CIS2530 Final Ch5,7,9,10
Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?
Audit
A packet-filtering firewall remembers information about the status of a network communication.
False
A physical courier delivering an asymmetric key is an example of in-band key exchange.
False
User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity.
False
Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?
Integrity
What firewall approach is shown in the figure?
Screened subnet
After audit activities are completed, auditors perform data analysis.
True
An SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
True
Single sign-on (SSO) can provide for stronger passwords because with only one password to remember, users are generally willing to use stronger passwords
True
What is NOT an effective key distribution method for plaintext encryption keys?
Unencrypted email
Which one of the following is NOT a commonly accepted best practice for password security?
Use at least six alphanumeric characters.
An SOC 1 report primarily focuses on security.
False
Cryptographic key distribution is typically done by phone.
False
Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid.
False
When should an organization's managers have an opportunity to respond to the findings in an audit?
Managers should include their responses to the draft audit report in the final audit report.
Common methods used to identify a user to a system include username, smart card, and biometrics.
True
TCP/IP is a suite of protocols that operates at both the Network and Transport layers of the OSI Reference Model.
True
During which phase of the access control process does the system answer the question,"What can the requestor access?"
Authorization
Alice would like to send a message to Bob securely and wishes to encrypt the contents of the message. What key does she use to encrypt this message?
Bob's public key
Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?
Captive portal
Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.
True
Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering?
Acceptability
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?
Alice's public key
Which one of the following is an example of a logical access control?
Password
The three main categories of network security risk are reconnaissance, eavesdropping, and denial of service.
True
Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?
Checklist
Implicit deny is when firewalls look at message addresses to determine whether a message is being sent around an unending loop.
False
In a known-plaintext attack (KPA), the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data might be.
False
Internet Control Message Protocol (ICMP) is a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.
False
The Transport Layer of the OSI Reference Model creates, maintains, and disconnects communications that take place between processes over the network
False
The term certificate authority (CA) refers to a trusted repository of all public keys.
False
An algorithm is a repeatable process that produces the same result when it receives the same input.
True
During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences.
True
The Diffie-Hellman (DHE) algorithm is the basis for several common key exchange protocols, including Diffie-Hellman in Ephemeral mode (DHE) and Elliptic Curve DHE (ECDHE).
True
The Physical Layer of the OSI Reference Model must translate the binary ones and zeros of computer language into the language of the transport medium.
True
The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them.
True
The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control.
security kernel
An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.
True
An example of a threat to access control is in a peer-to-peer (P2P) arrangement in which users share their My Documents folder with each other by accident.
True
Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?
Decryption
The four main types of logs that you need to keep to support security auditing include event, access, user, and security.
False
Which of the following is an example of a hardware security control?
MAC filtering
What type of network connects systems over the largest geographic area?
Wide area network (WAN)
What is the maximum value for any octet in an IPv4 IP address?
255
Henry's last firewall rule must allow inbound access to a Windows Terminal Server. What port must he allow?
3389
Product cipher is an encryption algorithm that has no corresponding decryption algorithm.
False
Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.
False
The number of failed logon attempts that trigger an account action is called an audit logon event
False
David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use?
Fibre Channel over Ethernet (FCoE)
What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?`
Hash
Which one of the following is NOT an advantage of biometric systems?
Physical characteristics may change.
What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications?
Security Assertion Markup Language (SAML)
Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use?
VPN concentrator
DIAMETER is a research and development project funded by the European Commission.
False
Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?
Black-box test
Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?
Security information and event management (SIEM)
Fingerprints, palm prints, and retina scans are types of biometrics.
True
Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?
Does the firewall properly block unsolicited network connection attempts?
A salt value is a set of random characters you can combine with an actual input key to create the encryption key.
True
In a chosen-ciphertext attack, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system.
True
