planning

Place the following Information Security Program Life Cycles in their proper order.

1. Plan & Organize 2. Implement 3. Operate & Manage 4. Monitor & Evaluate

A company's past year Annual Loss Expectancy (ALE) for a particular vulnerability was $50,000. New security measures were put in place which brought the current year's ALE down to $30,000. IF the annual cost of the security measure is $10,000, what is the current Cost Benefit Analysis (CBA) figure associated with this measure?

10,000

Asset A has been assigned a value of 50, a vulnerability likelihood of 0.5, and a current control that addresses 50% of the risk. What would be its determined risk rating factor value (assume uncertainty of 20%)?

17.5

If an asset has a value of 30 and a vulnerability with a 0.75 likelihood, what is the risk factor?

22.5

What is the difference between a Recovery Time Objective and a Recovery Point Objective? Select the best answer.

An RTO deal with the amount of time until an operation or service is made available after a disaster while an RPO deals with how current data backups are.

A countermeasure is: (select the best answer)

An action, process, device, or system that prevents or mitigates threats

How is a challenge/response protocol utilized with token device implementations?

An authentication service generates a challenge, and the smart token generates a response based on the challenge

Match the following business continuity plans with their respective purpose or scope.

CMP = Addresses human issues and communication with personnel and public DRP = Procedures to recover from a disaster IRP = Focus is on immediate responses to incidents affecting systems and/or networks BCP = Procedures for the relocation of business functions to an alternate site

Match the following frameworks with the phrase that best describes each.

COBIT = Framework for IT Governance COSO = Used by many organizations with Sarbanes-Oxley requirements ISO 17799 = Plan, Do, Check, Act SABSA = Focuses on Business processes and slices organizations up into process layers ISO 27001 = Considered best practices for controls and improving Information Security Management Systems

Which of the following would not be considered an information security related planning framework?

COBOL Top-Down

What do the following SQL statements do? CREATE ROLE committee; GRANT SELECT ON invite-table TO committee; GRANT committee to Mary;

Creates a role called "committee" and grants the role the select privilege on the invite-table. Then it grants the role to Mary.

What is the difference between disaster recovery (DR) and business continuity (BC)? Select the best answer.

DR focuses on resuming at the primary site. BC focuses on an alternate site

Documentation on the structure of database tables, the fields in the tables and key linkage between tables is typically known as:

Database Schema

Match the following BC storage options.

Database Shadowing: Remote storage of database and transactions in real time Electronic Vaulting: bulk batch transfer of data to off-site location Remote Journaling: Remote storage of transactions only

Which access control method is user-directed?

Discretionary

Which model implements access control matrices to control how subjects interact with objects?

Discretionary

Disaster Recovery and Business Continuity are never executed concurrently.

FALSE

Which of the following would not be a goal of Disaster Recovery Planning?

Ensure an alternate site as adequate resources to facilitate operations

Which of the following would not be considered attacker motivation?

Errors and omissions

Which of the following would not be a step in log management planning? Select the best answer.

Establish operational backup procedures

A Business Continuity Plan focuses on recovering operations at an organization's primary site.

FALSE

A Key Risk Indicator (KRI) is a measurement of how well something is doing.

FALSE

A SETA program is geared towards implementing technology countermeasures.

FALSE

A metric is a point-in-time view of specific factors generated from raw data whereas a measurement is the comparison of predetermined baselines of two or more factors taken over time.

FALSE

AES is a stronger block encryption cipher than DES because it uses variable block sizes and a key length of up to 256 bits.

FALSE

After Hurricane Katrina, it took Oreck Corporation over 6 months until they were able to get business functioning.

FALSE

Application data encryption and compression requirements are a function of OSI layer 1.

FALSE

As a sound security practice, wireless networks should always broadcast the SSID so that user can see it and connect to it.

FALSE

As contingency measures become more highly available, the cost and degree of complexity tend to decrease.

FALSE

Awareness training is an insight level of increasing one's understanding regarding why something happens.

FALSE

Business continuity planning is that done for dealing with daily technology and security incidents.

FALSE

Business drivers are high-level concerns based on tactical goals and objectives of the organization.

FALSE

Match the following continuity site strategies with their respective descriptions.

Hot Site = Fully configured computer facility with all services Service Bureaus = Agencies that provide physical facilities Mutual Agreement = Contract of assist between two organizations Warm site = Functional site but without applications and not kept fully prepared. Cold site = Rudimentary services and facilities

Match the terms with their corresponding definitions.

Hot site: fully configured computer facility with all services, communication links, and physical plant operations Warm Site: fully functional site without up-to-date configurations and applications Time-Share: a site leased in conjunction with a business partner or sister organization Mutual Agreement: contract between two organizations for each to assist the other in the event of a disaster Cold Site: provides only rudimentary services and facilities

A policy describing the protection of privacy would be which type of policy?

Issue-Specific Security Policy

Why is an alert roster important in incident response? (select the best answer)

It allows the organization to alert the right people in the correct order.

Which of the following is NOT true of Symmetric encryption?

It is not as efficient as Asymmetric encryption

Why is a Business Impact Analysis important to contingency planning? Select the best answer.

It provides an assessment of the impact of various attacks on operations and ability to recovery from such attacks

What does the SQL statement "REVOKE ALL ON invite-table FROM Mary;" do?

It takes all privileges away from Mary on the invite-table

The specifications for Category 5E wire would be a concern at what layer of the OSI model?

Layer 1

Which of the following categories is not one considered in establishing log management policies? Select the best answer.

Log Retro-scheduling

Verifying the log frequency settings on a host generating required logs is part of which Log Source operational task?

Log generation

In what phase of the 6-phase planning cycle are countermeasures and controls deployed?

Phase 4

Which of the following is not a phase of the 6-phase planning approach?

Physical Site

Which of the following is not a characteristic of block ciphers?

Plain text is transformed one digit at a time

Which of the following would not be a typical duty of operational log management? Select the best response.

Plan log collections

Which of the following best represents the order regarding security policy formation?

Policy, standards, (practices, guidelines, procedures)

Which two of the following best describes the difference between CP and Risk Management? Select the best two answers.

Risk management encompasses the broad range of activities to identify, control, and mitigate risk & CP assumes that controls have failed and seeks to recover from such failures

Which access control policy is enforced when an environment uses a non-discretionary model?

Role based

Regarding an organization's manner of credit card processing. An organization uses a standalone dial-out terminal unit (which is not connected to other systems or the Internet), does not store card holder information, and keeps paper reports or receipts only. What Self Assessment Question (SAQ) and Scan Levels would it be required to comply with?

SAQ B and No Scan

Regarding an organization's manner of credit card processing. An organization uses a standalone dial-out terminal unit (which is not connected to other systems or the Internet), does not store card holder information, and keeps paper reports or receipts only.What Self Assessment Question (SAQ) and Scan Levels would it be required to comply with?

SAQ B and No Scan

Which of the following is a TCP handshake to open a connection?

SYN - SYN/ACK - ACK

Match the OSI layers with their descriptions.

Session = Application-to-Application connections Transport = Host-to-Host connections Physical = Electronic signals Data Link = Packet Framing Network = IP Routing Presentation = Compression, encryption, reformatting from applications Application = Service to applications

A LAN Attack does which of the following:

Sets the source and destination address of an IP packet to the same address

Which of the following is not true regarding the role of security planning?

Should be a bottom-up approach

Which of the following would not be an important consideration when designing a log management infrastructure? Select the best answer.

Size of Incident Response Team

If you wanted to hide a message, or digital image, within another image, what technique would you use?

Steganography

Match the Contingency Planning Steps with their descriptions.

Step 1 = Develop Contingency Planning Process Step 2 = Conduct BIA Step 3 = Identify Preventive Controls Step 4 = Develop Recovery Strategies Step 5 = Develop Contingency Plan Step 6 = Plan Testing and Training Step 7 = Plan Maintenance

Match the terms with their definitions.

Threat vector - the channel or mechanism used for attack Attack - exploit or circumvent control Vulnerability - exploitable weakness Threat - the possibility of an attack

Which architecture tier of log management infrastructures collects and aggregates log files? Select the best response.

Tier-2 Log Analysis and Storage

What is the primary role of the OSI network layer?

To ensure a network-bound data packet contains routable information

Match the risk strategies with the appropriate description.

Transference - purchasing insurance Acceptance - Do nothing Avoidance - Implementing Controls or Countermeasures Mitigation - Reduces impact of damage through planning

Match the following OSI layers with their data types.

Transport: Segments Network: Packets Data Link: Frames Physical: Bits Application: Data

What is derived from a passphrase?

Virtual password

Match the following planning precursors with their definitions.

Vision Statement: Articulates what the organization wants to look like. Value Statement: Statement of qualities and principles matched with benchmarks. Mission Statement: More explicit in declaring the business of the organization and intended operations.

Which of the following would not be considered software that would assist in managing logs?

Visual Studios Debugger

Which of the following would not be considered a log file category? Select the best answer.

Vulnerability scans

Asset A has a value of 50 and two vulnerabilities. Vulnerability 1 has a likelihood of 0.8 and no controls. Vulnerability 2 has a likelihood of 0.3 and a control that mitigates 40% of the vulnerability. Assuming an uncertainty level of 10%, what would the risk factor be for both vulnerabilities?

Vulnerability-1: 44 Vulnerability-2: 10.5

Which provides the best authentication?

What a person has and knows

A hacker gains access to an application that works with data in the database. The hacker is able to view and modify sensitive information. Before leaving, the hacker was able to elevate privileges and remove an index on a database table. the table became inaccessible. Which of the following best represents the database threats seen in this scenario?

confidentiality, integrity and availability

An error in a database stored procedure, used by the database administrator, accidentally dropped a system table. Within seconds the database was inaccessible. Which of the following bests represents the database threats seen in this scenario?

integrity and availability

What does the SQL statement "GRANT SELECT ON employee TO Tom;" do?

it allows Tom to view records in the employee table

Database flow control mechanisms primarily:

regulate the distribution of information between database objects

In cryptographic systems, the key space is:

the entire range of values that can possibly be used to construct and individual key


Kaugnay na mga set ng pag-aaral

Exercise Physiology Test 1 Dillon

View Set

Variations in the Second Heart Sound - S2

View Set

Systematic Theology (Dr. Wayne Grudem)

View Set

AP Macro Spending and Tax Multiplier

View Set