Module 3 exam
________ include information and the systems that use, store and transmit information.
information assets
_______ access control is a form of _________ access control in which users are assigned a matrix of authorizations for particular areas of access.
lattice-based, discretionary
The calculation of the likelihood of an attack coupled with the attack frequency to determine the expected number of losses within a specified time range is called the ______
loss frequency
______ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organizations's stakeholders.
operational
___________ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.
packet-filtering
The ____ is the difference between an organization's observed and desired performance.
performance gap
When deciding which information assets to track, consider the follwoing asset attributes: people, ____, data, software and hardware.
procedures
___________ is an asset valuation approach that uses categorical or non-numeric values rather than absolute numerical measures.
qualitative assessment
In most common implementation models, the content filter has two components:_____________
rating and filtering
_________ equals the probability of a successful attack times the expected loss from a successful attack plus an element of uncertainty.
risk
The first phase of risk management is _________
risk identification
__________ involves three major undertakings: risk identification, risk assessment, and risk control
risk management
___________ is the process of identifying risk, as represented by vulnerabilities, to an organization's information assets and infrastructure, and taking steps to reduce this risk to an acceptable level.
risk management
Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____ host.
sacrificial
The dominant architecture used to secure network access today is the _____ firewall.
screened subnet
_________ assigns a public level to employees to designate the maximum level of classified data they may access.
security clearance scheme
A ______ contains a computer chip that can verify and validate several pieces of information instead of just a PIN.
smart card
When organizations adopt security measures for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as __________
standards of due care
__________ is a firewall type that keeps track of each network connection between internal and external systems using a table and that expedites the processing of those communications.
stateful packet inspection
The _____ control strategy attempts to shift risk to other assets, other processes, or other organizations.
transfer
In _______ mode, the data within an IP packet is encrypted, but the header information is not.
transport
Authentication is the process of validating a supplicant's purported identity. (T/F)
true
Lattice-based access control is a form of access control in which users are assigned a matrix of authorizations for particular areas of access. (T/F)
true
Risk controls is the application of mechanisms to reduce the potential for loss or change to an organization's information assets.
true
The upper management of an organization must structure the IT and informationsecurity functions to defenthe organization's information assets. (T/F)
true
The primary benefit of a VPN that uses _____ is that an intercepted packet reveals nothing about the true destination system.
tunnel mode
In addition to their other responsibilities, the three communities of interest are responsible for determining which control options are cost effective for the organization. (T/F)
ture
Federal agencies such as the NSA, FBI, and CIA use specialty classification schemes. For materials that are not considered National Security Information, _______ data is the lowest lever classification
unclassified
In a _______, assets or threats can be prioritized by identifying criteria with differing levels of importance, assiging a score for each of the criteria and then summing and ranking those scores.
weighted factor analysis
List and describe the three interacting services of the Kerberos system.
1. AS kerberos server that authenticates clients and servers 2. KDC issues session keys 3. TGS gives tickets to users who request services.
Briefly describe the seven best practices rules for firewall use.
1. All traffic from the trusted network is allowed out. 2. The firewall device is never directly accessible form the public network for configuration or management purposes. 3. Simple Mail Transport Protocol (SMTP) data is allowed to pass through the firewall but it should all be routed to a well-configured SMTP gateway to filter and route messaging traffic securely. 4. All Internet Control Message Protocol (ICMP) data should be denied. 5. Telnet (terminal emulation) access to all internal servers form the public networks should be blocked. 6. When Web services are offered outside the firewall, HTTP traffic should be denied from reaching your internal networks through the use of some form of proxy access or DMZ architecture. 7. All data that is not veritably authentic should be denied.
Telnet protocol packets usually go to TCP port __ whereas SMTP packets go to port ________.
23,25
_______ is simply how often you expect a specific type of attack to occur.
ARO
The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a ______.
CBA
The _________ is an intermediate area between a trusted network and an untrusted network.
DMZ
______ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the flood waters recede.
DR
A ______ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.
FCO
The restrictions most commonly implemented in packet-filtering firewalls are based on ____.
IP source and destination address, Direction (inbound or outbound), TCP or UDP source and destination port requests.
The ________ plan specifies the actions an organization can and should take while an adverse event (that could result in loss of an information asset or assets, but does not currently threaten the viability of the entire organization) is in progress.
IR
What is a Cost-Benefit Analysis (CBA) and how can it be calculated?
Is the economic feasibility study this is calculated with the formula CBA=prior ALE - post ALE - ACS
The service within Kerberos that generates and issues session keys is knowns as
KDC
_________ addresses are sometimes called electronic serial numbers or hardware addresses.
MAC
_____ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.
MAC layer
In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a _____
PAC
A _____ is a private data network that makes use of the pupblic telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.
VPN
When valuing information assets, what criteria could be considered in establishing or determining the value of the assets?
Which information asset is most critical to the organization's success? Which information asset generates the most revenue? Which of these assets plays the biggest role in generating revenue or delivering services? WHich information asset would be the most expensive to replace? Which information asset would be the most expensive to protect? Which information asset would most expose the company to liability or embarrassment if revealed?
The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
acceptance.
Risk _____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect seruity and unlimited accessibility.
appetite
The application gateway is also known as a ______
application-level firewall
Known as the ping service, ICMP is a ______ and should be ______.
common method for hacker reconnaissance, turned off to prevent snooping.
Risk _____ is the application of security mechanisms to reduce the risks to an organization's data and information systems.
control
__________ components account for the management of information in all its states: transmission, processing, and storage.
data
A ______ is a formal access control methodology used to assign a level of confidentiality to an information asset and thus restrict the number of people who can access it.
data classification scheme
The _______ control strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards
defense
The proxy server is often placed in an unsecured area of the network or is placed in the _____ zone.
demilitarized
The concept of competitive _________ refers to falling behind the competition.
disadvantage
There are individuals who search trash and recycling — a practice known as ____ — to retrieve information that could embarrass a company or compromise information security.
dumpster diving
A _ filtering firewall can react to an emergent event and update or create rules to deal with the event.
dynamic
According to Sun Tzu, if you know yourself and know your enemy you have an average chance to be successful in an engagement.
false
Accountability is the matching of an authenticated entity to a list of information assets and corresponding access levels. (F/T)
false
Discretionary access control is an access control approach whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users. ((T/F)
false
Know yourself means identifying, examining, and understanding the threats facing the organization (T/F).
false
Task-based controls are associated with the assigned role a user performs in an organization, such as a position or temporary assignment like project manager. (T/F)
false
The __________ describes the number of legitimate users who are denied access because of a failure in the biometric device. This failuer is known as a type I error.
false reject rate.
A packet-_________ firewall installed on a TCP/IP based network typically functions at the IP level and determines whether to drop a packet (deny) or forward it to the next network connection (allow) based on the rules programmed into the firewall
filtering
A __________ is a combination of hardware and software that filters or prevents specific information from moving between the outside world and the inside world.
firewall
The version of TACACS still in use is
TACACS+
Kerberos ____ provides tickets to clients who request services.
TGS
What must a VPN that proposes to offer a secure and reliable capability while relying on public networks accomplish?
The VPN must successfully encapsulate incoming and outgoing data, encrypt incoming and outgoing data and authenticate the remote host user.
______ inspection firewalls keep track of each network connection between internal and external systems.
Stateful
_________ filterign requires that the filtering rules governing how the firewall decides which packets are allwoed and which are denied be developed an isntalled with the firewall.
Static
Management of classified data
Storage, Distribution, Portability, and Destruction.
______ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection.
RADIUS
which of the following is not a major processing-mode category for firewalls?
Router passthru
____ is the protocol for handling TCP traffic through a proxy server.
SOCKS
