Chapter 3

You have conducted a risk analysis to protect a key company asset. You identify the following values: *Asset value = 400 *Exposure factor = 75 * Annualized Rate of Occurrence =.25 What is the Single Loss Expectancy (SLE)?

300

You have conducted a risk analysis to protect a key company asset. You identify ff. values: *Asset value = 400 *Exposure factor = 75 * Annualized Rate of Occurrence =.25 What is the Annualized Loss Expectancy (ALE)?

75

What is a service level agreement (SLA)?

A guarantee of a specific level of service

Masquerading

An attacker convinces personnel to grant access to sensitive information or protected systems by pretending to be someone who is authorized and/or requires that access.

Piggybacking

An attacker enters a secured building by following an authorized employee through a secure door without providing identification.

Spear Phishing

An attacker gathers personal information about the target individual in an organization

Whaling

An attacker gathers personal information about the target individual, who is a CEO.

Phishing

An attacker pretending to be from a trusted organization sends an email asking users to access a website to verify information.

Whaling

An attacker pretending to be from a trusted organization sends emails to senior executives and high-profile personnel asking them to verify personal information or send money.

Dumpster diving

An attacker searches through an organization's trash looking for sensitive information

Vishing

An attacker uses a telephone to convince target individuals to reveal their credit card information.

Which of the following statements is true regarding risk analysis?

Annualized Rate of Occurrence (ARO) identifies how often the successful threat attack will occur in a single year Don't implement of countermeasure if the cost is greater than loss

What is the average number of times that a specific risk is likely to be realized in a single year?

Annualized rate of occurence

How often should change control management be implemented?

Any time a production system is altered

Spear phishing

Attackers send emails with specific information about the victim (such as which online banks they use) that ask them to verify personal information or send money.

Spim

Attackers send unwanted and unsolicited text messages to many people with the intent to sell products or services.

Vishing

Attackers use Voice over IP (VoIP) to pretend to be from a trusted organization and ask victims to verify personal information or send money.

The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering?

Authority

What is the primary countermeasure to social engineering?

Awareness

In business continuity planning, what is the primary focus of the scope?

Business processes

Which of the following defines two-man control?

Certain tasks should be dual-custody in nature to prevent security breach.

You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device?

Change management

A service Level Agreement (SLA) defines the relationship and contractual responsibilities of providers and service recipients. Which of the following characteristics are most important when designing an SLA? select two

Clear and detailed descriptions of penalties if the level of service is not provided. Detailed provider responsibilities for all continuity and disaster recovery mechanisms.

A code of ethics does all but which of the following?

Clearly defines courses of action to take when complex issue is encountered

As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan?

Collect and destroy all old plan copies

You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that after that time the user accounts cannot be used for login. What should you do?

Configure account expiration in the user accounts

You have recently discovered that a network attack has compromised your database server. The attacker may have stolen customer credit card numbers You have stopped the attack and implemented security measures to prevent the same incident from occurring in the future. What else might you be legally required to do?

Contact your customers to let them know about the security breach

Map your network

Create a list of all devices

Map your network

Create a list of all protocols being used on the network

As you go through the process of making your network more manageable, you discover that employees in the sales department are on the same network segment as the human resources department. Which of the following steps can be used to isolate these departments?

Create a separate VLAN for each department

Which of the following is not a protection against collusion?

Cross-training

Which of the following is the best protection against security violations?

Defense in-depth

To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used?

Delphi method

Which of the following is not an appropriate response to a risk discovered during a risk analysis?

Denial

When you inform an employee that they are being terminated, what is the most important activity?

Disabling their network access

Which of the following is not an element of the termination process?

Dissolution of the NDA

The best way to initiate solid administrative control over an organization's employee is to have what element in place?

Distinct job descriptions

Which of the following is a common social engineering attack?

Distributing hoax virus information emails

Which of the following is not part of security awareness training?

Employee agreement documents

Conduct role-based training

Employment

Which type of data loss prevention system can be configured to block unauthorized email messages from being sent and, therefore, being subject to email retention rules?

Endpoint DLP

Manage your network

Establish a baseline for all systems

Manage your network

Establish an update management process

Dumpster diving is a low-tech means of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?

Establish and enforce a document destruction policy

Change control should be used to oversee and manage changes over what aspect of an organization?

Every aspect

You have recently been hired as the new network administrator for a startup company. The company's network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a Manageable Network plan for the network. You have already completed the first and second milestones, in which documentation procedures were identified and the network was mapped. You are now working on the third milestone, identifying ways to protect the network. Which tasks should you complete as a part of this milestone?

Identify and document each user on the network Physically secure high-value systems

Protect your network

Identify choke points on the network

Which of the following is not a form of social engineering?

Impersonating a user by logging on with stolen credentials

As you help a user with a computer problem, you notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently required: minimum password length =10 minimum password age = 4 maximum password age = 30 password history =6 require complex passwords that include numbers and symbols account lockout clipping level =3 Which of the following is the best action to take to make remembering passwords easier so that she no longer has to write the password down?

Implement end-user training

Control your network

Implement the principle of least privilege

Over the last month you have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment?

Improve and hold new awareness sessions

What is the primary purpose of imposing software lifecycle management concepts?

Increase the quality of software

In which phase of the system life cycle is software testing performed?

Installation Software development and coding

Which of the following is not an accepted countermeasure to strengthen a cryptosystem?

Keep the cryptosystem a secret

What is the primary goal of business continuity planning?

Maintaining business operations with reduced or restricted infrastructure capabilities or resources

What is another name for a back door that was accidentally left in a product by the manufacturer?

Maintenance hook

Reach your network

Make sure that remote access connections are secure

When recovering from a disaster, which services should you stabilize first?

Mission-critical

If an organization shows sufficient due care, which burden is eliminated in the event of a security breach?

Negligence

Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies?

Network DLP

When is a BCP or DRP design and development actually completed?

Never

Which of the following is a legal contract between the organization and the employee that specifies the employee is not to disclose the organization's confidential information?

Non-disclosure agreement

What is the most effective way to improve or enforce security in any environment?

Providing user-awareness training

How can an organization help prevent social engineering attacks?

Publish and enforce clearly-written security policies Educate employees on the risks and countermeasures

Which of the following best describes the concept of due care or due diligence?

Reasonable precautions based on industry best practices are utilized and documented.

A smart phone was lost at the airport. There is no way to recover the device. Which of the following will ensure data confidentiality on the device?

Remote wipe

Reach your network

Remove insecure protocols

Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called?

Residual risk

Which of the following is defined as a contract that prescribes the technical support or business parameters a provider will bestow to its client?

Service level agreement

Which of the following are examples of social engineering?

Shoulder surfing Dumpster diving

You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent extracting data from the discs?

Shred the discs

Which of the following program writing development modes is a method that allows for optimal control over coherence, security, accuracy, and comprehensibility?

Structured programming

You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuity Plan (BCP) with two other database professionals. Which type of BCP test is this considered?

Tabletop excercise

Disable a user's account

Termination

Remind individuals of NDA agreements

Termination

Which of the following are typically associated with human resource security policies?

Termination Background checks

Your company security policy requires separation of duties for all network security matters. Which of the following scenarios best describes this concept?

The system administrator configures remote access privileges and the security officer reviews and activates each account.

Which of the following best defines Single Loss Expectancy (SLE)?

The total monetary loss associated with a single occurrence of a threat

When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated?

Through historical data provided by insurance companies and crime statistics

What is the primary purpose of forcing employees to take mandatory one-week minimum vacations every year?

To check for evidence of fraud

What is the primary purpose of source code escrow?

To obtain change rights over software after the vendor goes out of business

Purchasing insurance is what type of response to risk?

Transference

Prepare to document

Use timestamps on all documents

You have installed antivirus software on computers at your business. Within a few days, however, you notice that a computer has a virus. When you question the user, she says she installed some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it. What should you add to your security measures to help prevent this from happening again?

User awareness training

Which of the following is an action that must take place during the release stage of the SDLC?

Vendors develop and release patches in response to exploited vulnerabilities that have been discovered.

You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that as part of a system upgrade, you are to go to a website and enter your username and password at a new website so you can manage your email and spam using the new service. What should you do?

Verify that the email was sent by the administrator and that this new service is legitimate

You've just received an e-mail message explaining that a new and serious malicious code threat is ravaging across the internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system. In response to this message, which action should you take first?

Verify the information on well-known malicious code threat management websites

Which of the following social engineering attacks use Voice over IP (VoIP) to gain sensitive information?

Vishing

A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. What type of an attack best describes the scenario?

Whaling

When would choosing to do nothing about an identified risk be acceptable?

When the cost of protecting the asset is greater than the potential loss

Which of the following is an example of a strong password?

a8bT11$yi

Show individuals how to protect sensitive information

employment

Which of the following is a recommendation to use when a specific standard or procedure does not exist?

guideline

Protect your network

segregate and isolate networks

What is the weakest point in an organization's security infrastructure?

People

Which of the following attacks tricks victims into providing confidential information (such as identity information or login credentials) through emails or websites that impersonate an online entity that the victim trusts?

Phishing

Obtain an individual's credit history

Pre-employment

Verify an individual's job history

Pre-employment

HIPAA is a set of federal regulations that define security guidelines. What do HIPAA guidelines protect?

Privacy

In which phase of the system life cycle is security integrated into the product?

Project initiation