Computer Network Technology
Put the steps of the penetration testing phase into the correct order. Attack Discovery Reporting Planning
3 2 4 1
The following statements about advanced persistent threats (APTs) are true.
APTs use obfuscation techniques that help them remain undiscovered for months or even years. APTs are often long-term, multi-phase projects with a focus on reconnaissance. APTs typically originate from sources such as organized crime groups, activists or governments.
These are considered functional areas of network management as defined by ISO.
Accounting management Security management Fault management performance management
The number and types of layers needed for defense in depth are a function of:
Asset value, criticality, reliability of each control and degree of exposure.
In practical applications:
Asymmetric key encryption is used to securely obtain symmetric keys
Business continuity plans (BCPs) associated with organizational information systems should be developed primarily on the basis of:
Business needs
____________________ is defined as "a model for enabling convenient, on-demand network access to a shared pool of configurable resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management or service provider interaction."
Cloud Computing
These three elements of the current threat landscape have provided increased levels of access and connectivity, and therefore increased opportunities for cyber crime
Cloud computing, social media and mobile computing
A segmented network:
Consists of two or more security zones
Outsourcing poses the greatest risk to an organization when it involves
Core business functions
The Internet perimeter should:
Eliminate threats such as email spam, viruses and worms. Control user traffic bound toward the Internet. Detect and block traffic from infected internal end points. Monitor and detect network ports for rogue activity.
Updates in cloud-computing environments can be rolled out quickly because the environment is:
Homogenous
NIST defines a(n) BLANK as a "violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices."
Incident
NIST defines a(n) ________ as a "violation of imminent threat of violation of computer security policies, acceptable use policies, or standard security practices."
Incident
Risk assessments should be performed
On a regular basis
Choose three. The key benefits of the DMZ system are:
Private network addresses arc not disclosed to the Internet. An intruder must penetrate three separate devices. Internal systems do not have direct access to the Internet.
Which of the following interpret requirements and apply them to specific situations?
Standards
A cybersecurity architecture designed around the concept of a perimeter is said to be:
System-centric
A _____ is based on logical rather than physical connections, and thus, it allows great flexibility.
VLAN
Which of the following offers the strongest protection for wireless network traffic?
WPA2
Which element of an incident response plan involves obtaining and preserving evidence?
containment
To which of the following layers of the Open Systems Interconnect (OSI) model would one map Ethernet?
data link
_____, also called malicious code, is software designed to gain access to targeted computer systems, steal information or disrupt computer operations.Word options: Standards, Vulnerability, Guidelines, Attack Vector, Policies, Risk, Threat, Asset, Patches, Identity Management, Malware, Rootkit, Payload, Procedure
malware
_____ are solutions to software programming and coding errors.
patches
_____ are solutions to software programming and coding errors.Word options: Standards, Vulnerability, Guidelines, Attack Vector, Policies, Risk, Threat, Asset, Patches, Identity Management, Malware, Rootkit, Payload, Procedure
patches
In an attack, the container that delivers the exploit to the target is called a(n) _____.Word options: Standards, Vulnerability, Guidelines, Attack Vector, Policies, Risk, Threat, Asset, Patches, Identity Management, Malware, Rootkit, Payload, Procedure
payload
The attack mechanism directed against a system is commonly called a(n):
payload
A passive network hub operates at which layer of the OSI model?
physical
_____ communicate required and prohibited activities and behaviors.Word options: Standards, Vulnerability, Guidelines, Attack Vector, Policies, Risk, Threat, Asset, Patches, Identity Management, Malware, Rootkit, Payload, Procedure
policies
The core duty of cybersecurity is to identify, respond to and manage _____ to an organization's digital assets.Word options: Standards, Vulnerability, Guidelines, Attack Vector, Policies, Risk, Threat, Asset, Patches, Identity Management, Malware, Rootkit, Payload, Procedure
risk
_____ is a class of malware that hides the existence of other malware by modifying the underlying operating system.Word options: Standards, Vulnerability, Guidelines, Attack Vector, Policies, Risk, Threat, Asset, Patches, Identity Management, Malware, Rootkit, Payload, Procedure
rootkit
_____ are sued to interpret policies in specific situations.
standards
A _____ is anything capable of acting against an asset in a manner that can cause harm.
threat
A(n) _____ is anything capable of acting against an asset in a manner that can cause harm.Word options: Standards, Vulnerability, Guidelines, Attack Vector, Policies, Risk, Threat, Asset, Patches, Identity Management, Malware, Rootkit, Payload, Procedure
threat
