1

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

The _________ level focuses on developing the ability and vision to perform complex, multidisciplinary activities and the skills needed to further the IT security profession and to keep pace with threat and technology changes Security awareness Security basics and literacy Roles and responsibilities relative to IT systems Education and experience

Education and experience

Severe messages, such as immediate system shutdown, is a(n) _____ severity Emerg Crit Warning Alert

Emerg

The _________ is logic embedded into the software of the system that monitors system activity and detects security-related events that it has been configured to detect. Event discriminator Archive Audit analyzer Alarm processor

Event discriminator

____ need training on the development of risk management goals, means of measurement, and the need to lead by example in the area of security awareness Executives Trainers Managers Analysts

Executives

A threat action in which sensitive data are directly released to an unauthorized entity is __________. Intrusion Corruption Disruption Exposure

Exposure

In the United States, student grade information is an asset whose confidentiality is regulated by the __________.

FERPA Family Educational Rights and Privacy Act family educational rights and privacy act

_______are decoy systems that are designed to lure a potential attacker away from critical systems.

Honeypots

Network and host _________________ monitor and analyze network and host activity and usually compare this information with a collection of attack signatures to identify potential security incidents

IDS ids intrusion detection systems Intrusion Detection Systems

Release of message contents and traffic analysis are two types of _________ attacks.

passive

Employees have no expectation of _________in their use of company-provided e-mail or Internet access, even if the communication is personal in nature

privacy

After security basics and literacy, training becomes focused on providing the knowledge, skills, and abilities specific to an individual's ___________________ relative to IT systems.

roles and responsibilities

A ______________ is an independent review and examination of a system's records and activities

security audit

A _____________ is a chronological record of system activities that is sufficient to enable the reconstruction and examination of the sequence of environments and activities surrounding or leading to an operation, procedure, or event in a security-relevant transaction from inception to final results

security audit trail

___________ is a form of auditing that focuses on the security of an organization's IS assets.

security auditing

In general, a ________________ program seeks to inform and focus an employee's attention on issues related to security within the organization.

security awareness

The ____________ is the predefined formally documented statement that defines what activities are allowed to take place on an organization's network or on particular hosts to support the organization's requirements.

security policy

___________is UNIX's general-purpose logging mechanism found on all UNIX variants and Linux

syslog

Monitoring areas suggested in ISO 27002 include: authorized access, all privileged operations, unauthorized access attempts, changes to (or attempts to change) system security settings and controls, and ________________

system alerts or failure

The goal of the _________function is to ensure that all information destined for the incident handling service is channeled through a single focal point regardless of the method by which it arrives for appropriate redistribution and handling within the service

triage

Any action that threatens one or more of the classic security services of confidentiality, integrity, availability, accountability, authenticity, and reliability in a system constitutes a(n) __________

incident

___________ lists the following security objective with respect to current employees: to ensure that employees, contractors, and third-party users are aware of information security threats and concerns and their responsibilities and liabilities with regard to information security and are equipped to support organizational security policy in the course of their normal work and to reduce the risk of human error.

iso 27002

The principles that should be followed for personnel security are: limited reliance on key employees, separation of duties, and ______________.

least privilege

_________ audit trails may be used to detect security violations within an application or to detect flaws in the application's interaction with the system Application-level System-level User-level None of the above

Application-level

A loss of _________ is the unauthorized disclosure of information. A. Confidentiality B. Authenticity C. Integrity D. Availability

A. Confidentiality

assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.System integrity A. System integrity B. Availability C. Data integrity D. Confidentiality

A. System integrity

Security awareness, training, and education programs can serve as a deterrent to fraud and actions by disgruntled employees by increasing employees' knowledge of their ________ and of potential penalties Incidents Regulations Liability Accountability

Accountability

The rule _______ tells Snort what to do when it finds a packet that matches the rule criteria. Direction Destination port Protocol Action

Action

Replay, masquerade, modification of messages, and denial of service are example of _________ attacks.

Active

System conditions requiring immediate attention is a(n) _______ severity Notice Err Alert Emert

Alert

A capability set up for the purpose of assisting in responding to computer security-related incidents that involve sites within a defined constituency is called a ______. CIRT CSIRT CIRC All of the above

All of the above

Data items to capture for a security audit trail include events related to the security mechanisms on the system Operating system access Remote access All of the above

All of the above

From a security point of view, which of the following actions should be done upon the termination of an employee? Recover all assets, including employee ID, disks, documents and equipment Remove all personal access codes Remove the person's name from all lists of authorized access All of the above

All of the above

Security auditing can: Generate data that can be used in after-the-fact analysis of an attack Maintain a record useful in computer forensics Provide data that can be used to define anomalous behavior All of the above

All of the above

______ is a benefit of security awareness, training, and education programs to organizations. Mitigating liability of the organization for an employee's behavior Increasing the ability to hold employees accountable for their actions Improving employee behavior All of the above

All of the above

_______ are ways for an awareness program to promote the security message to employees Newsletters Workshops and training sessions Posters All of the above

All of the above

________ can include computer viruses, Trojan horse programs, worms, exploit scripts, and toolkits Artifacts CSIRT Constituencies Vulnerabilities

Artifacts

A(n) _________ is a threat that is carried out and, if successful, leads to an undesirable violation of security, or threat consequence.

Attack

An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) __________. Attack Vulnerability Risk Asset

Attack

The ________ is a module that transmits the audit trail records from its local system to the centralized audit trail collector Audit analyzer Audit trail collector Audit dispatcher None of the above

Audit dispatcher

The ________ is a module on a centralized system that collects audit trail records from other systems and creates a combined audit trail Audit analyzer Audit provider Audit dispatcher Audit trail collector

Audit trail collector

A loss of _________ is the disruption of access to or use of information or an information system.

Availability

Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. A. Availability B. Privacy C. System integrity D. Data integrity

B. Privacy

Confidentiality, Integrity, and Availability form what is often referred to as the _____

CIA triad

A _______ policy states that the company may access, monitor, intercept, block access, inspect, copy, disclose, use, destroy, or recover using computer forensics any data covered by this policy Business use only Company rights Unlawful activity prohibited Standard of conduct

Company rights

CERT stands for ___________. Compliance Error Repair Technology Computer Error Response Team Computer Emergency Response Team Compliance Emergency Response Technology

Computer Emergency Response Team

__________ is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.

Computer Security

A loss of _________ is the unauthorized disclosure of information. Integrity Availability Confidentiality Authenticity

Confidentiality

A(n) _________ is any means taken to deal with a security attack.

Countermeasure

A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken. Protocol Adversary Attack Countermeasure

Countermeasure

A________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A. Low B. Moderate C. Normal D. High

D. High

The assets of a computer system can be categorized as hardware, software, communication lines and networks, and _________.

Data

_________ identifies the level of auditing, enumerates the types of auditable events, and identifies the minimum set of audit-related information provided Event selection Automatic response Data generation Audit analysis

Data generation

Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences. Deception Disruption Unauthorized disclosure Usurpation

Deception

The _________ prevents or inhibits the normal use or management of communications facilities. Masquerade Denial of service Traffic encryption Passive attack

Denial of service

A __________ is data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.

Digital Signature

With _________ the linking to shared library routines is deferred until load time so that if changes are made any program that references the library is unaffected Statically linked shared libraries all of the above Dynamically linked shared libraries System linked shared libraries

Dynamically linked shared libraries

A(n) ________ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor. Inline sensor Passive sensor Analysis sensor LAN sensor

Inline sensor

An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user. Privacy Masquerade Interception Inference

Masquerade

The OSI security architecture focuses on security attacks, __________, and services.

Mechanisms

Messages in the BSD syslog format consist of three parts: PRI, Header, and _____

Msg

Windows allows the system user to enable auditing in _______ different categories Eleven Five Nine Seven

Nine

A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources. Outside attack Active attack Passive attack Inside attack

Passive attack

assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. System integrity Data integrity Availability Privacy

Privacy

_________ is a document that describes the application level protocol for exchanging data between intrusion detection entities RFC 4767 RFC 4764 RFC 4766 RFC 4765

RFC 4767

Security implementation involves four complementary courses of action: prevention, detection, response, and _________.

Recovery

A(n) _________ assessment is periodically assessing the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission or organizational information.

Risk

______ software is a centralized logging software package similar to, but much more complex than, syslog NetScan IPConfig SIEM McAfee

SIEM

A __________ is any action that compromises the security of information owned by an organization. Security atatck Security policy Security mechanism Security service

Security atatck

A _______ is conducted to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures Security audit trail Security audit System-level audit trail User-level audit

Security audit

________ is explicitly required for all employees Security awareness Roles and responsibilities relative to IT systems Security basics and literacy Education and experience

Security awareness

The _______ category is a transitional stage between awareness and training Roles and responsibilities relative to IT systems Education and experience Security basics and literacy Security awareness

Security basics and literacy

A _________ is a security event that constitutes a security incident in which an intruder gains access to a system without having authorization to do so Intrusion detection IDS Security intrusion Criminal enterprise

Security intrusion

__________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder. Profile based detection Threshold detection Anomaly detection Signature detection

Signature detection

assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.System integrity Data integrity Availability Confidentiality System integrity

System integrity

___________ scan critical system files, directories, and services to ensure they have not been changed without proper authorization Log analysis tools Intrusion prevention systems Network and host intrusion detection systems System integrity verification tools

System integrity verification tools

_________ audit trails are generally used to monitor and optimize system performance System-level Physical-level User-level all

System-level

______ is the identification of data that exceed a particular baseline value Thresholding Anomaly detection Real-time analysis all of above

Thresholding

The assurance that data received are exactly as sent by an authorized entity is __________. Traffic routing Traffic control Traffic integrity Authentication

Traffic integrity

__________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. Traffic integrity Traffic routing Traffic control Traffic padding

Traffic padding

________ is the process of receiving, initial sorting, and prioritizing of information to facilitate its appropriate handling Constituency Triage Handling Incident

Triage

__________ audit trail traces the activity of individual users over time and can be used to hold a user accountable for his or her actions

User-level

Misappropriation and misuse are attacks that result in ________ threat consequences.

Usurpation

A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is a(n) __________. Countermeasure Risk Adversary Vulnerability

Vulnerability

_________________is detection of events within a given set of parameters, such as within a given time period or outside a given time period

Windowing windowing

SIEM software has two general configuration approaches: agentless and _____________.

agent-based

Windows is equipped with three types of event logs: system event log, security event log, and _________event log

application

The audit ____________ are a permanent store of security-related events on a system

archives

A(n) __________is any file or object found on a system that might be involved in probing or attacking systems and networks or that is being used to defeat security measures

artifact

The ______repository contains the auditing code to be inserted into an application

audit

The ___________________is an application or user who examines the audit trail and the audit archives for historical trends, for computer forensic purposes, and for other analysis

audit trail examiner

There is a need for a continuum of learning programs that starts with _______builds to training, and evolves into education.

awareness

_______________is the process of defining normal versus unusual events and patterns

baselining

In large and medium-sized organizations, a _____________________ is responsible for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services

computer security incident response team

The group of users, sites, networks, or organizations served by the CSIRT is a __________

constituency

Establishing, maintaining, and implementing plans for emergency response, backup operations, and post disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in emergency situations is a __________ plan.

contingency

The four layers of the learning continuum as summarized by NIST SP 800-16 are: security awareness, security basics and literacy, roles and responsibilities relative to IT systems, and the ________________ level.

education and experience

The principal problems associated with employee behavior are errors and omissions, _____, and actions by disgruntled employees.

fraud

A _____________is a characteristic of a piece of technology that can be exploited to perpetrate a security incident

vulnerability

RFC 2196 (Site Security Handbook) lists three alternatives for storing audit records: read/write file on a host, write-once/read-many device, and _____________.

write-only device


संबंधित स्टडी सेट्स

NU142- Chapter 54: Management of Patients With Kidney Disorders

View Set

BAM410 - ORGANIZATIONAL THEORY AND BEHAVIOR - Unit Exam 4

View Set

Stats Test 3 (Ch. 12-14) Class Notes

View Set

Medical Terminology Chapter 9 Nervous System LO 9.8 Epilepsy

View Set