Intro to Network Security sixth ed chapter 1
Industry-Standard Frameworks
"supporting structures" for implementing security.
Mitigate
Addressing risks by making risks less serious.
Risk Response Techniques
Different option available when dealing with risks.
Industry-Specific Frameworks
Frameworks/architectures that are specific to a particular industry or market sector.
Open-Source Intelligence
Freely available automated attack software.
Control Diversity
Groups who are responsible for regulating access to a system are also different.
A. Extinguish risk
Gunnar is creating a document that explains risk response techniques. Which of the following would he NOT list and explain in his document? A. Extinguish risk B. Transfer risk C. Mitigate risk D. Avoid risk
Resource Exhaustion
Hardware with limited resources could be exploited by an attacker who intentionally tries to consume more resources then intended.
User Training
Help instruct the employees as to the security reasons behind the restrictions.
A. Security administrator
Ian recently earned his security certification and has been offered a promotion to a position that requires him to analyze and design security solutions as well as identifying users' needs. Which of these generally recognized security positions has Ian been offered? A. Security administrator B. Security technician C. Security officer D. Security manager
Improperly Configured Accounts
Misconfiguration is commonly seen in accounts that are set up for a user that provide more access then is necessary, such as providing total access over the entire device when the access should be more limited.
Improper Error Handling
Other software may not properly trap an error condition and thus provide an attacker with underlying access to the system.
Administrative Controls
Regulating the Human factors of security.
Race Condition
Software occurs when two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.
Improper Input Handling
Software that allows the user to enter data but has features does not filter or validate user input to prevent a malicious action.
Weak Configuration
Some devices have options that provide limited security choices.
Lack of Vender Support
Some devices, particularly consumer devices, have no support from the company that made the device. This means that no effort is made to fix any vulnerabilities that are found.
Vendor Diversity
Some enterprises use security products provided by different manufactures.
Sophisticated
Some groups have created a massive network of resources while others are simple individuals just seeing what they can do.
End-of-Life-Systems
Some systems are so old that vendors have dropped all support for security updates, or else charge an exorbitant fee to provide updates.
Nation State Actors
State sponsored attackers employed by a government for launching computer attacks against foes.
Threat
Type of action that has the potential to cause harm.
D. Gramm-Leach-Bliley Act (GLBA)
Which act requires banks and financial institutions to alert their customers of their policies in disclosing customer information? A. Sarbanes-Oxley Act (Sarbox) B. Financial and Personal Services Disclosure Act C. Health Insurance Portability and Accountability Act (HIPAA) D. Gramm-Leach-Bliley Act (GLBA)
B. Confidentiality
Which of the following ensures that only authorized parties can view protected information? A. Authorization B. Confidentiality C. Availability D. Integrity
D. Purposes
Which of the following is NOT a successive layer in which information security is achieved? A. Products B. People C. Procedures D. Purposes
D. Security is a war that must be won at all costs.
Which of the following is NOT true regarding security? A. Security is a goal. B. Security includes the necessary steps to protect from harm. C. Security is a process. D. Security is a war that must be won at all costs.
D. Misconfigurations
Alyona has been asked by her supervisor to give a presentation regarding reasons why security attacks continue to be successful. She has decided to focus on the issue of widespread vulnerabilities. Which of the following would Alyona NOT include in her presentation? A. Large number of vulnerabilities B. End-of-life systems C. Lack of vendor support D. Misconfigurations
Zero Day
Often an attacker may find a vulnerability and initiate an attack taking advantage of it even before users or security professionals are aware of the vulnerability.
A. Obscurity
Signe wants to improve the security of the small business where she serves as a security manager. She determines that the business needs to do a better job of not revealing the type of computer, operating system, software, and network connections they use. What security principle does Signe want to use? A. Obscurity B. Layering C. Diversity D. Limiting
Architecture/Design Weaknesses
Successful attacks are often the result of software that is poorly designed.
Integrity
This ensures that the information is correct and no unauthorized person or malicious software has altered the data.
Threat Actor
This is a person or element that has the power to carry out a threat.
Organized Crime
Threat actors that are moving from traditional organized criminal activities to more rewarding and less risky online attacks.
Competitors
Threat actors that launch attack against an opponents system to steal classified information.
Avoid
A response to risk that identifies the risk and the decision is made to not engage in the risk-provoking activity.
Risk
A situation that involves exposure to some type of danger.
New Threat
A threat that has not been previously identified.
Asset
An item that has value.
Defense-in-Depth
Creating multiple layers of security defenses though which an attacker must penetrate.
Regulatory
Information security frameworks/architectures that are required by agencies that regulate the industry.
Confidentiality
It is important that only approved individuals can access important information.
C. Vulnerable business processes
Tatyana is discussing with her supervisor potential reasons why a recent attack was successful against one of their systems. Which of the following configuration issues would NOT covered? A. Default configurations B. Weak configurations C. Vulnerable business processes D. Misconfigurations
Vulnerability
The hole in the fencing, which is a flaw or a weakness that allows a threat actor to bypass security.
External
The location outside an enterprise in which some threat actors perform.
Untrained Users
With Little or no direction to guide them.
Undocumented Assets
Another problem in the enterprise is the rapid acquisition and deployment of technology devices without proper documentation.
Script Kiddies
Individuals who want to attack computers yet they lack the knowledge of computers and networks needed to do so.
Intent and Motivation
The reasoning behind attacks made by threat actors.
System Sprawl
The widespread proliferation of devices across the enterprise.
Hactivists
A group that is strongly motivated by ideology.
National
Information security framework/architectures that are domestic.
International
information security framework/architectures that are worldwide.
Default Configurations
Almost all devices come with out of the box configuration settings.
Funding and Resources
An attribute of threat actors that can very widely.
B. Diversity
An organization that practices purchasing products from different vendors is demonstrating which security principle? A. Obscurity B. Diversity C. Limiting D. Layering
Attributes
Characteristic features of the different groups of threat actors can vary widely.
Layered Security
Creating multiple layers of security defenses through which an attacker must penetrate.
Availability
Information has value if the authorized parties who are assured of its integrity can access the information.
Non-Regulatory
Information security frameworks/architectures that are not required.
Vulnerable Business Processes
Often attacks are successful not because of compromised technology but because of the manipulation of processes that an enterprise performs
Internal
The location within an enterprise in which some threat actors perform.
Advanced Persist ant Threat (APT)
These attacks use innovative attack tools and once a system is infected it silently extracts data over an extended period.
Misconfiguration
User devices have option that provide limited security choices.
Technical Controls
Using technology as a basis for controlling the access and usage of sensitive data.
C. They can cause significant disruption by destroying only a few targets.
Why do cyberterrorists target power plants, air traffic control centers, and water systems? A. These targets are government-regulated and any successful attack would be considered a major victory. B. These targets have notoriously weak security and are easy to penetrate. C. They can cause significant disruption by destroying only a few targets. D. The targets are privately owned and cannot afford high levels of security.
Accept
A response to risk that acknowledges the risk but takes no steps to address it.
Transfer
A response to risk that allows a third party to assume the responsibility of the risk.
C. "Security and convenience are inversely proportional."
Adone is attempting to explain to his friend the relationship between security and convenience. Which of the following statements would he use? A. "Security and convenience are not related." B. "Convenience always outweighs security." C. "Security and convenience are inversely proportional." D. "Whenever security and convenience intersect, security always wins."
D. through products, people, and procedures on the devices that store, manipulate, and transmit the information.
Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____. A. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network. B. through a long-term process that results in ultimate security. C. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources. D. through products, people, and procedures on the devices that store, manipulate, and transmit the information.
Insiders
Serious threat to an enterprise comes from its own employees, contractors, and business partners.
D. Regulatory
What are industry-standard frameworks and reference architectures that are required by external agencies known as? A. Compulsory B. Mandatory C. Required D. Regulatory
B. When two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.
What is a race condition? A. When a vulnerability is discovered and there is a race to see if it can be patched before it is exploited by attackers. B. When two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences. C. When an attack finishes its operation before antivirus can complete its work. D. When a software update is distributed prior to a vulnerability being discovered.
C. To spy on citizens
What is an objective of state-sponsored attackers? A. To right a perceived wrong B. To amass fortune over of fame C. To spy on citizens D. To sell vulnerabilities to the highest bidder
C. Brokers
What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments? A. Cyberterrorists B. Competitors C. Brokers D. Resource managers
B. Information
Which of the following is an enterprise critical asset? A. System software B. Information C. Outsourced computing services D. Servers, routers, and power supplies
B. Greater sophistication of defense tools
Which the following is NOT a reason why it is difficult to defend against today's attackers? A. Delays in security updating B. Greater sophistication of defense tools C. Increased speed of attacks D. Simplicity of attack tools
B. Advanced Persistent Threat (APT)
Which tool is most commonly associated with nation state threat actors? A. Closed-Source Resistant and Recurrent Malware (CSRRM) B. Advanced Persistent Threat (APT) C. Unlimited Harvest and Secure Attack (UHSA) D. Network Spider and Worm Threat (NSAWT)
