Chapters 21-22
(p. 725) Which change management phase ensures that only approved changes to a baseline are allowed to be implemented?
B. Configuration control
(p. 752) Which attack type is common, and to a degree, relatively harmless?
B. Port scan
(p. 728) Which report documents changes or corrections to a system?
B. System problem report
(p. 730) In which CMMI-DEV maturity level does an organization establish quantitative objectives for quality and process performance and use them as criteria in managing projects?
>C. Level 4: Quantitatively Managed
(p. 758) Which indicator of compromise (IOC) standard is a method of information sharing developed by MITRE?
D. Cyber Observable eXpression (CybOX)
(P 721) Change management should only be used in the quality assurance (QA) phase of a system's life.
False
(P 724) Since developers create and enhance programs, they should be able to install these programs on the production system.
False
(P 728) Most large enterprises rely on a paper-based system problem report (SPR) process.
False
(P. 739) Incident response is strictly an information security operation.
False
(P. 743) Large organizations typically have the resources to protect everything against all threats.
False
(P. 748) Detecting that a security event is occurring or has occurred is an easy matter.
False
(P. 760) All data is equally important, and it is equally damaging in the event of loss.
False
(p. 682) When performing forensics on a computer system you should use the utilities provided by that system.
False
14. (p. 684) When analyzing computer storage components, the original system should be analyzed.
False
15. (p. 677) Relevant evidence must be convincing or measure up without question.
False
16. (p. 676) Oral testimony that proves a specific fact is considered real evidence.
False
17. (p. 677) Evidence offered by the witness that is not based on the personal knowledge of the witness—but is being offered to prove the truth of the matter asserted—falls under the exclusionary rule.
False
(p. 739) Which statement applies to a low-impact exposure incident?
A. A low-impact exposure incident only involves repairing the broken system.
(p. 728) Which term refers to the process responsible for managing the lifecycle of all incidents?
A. Incident management
(p. 739) Which term refers to a key measure used to prioritize actions throughout the incident response process?
A. Information criticality
(p. 730) In which CMMI-DEV maturity level are processes generally ad hoc and chaotic?
A. Level 1: Initial
(p. 731) Which type of systems is one that fairly closely mimics the production environment, with the same versions of software, down to patch levels, and the same sets of permissions, file structures, and so on?
A. Test
(p. 741) Which infection method involves planting malware on a Web site that the victim employees will likely visit?
A. Watering hole attack
(p. 752) . How is quarantine accomplished?
A. With the erection of firewalls that restrict communication between machines
(p. 724) All accesses and privileges to systems, software, or data should be granted based on the principle of __________.
A. least privilege
(p. 739) What are the two components comprising information criticality?
C. Data classification and the quantity of data involved
(p. 741) In an "old school" attack, which step is a listing of the systems and vulnerabilities to build an attack game plan.
C. Enumeration
(p. 726) Which form of configuration auditing verifies that the configuration item performs as defined by the documentation of the system requirements?
C. Functional configuration audit
(p. 759) What are the three states of the data lifecycle in which data requires protection?
C. In storage, in transit, and during processing
(p. 742) Which term refers to the targeting of specific steps of a multistep process with the goal of disrupting the overall process?
C. Kill chain
(p. 754) What tool is the protocol/standard for the collection of network metadata on the flows of network traffic?
C. NetFlow
(p. 726) Which process is responsible for planning, scheduling and controlling the movement of releases to test and live environments?
C. Release management
(p. 722) Which term refers to a preapproved change that is low risk, relatively common and follows a procedure or work instruction?
C. Standard change
(p. 760) Which service allows organizations to share cyberthreat information in a secure and automated manner?
C. Trusted Automated eXchange of Indicator Information (TAXII)
(P 729) Executable code integrity can be verified using host-based intrusion detection systems.
True
(P 732) Virtualization can be used as a form of sandboxing with respect to an entire system.
True
(P. 754) Recovery is the returning of the asset into the business function.
True
(p. 686) The space that is left over in a cluster is called slack space.
True
