CH 10 Implementing Information Security, Ch12, Info Sec Chapter 10 Implementing Security, Chapter 10: Implementing Information Security, Info Sec Chapter 11, Chapter 10 PoIA, Chapter 10 Quiz Question Bank - CIST1601-Information Security Fund, PriCy C...

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Offers CISSP, SSCP, and SCCLP

(ISC)^2

1. A(n) ____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. a. IDS c. ITS b. IIS d. SIS

List and describe the three interacting services of the Kerberos system.

1. AS kerberos server that authenticates clients and servers 2. KDC issues session keys 3. TGS gives tickets to users who request services.

When valuing information assets, what criteria could be considered in establishing or determining the value of the assets?

Which information asset is most critical to the organization's success? Which information asset generates the most revenue? Which of these assets plays the biggest role in generating revenue or delivering services? WHich information asset would be the most expensive to replace? Which information asset would be the most expensive to protect? Which information asset would most expose the company to liability or embarrassment if revealed?

All of the above

Which of the following is a valid version of TACACS? a. TACACS b. Extended TACACS c. TACACS+ d. All of the above

router passthru

Which of the following is not a major processing-mode category for firewalls?

User

Which of the following is not one of the categories of positions defined by Schwartz, Erwin, Weafer, and Briney?

Which of the following ports is commonly used for the HTTP protocol?

TACACS+

Which of the following version of TACACS is still in use?

Weak management support, with overly delegated responsibility and no champion, sentences a project to almost-certain failure. True False

true

The primary benefit of a VPN that uses _________ is that an intercepted packet reveals nothing about the true destination system.

tunnel mode

Some firewalls can filter packets by protocol name. A) True B) False

A) True

To evaluate the performance of a security system, administrators must establish system performance __________.

Baselines

Encryption

Converting original message into a form unreadable by unauthorized individuals

Many information security professionals enter the field from traditional ____ assignments.

The ____ algorithm was the first public key encryption algorithm developed (in 1977) and published for commercial use.

RSA

Weak management support, with overly delegated responsibility and no champion, sentences a project to almost-certain failure.

True

The organization of a task or process so that at least two individuals must work together to complete it. Also known as Dual-Control

Two person control

A device that assures the delivery of electric power without interruption is a(n) __________.

UPS

A(n) __________ is a simple project management planning tool. a. WBS b. SDLC c. ISO 17799 d. RFP

WBS

Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded. a.changeover b.wrap-up c.governance d.turnover

governance

The model commonly used by large organizations places the information security department within the __________ department

information technology

The model used often by large organizations places the information security department within the ____ department.

information technology

The information security function can be placed within the __________.

insurance and risk management function administrative services function legal department

Management should coordinate the organization's information security vision and objectives with the communities of _ involved in the execution of the plan.

interest

The ISSEP allows CISSP certificate holders to demonstrate expert knowledge of all of the following except __________.

international laws

modem vulnerability assessment

is designed to find and document any vulnerability on dial-up modems connected to the organization's networks

_______ access control is a form of _________ access control in which users are assigned a matrix of authorizations for particular areas of access.

lattice-based, discretionary

The calculation of the likelihood of an attack coupled with the attack frequency to determine the expected number of losses within a specified time range is called the ______

loss frequency

Like the CISSP, the SSCP certification is more applicable to the security__________ than to the security __________.

manager, technician

The date for sending the final RFP to vendors is considered a(n) _, because it signals that all RFP preparation work is complete.

milestone

Streamlining

Configuration management (CM) assists in __________ change management processes and prevents changes that could detrimentally affect the security posture of a system before they happen.

reverse

Content filters are often called ____________________ firewalls

The Lewin change model includes _______ A) Unfreezing B) Moving C) Refreshing D) All of the above

D) All of the above

All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan.

False

proven method for prioritizing a program of complex change is the bull's-eye method. True False

true

Certified in the Governance of Enterprise IT

CGEIT

Certified in Risk and Information Systems Control

CRISC

Certified Secure Software Life Cycle Professional

CSSLP

succesors

Tasks or action steps that come after the task at hand are called ____________________.

Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded. (A) wrap-up (B) governance (C) turnover (D) changeover

Telnet protocol packets usually go to TCP port ____.

23, 25

Telnet protocol packets usually go to TCP port __________ whereas SMTP packets go to port __________.

When an estimate is flawed, as when the number of effort-hours required is underestimated, the plan should be corrected and downstream tasks updated to reflect the change. True False

true

he effective use of a DMZ is one of the primary methods of securing an organization's networks. True False

true

n ideal organization fosters resilience to change. _________________________ True False

true

The primary benefit of a VPN that uses _____ is that an intercepted packet reveals nothing about the true destination system.

tunnel mode

dynamic

The ____________________ packet-filtering firewall allows only a particular packet with a particular source, destination, and port address to enter through the firewall

Operating System

The ability to detect a target computer's __________ is very valuable to an attacker.

accountability or auditability

The access control mechanism that ensures all actions on a system—authorized or unauthorized—can be attributed to an authenticated identity. Also known as auditability.

authorization

The access control mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels.

authentication

The access control mechanism that requires the validation and verification of an unauthenticated entity's purported identity.

identification

The access control mechanism whereby unverified or unauthenticated entities who seek access to a resource provide a label by which they are known to the system.

False

The advice "Know more than you say, and be more skillful than you let on" for information security professionals indicates that the actions taken to protect information should not interfere with users' actions. True False

proxy

The application firewall is also known as a(n) ____________________ server

application-level firewall

The application gateway is also known as a(n) ____.

application-level firewall

The application gateway is also known as a(n) __________.

screened subnet

The architecture of a(n) ____________________ firewall provides a DMZ.

CISSP

The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain certifications on the market.

transport

The circuit gateway firewall operates at the ____________________ layer

The date for sending the final RFP to vendors is considered a(n) __________, because it signals that all RFP preparation work is complete. (A) intermediate step (B) resource (C) milestone (D) deliverable

virtual password

The derivative of a passphrase. See passphrase.

screened subnet

The dominant architecture used to secure network access today is the ____ firewall

screened subnet

The dominant architecture used to secure network access today is the __________ firewall.

kernel

The fifth generation firewalls include the ____________________ proxy, a specialized form that works under Windows NT Executive, which is the kernel of Windows NT

Remediation

The final process in the vulnerability assessment and remediation domain is the __________ phase.

public

The firewall device is never accessible directly from the ____________________ network

SANS

The former System Administration, Networking, and Security Organization is now better known as __________.

content

A(n) ____________________ filter is a software filter — technically not a firewall — that allows administrators to restrict access to content from within a network

SOCKS

The general approach of the ____________________ protocol is to place the filtering requirements on the individual workstation rather than on a single point of defense (and thus point of failure).

In static filtering, configuration rules must be manually created, sequenced, and modified within the firewall.. _________________________ A) True B) False

A) True

True

The general management community of interest must work with information security professionals to integrate solid information security concepts into the personnel management practices of the organization. True False

The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future. (A) direct changeover (B) wrap-up (C) phased implementation (D) pilot implementation

Wrap-Up

All of the above

The information security function can be placed within the __________. a. insurance and risk management function b. administrative services function c. legal department d. All of the above

configuration rules

The instructions a system administrator codes into a server, networking device, or security device to specify how it operates.

change

The level of resistance to ____________________ impacts the ease with which an organization is able to implement procedural and managerial changes.

information technology

The model commonly used by large organizations places the information security department within the __________ department.

IRP (Incident Response Plan)

The optimum approach for escalation is based on a thorough integration of the monitoring process into the __________.

It is important that e-mail traffic reach your e-mail server and only your e-mail server. A) True B) False

A) True

Most firewalls use packet header information to determine whether a specific packet should be allowed to pass through or should be dropped. _________________________ A) True B) False

A) True

Repair

The optimum method of remediation, in most cases, is to __________ the flaw that caused a vulnerability

tunnel mode

The primary benefit of a VPN that uses _________ is that an intercepted packet reveals nothing about the true destination system.

Vulnerability assessment (VA)

The process of identifying and documenting specific and provable flaws in the organization's information asset environment is called __________.

resource

The project planner should describe the skills or personnel needed for a task, often referred to as a(n) ____________________.

demilitarized

The proxy server is often placed in an unsecured area of the network or is placed in the ____ zone.

demilitarized

The proxy server is often placed in an unsecured area of the network or is placed in the __________ zone.

false reject rate

The rate at which authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device. This failure is also known as a Type I error or a false negative.

false accept rate

The rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. This failure is also known as a Type II error or a false positive.

Milestone

The rate for spending the final RFP to vendors is considered a(n) __________, because it signals that all RFP preparation work is complete.

All of the above

The restrictions most commonly implemented in packet-filtering firewalls are based on ____. a. IP source and destination address b. TCP or UDP source and destination port requests c. Direction (inbound or outbound) d. All of the above

IP source and destination address Direction (inbound or outbound) TCP or UDP source and destination port requests All of the above

The restrictions most commonly implemented in packet-filtering firewalls are based on __________.

The version of TACACS still in use is

TACACS+

access control

The selective method by which systems specify who may use a particular resource and how they may use it.

Key Distribution Center (KDC)

The service within Kerberos that generates and issues session keys is known as __________.

trusted network

The system of networks inside the organization that contains its information assets and is under the organization's control.

untrusted network

The system of networks outside the organization over which the organization has no control. The Internet is an example of an untrusted network.

predecessors

The tasks or action steps that come before the specific task at hand are called ____________________.

biometric access control

The use of physiological characteristics to provide authentication for a provided identification. Biometric means"life measurement"in Greek. Sometimes referred to as biometrics.

Five

There are ____ common vulnerability assessment processes

storage channels

TCSEC-defined covert channels that communicate by modifying a stored object,such as in steganography.

authentication factors

Three mechanisms that provide authentication based on something an unauthenticated entity knows, something an unauthenticated entity has, and something an unauthenticated entity is.

Kerberos ____ provides tickets to clients who request services.

TGS

To maintain optimal performance, one typical recommendation suggests that when the memory usage associated with a particular CPU-based system averages __________% or more over prolonged periods, you should consider adding more memory.

Standards

Tracking compliance involves assessing the status of the program as indicated by the database information and mapping it to __________ established by the agency. Standards

A process called __________ examines the traffic that flows through a system and its associated devices to identifies the most frequently used devices..

Traffic Analysis

"Unfreezing" in the Lewin change model involves thawing hard-and-fast habits and established procedures. True False

True

A proven method for prioritizing a program of complex change is the bull's-eye method.

True

An ideal organization fosters resilience to change

True

Corrective action decisions are usually expressed in terms of trade-offs.

True

Each organization has to determine its own project management methodology for IT and information security projects.

True

In static filtering, configuration rules must be manually created, sequenced, and modified within the firewall.

True

Lattice-based access control is a form of access control in which users are assigned a matrix of authorizations for particular areas of access.

True

Planners need to estimate the effort required to complete each task, subtask, or action step in the project plan.

True

Cryptography

process of making and using codes to secure transmission of information

Planning for the implementation phase of a security project requires the creation of a detailed project plan.

True

Some firewalls can filter packets by protocol name.

True

The budgets of public organizations are usually the product of legislation or public meetings. True False

True

The bull's-model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan.

True

The project planner should describe the skills or personnel needed for a task, often referred to as a(n)

resource

Risk controls is the application of mechanisms to reduce the potential for loss or change to an organization's information assets.

true

A __________ is usually the best approach to security project implementation. (A) direct changeover (B) phased implementation (C) pilot implementation (D) parallel operation

War game

A __________ puts a subset of plans in place to create a realistic test environment

passive vulnerability

A ________________________ scanner listens in on the network and identifies vulnerable versions of both server and client software.

True or False: The primary drawback to the *direct changeover* approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out.

True

True or False: The project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes.

True

True or False: Unfreezing in the Lewin change model involves thawing hard-and-fast habits and established procedures.

True

True or False: Weak management support, with overly delegated responsibility and no champion, sentences a project to almost-certain failure.

True

A VPN, used properly, allows a user to use the Internet as if it were a private network. A) True B) False

A) True

VPN, used properly, allows use of the Internet as if it were a private network

True

covert channels

Unauthorized or unintended methods of communications hidden inside a computer system.

Certified Computer Examiner

CCE

In recent years, the __________ certification program has added a set of concentration exams.

CISSP

Trusted computing base (TCB)

Under the Trusted Computer System Evaluation Criteria (TCSEC), the combination of all hardware, firmware, and software responsible for enforcing the security policy.

Which of the following is not one of the categories of positions defined by Schwartz, Erwin, Weafer, and Briney?

User

Symmetric Encryption

Uses same "secret key" to encipher and decipher message

LFM

Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs.

A _____ is a private data network that makes use of the pupblic telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.

VPN

A(n) ___ is "a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures."

VPN

A __________ is the recorded state of a particular revision of a software or hardware configuration item.

Version

reference monitor

Within TCB, a conceptual piece of the system that manages access controls—in other words, it mediates all access to objects by subjects.

The breadth and depth covered in each of the domains makes the ____ one of the most difficult-to-attain certifications on the market.

CISSP

The goal of the project __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future.

Wrap-up

Trophy

You can document the results of the verification of a vulnerability by saving documented results called a ________

RADIUS

____ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection.

static

____ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall.

mac layer

____ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.

packet-filtering

____ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.

stateful

____ inspection firewalls keep track of each network connection between internal and external systems.

SOCKS

____ is the protocol for handling TCP traffic through a proxy server

lattice-based, nondiscrectionary

__________ access control is a form of __________ access control in which users are assigned a matrix of authorizations for particular areas of access.

Program review

__________ allows for major security control components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.

RADIUS

__________ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection.

Trap-and-trace

__________ applications use a combination of techniques to detect an intrusion and then trace it back to its source.

vulnerabilities, assets, threats

__________ are a component of the "security triple."

All of the above

__________ are a component of the security triple.

Temporary employees

__________ are hired by the organization to serve in a temporary position or to supplement the existing workforce.

Security technicians

__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly

HIDPSs

__________ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.

Static

__________ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall.

MAC layer

__________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.

Packet-filtering

__________ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.

Stateful

__________ inspection firewalls keep track of each network connection between internal and external systems.

Separation of duties

__________ is a cornerstone in the protection of information assets and in the prevention of financial loss.

SOCKS

__________ is the protocol for handling TCP traffic through a proxy server.

Task rotation

__________ is the requirement that every employee be able to perform the work of another employee.

Task rotation

__________ is the requirement that every employee be able to perform the work of another employee. a. Two-man control b. Task rotation c. Collusion d. Duty exchange

Network connectivity RA

__________ is used to respond to network change requests and network architectural design proposals

White Box

__________ penetration testing is usually used when a specific system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target.

Fuzz

__________ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.

Penetration testing

__________, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a malicious external source (hacker).

telnet

____________________ (terminal emulation) access to all internal servers from the public networks should be blocked

hybrid

____________________ firewalls combine the elements of other types of firewalls — that is, the elements of packet filtering and proxy services, or of packet filtering and circuit gateways

projectitis

____________________ is a phenomenon in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than accomplishing meaningful project work.

The CISA credential is touted by ISACA as the certification that is appropriate for all but which type of professionals?

accounting

Risk _____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect seruity and unlimited accessibility.

appetite

The application gateway is also known as a ______

application-level firewall

The networks layer of the bull's-eye is the outermost ring of the bull's eye. A) True B) False

b) false [bulls-eye is the center]

A __________ is usually the best approach to security project implementation. A) direct changeover B) phased implementation C) pilot implementation D) parallel operation

b)phased implementation

CERT stands for __________.

Computer emergency response team

The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future. A) direct changeover B) wrap-up C) phased implementation D) pilot implementation

b)wrap up

Under the guise of justice, some less scrupulous administrators may be tempted to ____________________, or hack into a hacker's system to find out as much as possible about the hacker.

back hack

The _ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems.

bull's-eye

The __________ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems. a. direct changeover b. bull's-eye c. parallel d. wrap-up

bull's-eye

The __________ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems. a.direct changeover b.bull's-eye c.wrap-up d.parallel

bull's-eye

The __________ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing systems. A) Policies B) Networks C) Systems D) Applications

c)systems

With a(n) ____________________ IDPS control strategy all IDPS control functions are implemented and managed in a central location.

centralized

Medium- and large-sized organizations deal with the impact of technical change on the organization's operation through a(n) _ control process.

change

A direct _ involves stopping the old system and starting the new one without any overlap.

changeover

direct ___ changeover____ involves stopping the old system and starting the new one without any overlap.

changeover

When the measured activity is outside the baseline parameters, it is said to exceed the ____________________ level.

clipping

Alarm ____________________ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm

clustering

Because the goals and objectives of CIOs and CISOs tend to contradict each other, InformationWeek recommends: "The people who do and the people who watch shouldn't report to a ____________________ manager."

common

Known as the ping service, ICMP is a ______ and should be ______.

common method for hacker reconnaissance, turned off to prevent snooping.

Risk _____ is the application of security mechanisms to reduce the risks to an organization's data and information systems.

control

Intrusion __________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.

correction

Digital Signatures

created in response to rising need to verify information transferred using electronic systems

Among all possible biometrics, ____ is(are) considered truly unique. a. retina of the eye b. fingerprints c. iris of the eye d. All of the above

d. All of the above

__________ components account for the management of information in all its states: transmission, processing, and storage.

data

A ______ is a formal access control methodology used to assign a level of confidentiality to an information asset and thus restrict the number of people who can access it.

data classification scheme

The _______ control strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards

defense

The proxy server is often placed in an unsecured area of the network or is placed in the ___ zone.

demilitarized

The proxy server is often placed in an unsecured area of the network or is placed in the _____ zone.

demilitarized

Man in the middle attack

designed to intercept transmission of public key or insert known key structure in place of requested public key

Some cases of _ are simple, such as requiring employees to begin using a new password on an announced date.

direct changeover

Some cases of __________ are simple, such as requiring employees to begin using a new password on an announced date. a. direct changeover b. phased implementation c. pilot implementation d. wrap-up

direct changeover

Some cases of __________ are simple, such as requiring employees to begin using a new password on an announced date. a.direct changeover b.wrap-up c.phased implementation d.pilot implementation

direct changeover

The concept of competitive _________ refers to falling behind the competition.

disadvantage

An X.509 v3 certificate binds a _____, which uniquely identifies a certificate entity, to a user's public key.

distinguished name

There are individuals who search trash and recycling — a practice known as ____ — to retrieve information that could embarrass a company or compromise information security.

dumpster diving

A _ filtering firewall can react to an emergent event and update or create rules to deal with the event.

dynamic

A ___ filtering firewall can react to an emergent event and update or create rules to deal with the event.

dynamic

____________________ is the process of attracting attention to a system by placing tantalizing bits of information in key locations.

enticement

Many organizations use a(n) ____ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization.

exit

Many organizations use a(n) __________ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization.

exit

According to Sun Tzu, if you know yourself and know your enemy you have an average chance to be successful in an engagement.

false

Accountability is the matching of an authenticated entity to a list of information assets and corresponding access levels. (F/T)

false

Discretionary access control is an access control approach whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users. ((T/F)

false

Know yourself means identifying, examining, and understanding the threats facing the organization (T/F).

false

Task-based controls are associated with the assigned role a user performs in an organization, such as a position or temporary assignment like project manager. (T/F)

false

The first step in the work breakdown structure (WBS) approach encompasses activities, but not deliverables. A) True B) False

false

plan

During the implementation phase, the organization translates its blueprint for information security into a project ____________________.

The parallel operations strategy works well when an isolated group can serve as a test area, which prevents any problems with the new system dramatically interfering with the performance of the organization as a whole. True False

false

The work breakdown structure (WBS) can only be prepared with a complex, specialized desktop PC application. True False

false

ach for-profit organization determines its capital budget and the rules for managing capital spending and expenses the same way. True False

false

he networks layer of the bull's eye is the outermost ring of the bull's eye. True False

false

very organization needs to develop an information security department or program of its own. True False

false

The RFP determines the impact that a specific technology or approach can have on the organization's information assets and what it may cost. _________________________ A) True B) False

false [CBA-cost benefit analysis]

The __________ describes the number of legitimate users who are denied access because of a failure in the biometric device. This failuer is known as a type I error.

false reject rate.

A packet-_________ firewall installed on a TCP/IP based network typically functions at the IP level and determines whether to drop a packet (deny) or forward it to the next network connection (allow) based on the rules programmed into the firewall

filtering

Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as __________.

fingerprinting

A __________ is a combination of hardware and software that filters or prevents specific information from moving between the outside world and the inside world.

firewall

Firewalls fall into ___ major processing-mode categories.

five

Technology _ is a complex process that organizations use to manage the impact and costs of technology implementation, innovation, and obsolescence.

governance

Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded. a. wrap-up b. turnover c. governance d. changeover

governance

When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) ____________________.

honeynet

The organization should conduct a behavioral feasibility study before the ____________________ phase.

implementation

________ include information and the systems that use, store and transmit information.

information assets

A(n) ____________________ occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm.

intrusion

Many who move to business-oriented information security were formerly__________ who were often involved in national security or cybersecurity .

military personnel

In the _ process, measured results are compared against expected results.

negative feedback loop

In the __________ process, measured results are compared against expected results. a. negative feedback loop b. wrap-up c. turnover d. direct changeover

negative feedback loop

In the __________ process, measured results are compared against expected results. a.turnover b.direct changeover c.wrap-up d.negative feedback loop

negative feedback loop

networking experts or systems administrators database administrators or programmers

A(n) ____________________ is a honey pot that has been protected so that it cannot be easily compromised.

padded cell

The _ operations strategy involves running the new system concurrently with the old system.

parallel

The _______ operations strategy involves running the new system concurrently with the old system.

parallel

The ____ is the difference between an organization's observed and desired performance.

performance gap

A(n) _ implementation is the most common conversion strategy and involves a measured rollout of the planned system with a part of the system being brought out and disseminated across an organization before the next piece is implemented.

phased

__________ is usually the best approach to security project implementation. a.phased implementation b.direct changeover c.parallel operation d.pilot implementation

phased implementation

In a _ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization.

pilot

In a __________ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization. a. pilot b. direct c. loop d. parallel

pilot

In a __________ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization. a.parallel b.loop c.direct d.pilot

pilot

Physical security is as important as logical security to an information security program.

TRUE

Though CISOs are business managers first and technologists second, they must be conversant in all areas of information security, including the technical, planning, and ____________________ areas.

policy

When deciding which information assets to track, consider the follwoing asset attributes: people, ____, data, software and hardware.

procedures

By managing the __________, the organization can reduce unintended consequences by having a process to resolve the potential conflict and disruption that uncoordinated change can introduce. a. wrap-up b. conversion process c. process of change d. governance

process of change

___________ is an asset valuation approach that uses categorical or non-numeric values rather than absolute numerical measures.

qualitative assessment

In most common implementation models, the content filter has two components: __________.

rating and filtering

In most common implementation models, the content filter has two components:_____________

rating and filtering

Many public organizations must spend all budgeted funds within the fiscal year- otherwise, the subsequent year's budget is

reduced by the unspent amount

_________ equals the probability of a successful attack times the expected loss from a successful attack plus an element of uncertainty.

risk

__________ involves three major undertakings: risk identification, risk assessment, and risk control

risk management

___________ is the process of identifying risk, as represented by vulnerabilities, to an organization's information assets and infrastructure, and taking steps to reduce this risk to an acceptable level.

risk management

Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ___ host.

sacrificial

Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____ host.

sacrificial

Project _ is a description of a project's features, capabilities, functions, and quality level, and is used as the basis of a project plan.

scope

The dominant architecture used to secure network access today is the ___ firewall.

screened subnet

The dominant architecture used to secure network access today is the _____ firewall.

screened subnet

The dominant architecture used to secure network access today is the __________ firewall.

screened subnet

_________ assigns a public level to employees to designate the maximum level of classified data they may access.

security clearance scheme

Three methods dominate the IDPSs detection methods: ____________________-based approach, statistical anomaly-based approach or the stateful packet inspection approach.

signature

A(n) ____________________ IDPS can adapt its reactions in response to administrator guidance over time and circumstances of the current local environment.

smart

A ______ contains a computer chip that can verify and validate several pieces of information instead of just a PIN.

smart card

A(n) _________ contains a computer chip that can verify and validate several pieces of information instead of just a PIN.

smart card

When organizations adopt security measures for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as __________

standards of due care

__________ is a firewall type that keeps track of each network connection between internal and external systems using a table and that expedites the processing of those communications.

stateful packet inspection

Tasks or action steps that come after the task at hand are called __________. a.successors b.predecessors c.parents d.children

successors

A method of encryption that requires the same secret key to encipher and decipher the message is known as ____ encryption.

symmetric

Decryption

the process of converting the ciphertext message back into plaintext

A study of information security positions, done by Schwartz, Erwin,Weafer, and Briney, found that positions can be classified into one of ____ areas.

three

The _____ control strategy attempts to shift risk to other assets, other processes, or other organizations.

transfer

In IPSec's __________ mode, the data within an IP packet is encrypted, but the header information is not.

transport

In ___ mode, the data within the IP packet is encrypted, but the header information is not.

transport

In _______ mode, the data within an IP packet is encrypted, but the header information is not.

transport

A proven method for prioritizing a program of complex change is the bull's-eye method. _________________________ A) True B) False

true

A task or subtask becomes a(n) action step when it can be completed by one individual or skill set and when it includes a single deliverable. _________________________ True False

true

A task or subtask becomes a(n) action step when it can be completed by one individual or skill set and when it includes a single deliverable. _________________________ A) True B) False

true

An ideal organization fosters resilience to change. _________________________ A) True B) False

true

Authentication is the process of validating a supplicant's purported identity. (T/F)

true

Corrective action decisions are usually expressed in terms of trade-offs. _________________________ True False

true

Corrective action decisions are usually expressed in terms of trade-offs. _________________________ A) True B) False

true

Lattice-based access control is a form of access control in which users are assigned a matrix of authorizations for particular areas of access. (T/F)

true

Once a project is underway, it is managed using a process known as gap analysis, which ensures that progress is measured periodically. _________________________ True False

true

Planners need to estimate the effort required to complete each task, subtask, or action step. A) True B) False

true

The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out. True False

true

The size of the organization and the normal conduct of business may preclude a large training program on new security procedures or technologies. True False

true

The upper management of an organization must structure the IT and informationsecurity functions to defenthe organization's information assets. (T/F)

true

SANS

The former System Administration, Networking, and Security Organization is now better known as __________. a. SAN b. SANSO c. SANO d. SANS

In addition to their other responsibilities, the three communities of interest are responsible for determining which control options are cost effective for the organization. (T/F)

ture

The application gateway is also known as a(n) ___.

application-level firewall

At the center of the bull's-eye model are the _ used by the organization to accomplish its work.

applications

The __________ layer of the bull's-eye model receives attention last. a.Systems b.Policies c.Networks d.Applications

applications

Dictionary Attack

attackers encrypts every word in a dictionary using same cryptosystem used by target

The bull's-eye model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan. True False

true

The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out. A) True B) False

true

Unfreezing in the Lewin change model involves thawing hard-and-fast habits and established procedures. A) True B) False

true

reverse proxy

A proxy server that most commonly retrieves information from inside an organization and provides it to a requesting user or system outside the organization.

HealthCare Information Security and Privacy Professional

HCISPP

Maintenance

To be put to the most effective use, the information that comes from the IDPS must be integrated into the __________ process

baselines

To evaluate the performance of a security system, administrators must establish system performance __________.

The optimal time frame for training is usually one to three weeks before the new policies and technologies come online.

True

The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out.

True

The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out. True False

True

The size of the organization and the normal conduct of business may preclude a large training program on new security procedures or technologies.

True

True or False: Once a project is underway, it is managed using a process known as *gap analysis*, which ensures that progress is measured periodically.

True

True or False: The effective use of a DMZ is one of the primary methods of securing an organization's networks.

True

Bit stream methods most commonly use functions like the exclusive OR operation (_____).

XOR

In ____________________ protocol verification, the higher-order protocols are examined for unexpected packet behavior, or improper use.

application

The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called ____________________.

noise

______ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organizations's stakeholders.

operational

7. ____ is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device. a. NIDPS c. DPS b. SPAN d. IDSE

8. To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base. a. fingernails c. signatures b. fingerprints d. footprints

Hypertext Transfer Protocol (HTTP) Protocol Port Number

9. ____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. a. NIDPSs c. AppIDPSs b. HIDPSs d. SIDPSs

secure VPN

A VPN implementation that uses security protocols to encrypt traffic transmitted across unsecured public networks.

dynamic

A ____ filtering firewall can react to an emergent event and update or create rules to deal with the event.

dynamic

A __________ filtering firewall can react to an emergent event and update or create rules to deal with the event.

Post Office Protocol version 3 (POP3) Protocol Port Number

110

version

A __________ is the recorded condition of a particular revision of a software or hardware configuration item.

Phased Implementation

A __________ is usually the best approach to security project implementation.

attribute or subject attribute

A characteristic of a subject (user or system) that can be used to restrict access to an object. Also known as a subject attribute.

hybrid VPN

A combination of trusted and secure VPN implementations.

Remote Authentication Dial-In User Service (RADIUS)

A computer connection system that centralizes the management of user authentication by placing the responsibility for authenticating each user on a central authentication server.

digital malfeasance

A crime against or using digital media, computer technology, or related components (computer as source or object of crime) is referred to as ____.

application layer proxy firewall or application firewall

A device capable of functioning both as a firewall and an application layer proxy server.

bastion host or sacrificial host

A device placed between an external, untrusted network and an internal, trusted network. Also known as a sacrificial host, a bastion host serves as the sole target for attack and should therefore be thoroughly secured.

changeover

A direct ____________________ involves stopping the old system and starting the new one without any overlap.

screened host architecture

A firewall architectural model that combines the packet filtering router with a second, dedicated device such as a proxy server or proxy firewall.

screened subnet architecture

A firewall architectural model that consists of one or more internal bastion hosts located behind a packet filtering router on a dedicated network segment, with each host performing a role in protecting the trusted network.

media access control layer firewall

A firewall designed to operate at the media access control sublayer of the network's data link layer (Layer 2).

dynamic packet-filtering firewall

A firewall type that can react to network traffic and create or modify configuration rules to adapt.

stateful packet inspection (SPI) firewall

A firewall type that keeps track of each networkconnection between internal and external systems using a state table and that expedites thefiltering of those communications. Also known as a stateful inspection firewall.

static packet-filtering firewall

A firewall type that requires the configuration rules to be manually created, sequenced, and modified within the firewall.

packet-filtering firewall

A networking device that examines the header information of data packets that come into a network and determines whether to drop them (deny) or forward them to the next network connection (allow), based on its configuration rules.

filtering

A packet-____________________ firewall installed on a TCP/IP based network typically functions at the IP level and determines whether to drop a packet (deny) or forward it to the next network connection (allow) based on the rules programmed into the firewall

pass phrase

A plain-language phrase, typically longer than a password, from which a virtual password is derived.

virtual private network (VPN)

A private, secure network operated over a public and in secure network. A VPN keeps the contents of the network messages hidden from observers who may have access to public traffic.

traffic analysis

A process called __________ examines the traffic that flows through a system and its associated devices to identify the most frequently used devices.

mandatory access control (MAC)

A required, structured data classification scheme that rates each collection of information as well as each user. These ratings are often referred to as sensitivity or classification levels

password

A secret word or combination of characters that only the user should know; a password is used to authenticate the user.

Next Generation Firewall (NextGen or NGFW)

A security appliance that delivers unified threat management capabilities in a single appliance.

extranet

A segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public.

proxy server

A server that exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server, thus protecting and minimizing the demand on internal servers. Some proxy servers are also cache servers.

content filter or reverse firewall

A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example, restricting user access to Web sites from material that is not related to business, such as pornography or entertainment.

scanning

A step commonly used for Internet vulnerability assessment includes __________, which occurs when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection.

data loss prevention

A strategy to gain assurance that the users of a network do not send high-value information or other critical information outside the network.

state table

A tabular record of the state and context of each packet in a conversation between an internal and external user or system. A state table is used to expedite traffic filtering.

Port Address Translation (PAT)

A technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one-to-many basis;that is, one external valid address is mapped dynamically to a range of internal addresses by adding a unique port number to the address when traffic leaves the private network and is placed on the public network.

Network Address Translation (NAT)

A technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one-to-one basis;that is, one external valid address directly maps to one assigned internal address.

legacy

A trusted VPN is also known as a(n) ____________________ VPN

lattice-based access control (LBAC)

A variation on the MAC form of access control, which assigns users a matrix of authorizations for particular areas of access, incorporating the information assets of subjects such as users and objects.

VPN

A(n) ____ is "a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures."

Virtual Private Network (VPN)

A(n) __________ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.

WBS

A(n) __________ is a simple project management planning tool.

A(n) __________ is a simple project management planning tool. (A) RFP (B) WBS (C) ISO 17799 (D) SDLC

False attack stimulus

A(n) __________ is an event that triggers an alarm when no actual attack is in progress.

A(n) __________ is used to justify that the project will be reviewed and verified prior to the development of the project plan. (A) RFP (B) WBS (C) SDLC (D) CBA

CBA

A(n) __________ is used to justify that the project will be reviewed and verified prior to the development of the project plan.

configuration

A(n) __________ item is a hardware or software item that is to be modified and revised throughout its life cycle.

war

A(n) ____________________ dialer is an automatic phone-dialing program that dials every number in a configured range, and checks to see if a person, answering machine, or modem picks up

phased

A(n) ____________________ implementation is the most common conversion strategy and involves a measured rollout of the planned system with a part of the system being brought out and disseminated across an organization before the next piece is implemented.

milestone

A(n) ____________________ is a specific point in the project plan when a task that has a noticeable impact on the plan's progress is complete.

firewall

A(n) ____________________ is an information security program that prevents specific types of information from moving between the outside world and the inside world

virtual

A(n) ____________________ private network is a private and secure network connection between systems that uses the data communication capability of an unsecured and public network.

deliverable

A(n) _____________________ is a completed document or program module that can either serve as the beginning point for a later task or become an element in the finished project.

__________ is the action of luring an individual into committing a crime to get a conviction. A) Entrapment B) Enticement C) Intrusion D) Padding

A) Entrapment

__________ are decoy systems designed to lure potential attackers away from critical systems. A) Honeypots B) Bastion Hosts C) Wasp Nests D) Designated Targets

A) Honeypots

A(n) __________ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. A) IDPS B) WiFi C) UDP D) DoS

A) IDPS

Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs. A) LFM B) stat IDPS C) AppIDPS D) HIDPS

A) LFM

__________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model. A) MAC layer B) Circuit gateway C) Application gateways D) Packet filtering

A) MAC layer

__________ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. A) NIDPSs B) HIDPSs C) AppIDPSs D) SIDPSs

A) NIDPSs

A) Packet-filtering

The __________ level of the bull's-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate; it enables all other information security components to function correctly. A) Policies B) Systems C) Networks D) Applications

A) Policies

__________ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection. A) RADIUS B) RADIAL C) TUNMAN D) IPSEC

A) RADIUS

A content filter, also known as a reverse firewall, is a network device that allows administrators to restrict access to external content from within a network. A) True B) False

A) True

A proven method for prioritizing a program of complex change is the bull's-eye method. _________________________ A) True B) False

A) True

Access control is achieved by means of a combination of policies, programs, and technologies. _________________________ A) True B) False

A) True

Authentication is the process of validating a supplicant's purported identity. A) True B) False

A) True

Best practices in firewall rule set configuration state that the firewall device never allows administrative access directly from the public network. _________________________ A) True B) False

A) True

Corrective action decisions are usually expressed in terms of trade-offs. _________________________ A) True B) False

A) True

Firewalls can be categorized by processing mode, development era, or structure. A) True B) False

A) True

Once a project is underway, it is managed using a process known as gap analysis, which ensures that progress is measured periodically. _________________________ A) True B) False

A) True

Packet filtering firewalls scan network data packets looking for compliance with or violation of the rules of the firewall's database. A) True B) False

A) True

Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall's database or violations of those rules. A) True B) False

A) True

SOCKS is a de facto standard for circuit-level gateways. _________________________ A) True B) False

A) True

The application layer firewall is firewall type capable of performing filtering at the application layer of the OSI model, most commonly based on the type of service. A) True B) False

A) True

The budgets of public organizations are usually the product of legislation or public meetings. A) True B) False

A) True

The bull's-eye model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan. A) True B) False

A) True

The effective use of a DMZ is one of the primary methods of securing an organization's networks. A) True B) False

A) True

The false reject rate describes the number of legitimate users who are denied access because of a failure in the biometric device._________________________ A) True B) False

A) True

Bureau of Labor Statistics

BLS

The optimal time frame for training is usually one to three weeks before the new policies and technologies come online. _________________________ A) True B) False

A) True

The presence of external requests for Telnet services can indicate a potential attack. _________________________ A) True B) False

A) True

The primary disadvantage of Stateful Packet Inspection firewalls is the additional processing required to manage and verify packets against the state table. _________________________ A) True B) False

A) True

The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out. A) True B) False

A) True

The size of the organization and the normal conduct of business may preclude a large training program on new security procedures or technologies. A) True B) False

A) True

Though not used as much in Windows environments, terminal emulation is still useful to systems administrators on Unix/Linux systems. A) True B) False

A) True

Unfreezing in the Lewin change model involves thawing hard-and-fast habits and established procedures. A) True B) False

A) True

Weak management support, with overly delegated responsibility and no champion, sentences a project to almost-certain failure. A) True B) False

A) True

When Web services are offered outside the firewall, HTTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture. A) True B) False

A) True

Network Behavior Analysis system __________ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall. A) inline B) offline C) passive D) bypass

A) inline

n the __________ process, measured results are compared against expected results. A) negative feedback loop B) wrap-up C) direct changeover D) turnover

A) negative feedback loop

A(n) __________ IDPS is focused on protecting network information assets. A) network-based B) host-based C) application-based D) server-based

A) network-based

A __________ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software. A) passive B) aggressive C) active D) secret

A) passive

IDPS researchers have used padded cell and honeypot systems since the late ____. A. 1980s B. 1970s C. 1990s D. 1960s

A. 1980s

To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base. A. signatures B. fingerprints C. footprints D. fingernails

A. signatures

A(n) ____ is a proposed systems user. A. supplicant B. challenger C. activator D. authenticator

A. supplicant

_______ is simply how often you expect a specific type of attack to occur.

ARO

discretionary access controls (DACs)

Access controls that are implemented at the discretion or option of the data user.

non discretionary access controls (NDACs)

Access controls that are implemented by a central authority.

Builders

According to Schwartz, Erwin, Weafer, and Briney, "__________" are the real techies who create and install security solutions.

Builders

According to Schwartz, Erwin, Weafer, and Briney, "__________" are the real techies who create and install security solutions. a. Engineers b. Definers c. Administrators d. Builders

Fingerprinting

Activities that scan network locales for active systems and then identify the network services offered by the host systems are known as __________.

The restrictions most commonly implemented in packet-filtering firewalls are based on 1) IP source and destination address 2)Direction (inbound or outbound) 3)TCP or UDP source and destination port requests 4) All of the above

All of the Above

Effective planning for information security involves: a. collecting information about an organization's objectives. b. collecting information about an organization's information security environment. c. collecting information about an organization's technical architecture. d. All of the above

All of the above

The Lewin change model includes _.

All of the above

The Lewin change model includes __________. a. unfreezing b. moving c. refreezing d. All of the above

All of the above

The information security function can be placed within the ____.

All of the above

Which of the following is a valid version of TACACS?

All of the above

crossover error rate (CER)

Also called the equal error rate, the point at which the rate of false rejections equals the rate of false acceptances.

trusted VPN

Also known as a legacy VPN, a VPN implementation that uses leased circuits from a service provider who gives contractual assurance that no one else is allowed to use these circuits and that they are properly maintained and protected.

attribute-based access control (ABAC)

An access control approach whereby the organization specifies the use of objects based on some attribute of the user or system.

dumb card

An authentication card that contains digital user data, such as a personal identification number (PIN), against which user input is compared.

asynchronous token

An authentication component in the form of a token—a card or key fob that contains a computer chip and a liquid crystal display and shows a computer-generated number used to support remote login authentication. This token does not require calibration of the central authentication server; instead, it uses a challenge/response system.

synchronous token

An authentication component in the form of a token—a card or key fob that contains a computer chip and a liquid crystal display and shows a computer-generated number used to support remote login authentication. This token must be calibrated with the corresponding software on the central authentication server.

smart card

An authentication component similar to a dumb card that contains a computer chip to verify and validate several pieces of information instead of just a PIN.

Kerberos

An authentication system that uses symmetric key encryption to validate an individual user's access to various network resources by keeping a database containing the private keys of clients and servers that are in the authentication domain it supervises.

war dialer

An automatic phone-dialing program that dials every number in a configured range(for example, 555-1000 to 555-2000) and checks whether a person, answering machine, or modem picks up.

task-based access control (TBAC)

An example of a non discretionary control where privileges are tied to a task a user performs in an organization and are inherited when a user is assigned to that task. Tasks are considered more temporary than roles. TBAC is an example of an LDAC.

role-based access control (RBAC)

An example of a non discretionary control where privileges are tied to the role a user performs in an organization, and are inherited when a user is assigned to that role. Roles are considered more persistent than tasks. RBAC is an example of an LDAC.

Device signatures

An example of the type of vulnerability exposed via traffic analysis occurs when an organization is trying to determine if all its __________ have been adequately masked.

access control matrix

An integration of access control lists (focusing on assets) and capabilities tables (focusing on users) that results in a matrix with organizational assets listed in the column headings and users listed in the row headings. The matrix contains ACLs in columns for a particular device or asset and capabilities tables in rows for a particular user.

demilitarized zone (DMZ)

An intermediate area between two networks designed to provide servers and firewall filtering between a trusted internal network and the outside, untrusted network. Traffic on the outside network carries a higher level of risk.

DFD (Data Flow Diagram)

As an alternative view of the way data flows into the monitoring process, a(n) ____ approach may prove useful.

applications

At the center of the bull's-eye model are the ____________________ used by the organization to accomplish its work.

Brute force

Attempts to gain unauthorized access to secure communications have used this

Class __________ fires are best extinguished by agents that remove oxygen from the fire.

The __________ is an intermediate area between a trusted network and an untrusted network. A) perimeter B) DMZ C) domain D) firewall

B) DMZ

A direct changeover is also known as going "fast turnkey." _________________________ A) True B) False

B) False

All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan. A) True B) False

B) False

Each for-profit organization determines its capital budget and the rules for managing capital spending and expenses the same way. A) True B) False

B) False

Hashing functions require the use of keys.

FALSE

Every organization needs to develop an information security department or program of its own. A) True B) False

B) False

In general, the design phase is accomplished by changing the configuration and operation of the organization's information systems to make them more secure. A) True B) False

B) False

In project planning, the tasks or action steps that come before the specific task at hand are commonly referred to as prerequisites. _________________________ A) True B) False

B) False

In the early stages of planning, the project planner should attempt to specify completion dates only for major employees within the project. _________________________ A) True B) False

B) False

Most information security projects require a trained project developer. _________________________ A) True B) False

B) False

Planning for the implementation phase requires the creation of a detailed request for proposal, which is often assigned either to a project manager or the project champion. _________________________ A) True B) False

B) False

The RFP determines the impact that a specific technology or approach can have on the organization's information assets and what it may cost. _________________________ A) True B) False

B) False

The networks layer of the bull's-eye is the outermost ring of the bull's eye. A) True B) False

B) False

The parallel operations strategy works well when an isolated group can serve as a test area, which prevents any problems with the new system from dramatically interfering with the performance of the organization as a whole. _________________________ A) True B) False

B) False

The security systems implementation life cycle involves collecting information about an organization's objectives, its technical architecture, and its information security environment. _________________________ A) True B) False

B) False

Enticement is the action of luring an individual into committing a crime to get a conviction. _________________________ A) True B) False

B) False Entrapment: action of luring an individual into committing a crime to get a conviction

Your organization's operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems. A) True B) False

B) False Your organization's operational goals, constraints, and culture will affect the selection of the IDPS and other security tools and technologies to protect your systems.

The activities that gather information about the organization and its network activities and assets is called fingerprinting. _________________________ A) True B) False

B) False, Footprinting

The service within Kerberos that generates and issues session keys is known as __________. A) VPN B) KDC C) AS D) TGS

B) KDC

__________ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall. A) Dynamic B) Static C) Stateful D) Stateless

B) Static

The __________ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing systems. A) Networks B) Systems C) Policies D) Applications

B) Systems

Kerberos __________ provides tickets to clients who request services. A) KDS B) TGS C) AS D) VPN

B) TGS

__________ is a simple project management planning tool. A) RFP B) WBS C) ISO 17799 D) SDLC

B) WBS [work breakdown schedule]

Known as the ping service, ICMP is a(n) __________ and should be ___________. A) essential feature, turned on to save money B) common method for hacker reconnaissance, turned off to prevent snooping C) infrequently used hacker tool, turned off to prevent snooping D) common method for hacker reconnaissance, turned on to save money

B) common method for hacker reconnaissance, turned off to prevent snooping

Some cases of __________ are simple, such as requiring employees to begin using a new password on an announced date. A) phased implementation B) direct changeover C) pilot implementation D) wrap-up

B) direct changeover

A(n) __________ is an event that triggers an alarm when no actual attack is in progress. A) false neutral B) false attack stimulus C) false negative D) noise

B) false attack stimulus

Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded. A) wrap-up B) governance C) turnover D) changeover

B) governance

The ability to detect a target computer's __________ is very valuable to an attacker. A) manufacturer B) operating system C) peripherals D) BIOS

B) operating system

A __________ is usually the best approach to security project implementation. A) direct changeover B) phased implementation C) pilot implementation D) parallel operation

B) phased implementation

Tasks or action steps that come after the task at hand are called __________. A) predecessors B) successors C) children D) parents

B) successors

In __________ mode, the data within an IP packet is encrypted, but the header information is not. A) tunnel B) transport C) public D) symmetric

B) transport

The primary benefit of a VPN that uses _________ is that an intercepted packet reveals nothing about the true destination system. A) intermediate mode B) tunnel mode C) reversion mode D) transport mode

B) tunnel mode

The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future. A) direct changeover B) wrap-up C) phased implementation D) pilot implementation

B) wrap-up

transport

In ____ mode, the data within an IP packet is encrypted, but the header information is not.

Tasks or action steps that come after the task at hand are called __________. A) predecessors B) successors C) children D) parents

B)successors

____ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol. A. Spike B. Fuzz C. Black D. Buzz

B. Fuzz

____ is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device. A. DPS B. SPAN C. IDSE D. NIDPS

B. SPAN

____ applications use a combination of techniques to detect an intrusion and then trace it back to its source. A. Treat and trap B. Trap and trace C. Trace and clip D. Trace and treat

B. Trap and trace

A(n) ____ is a network tool that collects copies of packets from the network and analyzes them. A. honey pot B. packet sniffer C. honey packet D. packet scanner

B. packet sniffer

To assess the effect that changes will have on the organization's personnel management practices, the organization should conduct a ____________________feasibility study before the program is implemented.

Behavioral

The International Society of Forensic Computer Examiners (ISFCE) offers which certifications?

Both a Certified Computer Examiner (CCE) and the Master Certified Computer Examiner (MCCE)

According to Schwartz, Erwin, Weafer, and Briney, "__________" are the real techies who create and install security solutions.

Builders

____ are the real techies who create and install security solutions.

Builders

By managing the __________, the organization can reduce unintended consequences by having a process to resolve the potential conflict and disruption that uncoordinated change can introduce. (A) conversion process (B) wrap-up (C) process of change (D) governance

Process of Change

By managing the __________, the organization can reduce unintended consequences by having a process to resolve the potential conflict and disruption that uncoordinated change can introduce.

Class __________ fires are safely extinguished only with non-conducting agents.

C) Systems

Which of the following version of TACACS is still in use? A) TACACS B) Extended TACACS C) TACACS+ D) All of the above

C) TACACS+

The __________ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems. A) parallel B) direct changeover C) bull's-eye D) wrap-up

C) bull's-eye

Some vulnerability scanners feature a class of attacks called _________, that are so dangerous they should only be used in a lab environment. A) aggressive B) divisive C) destructive D) disruptive

C) destructive

The date for sending the final RFP to vendors is considered a(n) __________, because it signals that all RFP preparation work is complete. A) intermediate step B) resource C) milestone D) deliverable

C) milestone

By managing the __________, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce. A) conversion process B) wrap-up C) process of change D) governanc

C) process of change

A(n) __________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic. A) packet scanner B) packet sniffer C) honey pot D) honey packet

C) signatures

To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base. A) vulnerabilities B) fingerprints C) signatures D) footprints

C) signatures

To use a packet sniffer legally, the administrator must __________. A) be on a network that the organization owns B) be under direct authorization of the network's owners C) have knowledge and consent of the content's creators D) all of the above

C) signatures

Which of the following ports is commonly used for the HTTP protocol? A. 53 B. 25 C. 80 D. 20

C. 80

The ____ is the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate. A. IIS B. REC C. CER D. BIOM

C. CER Crossover Error Rate

Intrusion ____ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again. A. detection B. reaction C. correction D. prevention

C. correction

Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____. A. footprinting B. doorknob rattling C. fingerprinting D. filtering

C. fingerprinting

A(n) _ is used to justify that the project will be reviewed and verified prior to the development of the project plan.

CBA

A(n) __________ is used to justify that the project will be reviewed and verified prior to the development of the project plan. a. SDLC b. WBS c. RFP d. CBA

CBA

Regardless of an organization's information security needs, the amount of effort that can be expended depends on the available funds; therefore, a _ is typically prepared in the analysis phase of the SecSDLC and must be reviewed and verified prior to the development of the project plan.

CBA

The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a ______.

CBA

Certified Cyber Forensics Professional

CCFP

Certified Cloud Security Professional

CCSP

The __________ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.

CERT/CC

Certified Information Systems Auditor

CISA

Certified Information Security Manager

CISM

ISACA - Information Systems Audit and Control Associations offers

CISM, CISA, and CGEIT

The ____ position is typically considered the top information security officer in the organization.

CISO

The __________ is typically considered the top information security officer in the organization.

CISO

Certified Information System Security Professional

CISSP

In recent years, the ____ certification program has added a set of concentration exams

CISSP

The __________ certification program has added a number of concentrations that can demonstrate advanced knowledge beyond the basic certification's CBK.

CISSP

The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain certifications on the market.

CISSP

The CA periodically distributes a(n) ____ to all users that identifies all revoked certificates.

CRL

CICISO, by EC-Council

Certified CISCO

Hired to perform specific services. Host company often makes a contract with a parent org rather than with an individual employee

Contract Employee

performance

Control __________ baselines are established for network traffic and for firewall performance and IDPS performance.

____ attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem.

Correlation

Telnet protocol packets usually go to TCP port __________ whereas SMTP packets go to port __________. A) 23, 52 B) 80, 52 C) 80, 25 D) 23, 25

D) 23, 25

The Lewin change model includes __________. A) unfreezing B) moving C) refreezing D) All of the above

D) All of the above

The restrictions most commonly implemented in packet-filtering firewalls are based on __________. A) IP source and destination address B) Direction (inbound or outbound) C) TCP or UDP source and destination port requests D) All of the above

D) All of the above

A(n) __________, used to justify the project is typically prepared in the analysis phase of the SecSDLC, must be reviewed and verified prior to the development of the project plan. A) RFP B) WBS C) SDLC D) CBA

D) CBA

Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as __________. A) DMZ B) SDLC C) WBS D) JAD

D) JAD [joint application development]

In a _______ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization. A) Parallel B) Loop C) Direct D) Pilot

D) Pilot

By managing the _______, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce. A) Wrap-up B) Conversion process C) Governance D) Process of change

D) Process of change

If the task is to write firewall specifications for the preparation of a(n) __________, the planner would note that the deliverable is a specification document suitable for distribution to vendors. A) WBS B) CBA C) SDLC D) RFP

D) RFP

D) RFP [request for proposal]

Many public organizations must spend all budgeted funds within the fiscal year - otherwise, the subsequent year's budget is __________. A) Automatically audited for questionable expenditures B) Not affected unless the deficit is repeated C) Increased by the unspent amount D) Reduced by the unspent amount

D) Reduced by the unspent amount

D) correction

Which of the following is NOT a described IDPS control strategy? A) centralized B) fully distributed C) partially distributed D) decentralized

D) decentralized

Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as __________. A) port knocking B) doorknob rattling C) footprinting D) fingerprinting

D) fingerprinting

In a __________ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization. A) loop B) direct C) parallel D) pilot

D) pilot

In most common implementation models, the content filter has two components: __________. A) encryption and decryption B) filtering and encoding C) rating and decryption D) rating and filtering

D) rating and filtering

Many public organizations must spend all budgeted funds within the fiscal year - otherwise, the subsequent year's budget is __________. A) increased by the unspent amount B) not affected unless the deficit is repeated C) automatically audited for questionable expenditures D) reduced by the unspent amount

D) reduced by the unspent amount

Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the __________ host. A) trusted B) domain C) DMZ D) sacrificial

D) sacrificial

The dominant architecture used to secure network access today is the __________ firewall. A) static B) bastion C) unlimited D) screened subnet

D) screened subnet

The SecSDLC involves which of the following activities? A) collecting information about an organization's objectives B) collecting information about an organization's information security environment C) collecting information about an organization's technical architecture D) all of the above

D) all of the above

D)CBA

D)all of above

In TCP/IP networking, port ____ is not used. A. 13 B. 1 C. 1023 D. 0

D. 0

____ is the process of classifying IDPS alerts so that they can be more effectively managed. A. Alarm compaction B. Alarm clustering C. Alarm attenuation D. Alarm filtering

D. Alarm filtering

____ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user. A. Software access control B. Physical access control C. System access control D. Biometric access control

D. Biometric access control

____ is the action of luring an individual into committing a crime to get a conviction. A. Intrusion B. Enticement C. Padding D. Entrapment

D. Entrapment

____ are decoy systems designed to lure potential attackers away from critical systems. A. Padded cells B. Honeycells C. Padded nets D. Honeypots

D. Honeypots

A(n) ____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. A. ITS B. IIS C. SIS D. IDS

D. IDS

____ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall. A. Passive B. Offline C. Bypass D. Inline

D. Inline

____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. A. AppIDPSs B. HIDPSs C. SIDPSs D. NIDPSs

D. NIDPSs

A(n) ____ IDPS is focused on protecting network information assets. A. application-based B. host-based C. server-based D. network-based

D. network-based

The ___ is an intermediate area between a trusted network and an unstrusted network.

DMZ

The _________ is an intermediate area between a trusted network and an untrusted network.

DMZ

The __________ is an intermediate area between a trusted network and an untrusted network.

DMZ

______ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the flood waters recede.

Digital signatures should be created using processes and products that are based on the ____.

DSS

intelligence

Detailed __________ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported.

One approach that can improve the situational awareness of the information security function uses a process known as __________ to quickly identify changes to the internal environment.

Difference Analysis

____ are encrypted messages that can be mathematically proven to be authentic.

Digital signatures

A __________ system is designed to work in areas where electrical equipment is used. Instead of containing water, the system contains pressurized air.

Dry-Pipe

Protect and forget and Apprehend and prosecute

Each organization sets policy to choose one of two approaches when employing digital forensics. Select the statement that best identifies the options.

Effective planning for information security involves: (A) collecting information about an organization's objectives. (B) collecting information about an organization's information security environment. (C) collecting information about an organization's technical architecture. (D) All of the above

All of the Above (Collecting Information about an organization's objective, information security environment, and technical architecture)

Effective planning for information security involves: __________.

Digital Certificates

Electronic document containing key values and identifying information about entity that controls key

____ is the process of converting an original message into a form that is unreadable to unauthorized individuals.

Encryption

__________ is the process of converting an original message into a form that is unreadable to unauthorized individuals.

Encryption

False

Existing information security-related certifications are typically well understood by those responsible for hiring in organizations. True False

A false positive is the failure of an IDPS system to react to an actual attack event.

FALSE

Alarm filtering may be based on combinations of frequency, similarity in attack signature, similarity in attack target, or other criteria that are defined by the system administrators. _________________________

FALSE

An effective information security governance program requires constant change.

FALSE

Authentication is a mechanism whereby unverified entities or supplicants who seek access to a resource provide a label by which they are known to the system.

FALSE

Digital forensics involves chemical and microscopic analysis of evidence using computerized laboratory instruments.

FALSE

Encryption methodologies that require the same secret key to encipher and decipher the message are using what is called public key encryption.

FALSE

Every organization needs to develop an information security department or program of its own. A) True B) False

FALSE

In the early stages of planning, the project planner should attempt to specify completion dates only for major employees within the project.

FALSE

The capacity of UPS devices is measured using the voltage output rating.

FALSE

The information security function cannot be placed within protective services in an organization's management structure.

FALSE

The most common credential for a CISO-level position is the Security+ certification.

FALSE

The work breakdown structure (WBS) can only be prepared with a complex specialized desktop PC application.

FALSE

Water damage from fire suppression systems is considered less dangerous to computer systems than hazardous chemicals like Halon.

FALSE

A ______ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.

FCO

Every organization needs to develop an information security department or program of its own.

False

In general, the design phase is accomplished by changing the configuration and operation of the organization's information systems to make them more secure

False

In project planning, the tasks or action steps that come before the specific task at hand are commonly referred to as prerequisites. _________________________ True False

False

In the early stages of planning, the project planner should attempt to specify completion dates only for major employees within the project.

False

One of the biggest challenges in the use of the trusted computer base (TCB) is the existence of explicit channels.

False

Performance management is the process of identifying and controlling the resources applied to a project as well as measuring progress and adjusting the process as progress is made towards the goal.

False

The RFP determines the impact that a specific technology or approach can have on the organization's information assets and what it may cost.

False

The first step in the work breakdown structure (WBS) approach encompasses activities, but not deliverables. True False

False

The networks layer of the bull's eye is the outermost ring of the bull's eye.

False

To perform the Caesar cipher encryption operation, pad values are added to numeric values that represent the plaintext that needs to be encrypted.

False

True or False: Each for-profit organization determines its capital budget and the rules for managing capital spending and expenses the same way.

False

True or False: Every organization needs to develop an information security department or program of its own.

False

True or False: In general, the design phase is accomplished by changing the configuration and operation of the organization's information systems to make them more secure.

False

True or False: In the early stages of planning, the project planner should attempt to specify completion dates only for major *employees* within the project.

False

True or False: Planning for the implementation phase requires the creation of a detailed *request for proposal*, which is often assigned either to a project manager or the project champion.

False

True or False: The *parallel operations* strategy works well when an isolated group can serve as a test area, which prevents any problems with the new system from dramatically interfering with the performance of the organization as a whole.

False

True or False: The Work Breakdown Structure (WBS) can be prepared with a simple desktop PC word processing program.

False

True or False: The security systems *implementation* life cycle involves collecting information about an organization's objectives, its technical architecture, and its information security environment.

False

Technique to restrict the flow or proprietary information when an employee leaves to join a competitor; no access to former place of employment; cant report to new employer. Sometimes required to sign CNC (compete)/NCC (non-compete clause)

Garden Leave

Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded.

Governance

__________ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.

HIDPSs

____ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.

Hash

__________ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.

Hash

The restrictions most commonly implemented in packet-filtering firewalls are based on ____.

IP source and destination address, Direction (inbound or outbound), TCP or UDP source and destination port requests.

The ________ plan specifies the actions an organization can and should take while an adverse event (that could result in loss of an information asset or assets, but does not currently threaten the viability of the entire organization) is in progress.

point-to-point tunneling protocol

ISA Server can use ____ technology.

Offers CISM, CISA, and CGEIT

ISACA

Information Systems Security Architecture Professional

ISSAP

Information Systems Security Engineering Professional

ISSEP

False

ISSEP stands for Information Systems Security Experienced Professional. _________________________ True False

All of the above

The information security function can be placed within the __________.

Information Systems Security Management Professional

ISSMP

The ____ examination is designed to provide CISSPs with a mechanism to demonstrate competence in the more in-depth and concentrated requirements of information security management.

ISSMP

RFP

If the task is to write firewall specifications for the preparation of a(n) __________, the planner would note that the deliverable is a specification document suitable for distribution to vendors.

ticket

In Kerberos, a(n) ____________________ is an identification card for a particular client that verifies to the server that the client is requesting services and that the client is a valid member of the Kerberos system and therefore authorized to receive services

PAC

In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) ____.

Programmable Automation Controller (PAC)

In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) __________.

transport

In __________ mode, the data within an IP packet is encrypted, but the header information is not.

tunnel

In ____________________ mode, the organization establishes two perimeter tunnel servers

Pilot

In a __________ implementation, the entire security system is put in a single office, department , or division before expanding to the rest of the organization.

In a __________ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization. (A) loop (B) direct (C) parallel (D) pilot

capabilities table

In a lattice-based access control, the row of attributes associated with a particular subject (such as a user).

strong authentication

In access control, the use of at least two different authentication mechanisms drawn from two different factors of authentication.

minutiae

In biometric access controls, unique points of reference that are digitized and stored in an encrypted format when the user's system access credentials are created.

Determine whether to "apprehend and prosecute."

In digital forensics, all investigations follow the same basic methodology once permission for search and seizure has been obtained. Which of the following is NOT one of the elements of that process?

Determine whether to "apprehend and prosecute."

In digital forensics, all investigations follow the same basic methodology once permission for search and seizure has been obtained. Which of the following is NOT one of the elements of that process?

Identify relevant items of evidentiary value (EM)

In digital forensics, all investigations follow the same basic methodology. Which of the following should be performed FIRST in a digital forensics investigation?

firewall

In information security, a combination of hardware and software that filters or prevents specific information from moving between the outside network and the inside network.

rating and filtering

In most common implementation models, the content filter has two components: ____.

rating and filtering

In most common implementation models, the content filter has two components: __________.

WAPs

In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ____.

joint application

In systems development, JAD (____________________ development) means getting key representatives of user groups to serve as members of the development process.

Negative Feedback Loop

In the __________ process, measured results are compared against expected results.

In the __________ process, measured results are compared against expected results. (A) negative feedback loop (B) wrap-up (C) direct changeover (D) turnover

The model commonly used by large organizations places the information security department within the __________ department.

Information Technology

__________ applications use a combination of techniques to detect an intrusion and then trace it back to its source.

Trap and trace

PKI

Integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services enabling users to communicate securely

Intelligence

What is a Cost-Benefit Analysis (CBA) and how can it be calculated?

Is the economic feasibility study this is calculated with the formula CBA=prior ALE - post ALE - ACS

Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as _.

JAD

KDC

____ generates and issues session keys in Kerberos.

Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as __________. a.JAD b.SDLC c.WBS d.DMZ

JAD

The service within Kerberos that generates and issues session keys is knowns as

KDC

Ticket-Granting Service (TGS)

Kerberos __________ provides tickets to clients who request services.

A ____ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext.

Key

__________ is the entire range of values that can possibly be used to construct an individual key.

Keyspace

common method for hacker reconnaissance, turned off to prevent snooping

Known as the ping service, ICMP is a(n) __________ and should be ___________.

Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs.

LFM

Lease PrivilegedThe data access principle that ensures no unnecessary access to data exists by regulating members so that they can perform only the minimum data manipulation needed. Least privilege implies need-to-know

Least Privelege

manager, technician

Like the CISSP, the SSCP certification is more applicable to the security__________ than to the security __________.

The ____ is essentially a one-way hash value that is encrypted with a symmetric key.

MAC

_________ addresses are sometimes called electronic serial numbers or hardware addresses.

MAC

___ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.

MAC layer

_____ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.

MAC layer

interest

Management should coordinate the organization's information security vision and objectives with the communities of ____________________ involved in the execution of the plan.

False

Many hiring managers in information security prefer to recruit a security professional who already has proven HR skills and professional experience, since qualified candidates with information security experience are scarce. _________________________ True False

exit

Reduced by the Unspent Amount

Many public organizations must spend all budgeted funds within the fiscal year - otherwise, the subsequent year's budget is __________.

Many public organizations must spend all budgeted funds within the fiscal year-otherwise, the subsequent year's budget is __________. (A) increased by the unspent amount (B) not affected unless the deficit is repeated (C) automatically audited for questionable expenditures (D) reduced by the unspent amount

All of the above

Many who enter the field of information security are technical professionals such as __________ who find themselves working on information security applications and processes more often than traditional IT assignments. a. networking experts or systems administrators b. database administrators c. programmers d. All of the above

military personnel

Many who move to business-oriented information security were formerly__________ who were often involved in national security or cybersecurity .

The International Society of Forensic Computer Examiners (ISFCE) offers which certifications?

Master Certified Computer Examiner (MCCE) Certified Computer Examiner (CCE) both a & b

Hash function

Mathematical algorithms that generate massage summary/digest to confirm message identity and confirm no content has changed

change

Medium- and large-sized organizations deal with the impact of technical change on the organization's operation through a(n) ____________________ control process.

____ are often involved in national security and cyber-security tasks and move from those environments into the more business-oriented world of information security.

Military personnel

passive

Most network behavior analysis system sensors can be deployed in __________ mode only, using the same connection methods as network-based IDPSs.

In the __________ process, measured results are compared against expected results.

Negative Feedback Loop

The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.

acceptance.

Unified Threat Management (UTM)

Networking devices categorized by their ability to perform the work of multiple devices, such as stateful packet inspection firewalls, network intrusion detection and prevention systems, content filters, spam filters, and malware scanners and filters.

feedback

Once a project is underway, it is managed to completion using a process known as a negative ____________________ loop.

difference analysis

One approach that can improve the situational awareness of the information security function is to use a process known as __________ to quickly identify changes to the internal environment

moving

One of the oldest models of change is the Lewin change model, which consists of three stages: unfreezing, ____________________, and refreezing.

Inventory

Organizations should have a carefully planned and fully populated __________ of all their network devices, communication channels, and computing devices.

In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a _____

PAC

In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) ___.

PAC

____ is a hybrid cryptosystem originally designed in 1991 by Phil Zimmermann.

PGP

___ firewalls examine every incoming packet header and can selectively filter packets based on header information such as a destination adress, source address, packet type, and other key information.

Packet-filtering

In a __________ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization.

Pilot

ISA Server can use __ technology.

Point to Point Tunneling Protocol

More advanced substitution ciphers use two or more alphabets, and are referred to as __________ substitutions.

Polyalphabetic

By managing the __________, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce.

Process Of Change

scope

Project ____________________ is a description of a project's features, capabilities, functions, and quality level, and is used as the basis of a project plan.

Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as __________. (A) DMZ (B) SDLC (C) WBS (D) JAD

JAD

Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as __________.

Asymmetric Encryption

Public key encryption, two different keys but related

___ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection.

RADIUS

______ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection.

RADIUS

Using a database of precomputed hashes from sequentially calculated passwords called a(n) __________, an attacker can simply look up a hashed password and read out the text version.

Rainbow Table

CBA

Regardless of an organization's information security needs, the amount of effort that can be expended depends on the available funds; therefore, a ____________________ is typically prepared in the analysis phase of the SecSDLC and must be reviewed and verified prior to the development of the project plan.

which of the following is not a major processing-mode category for firewalls?

Router passthru

System Administration, Networking, and Security Organization is better known as ____.

SANS

The former System Administration, Networking, and Security Organization is now better known as __________.

SANS

The ____ program focuses more on building trusted networks, including biometrics and PKI.

SCNA

public

SESAME uses ____________________ key encryption to distribute secret keys

Technology _ guides how frequently technical systems are updated, and how technical updates are approved and funded.

governance

____ is the protocol for handling TCP traffic through a proxy server.

SOCKS

A __________ port, also known as a monitoring port, is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.

SPAN

Security Systems Certified Practitioner

SSC

Tasks or action steps that come after the task at hand are called _ .

successors

____ was designed to recognize mastery of an international standard for information security and a common body of knowledge (sometimes called the CBK).

SSCP

Echo Protocol Port Number

Telnet Protocol Port Number

The _ layer of the bull's-eye model receives attention last.

Applications

The first step in the work breakdown structure (WBS) approach encompasses activities, but not deliverables. A) True B) False

B) False

The ____ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.

SSL Record Protocol

Cryptology

Science of encryption; combines cryptography and cryptanalysis

accountable for the day-to-day operation of the information security program.

Security managers

True

Security managers accomplish objectives identified by the CISO and resolve issues identified by technicians. _________________________ True False

____ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.

Security technicians

__________ is a cornerstone in the protection of information assets and in the prevention of financial loss.

Separation of Duties

____ is a cornerstone in the protection of information assets and in the prevention of financial loss.

Separation of duties

__________ is a cornerstone in the protection of information assets and in the prevention of financial loss.

Separation of duties

restricitions

Simple firewall models enforce address ____________________, which are rules designed to prohibit packets with certain addresses or partial addresses from passing through the device

sacrificial

Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____ host

sacrificial

Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the __________ host.

sacrificial

Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____________________ host

Some cases of __________ are simple, such as requiring employees to begin using a new password on an announced date. (A) phased implementation (B) direct changeover (C) pilot implementation (D) wrap-up

Direct Changeover

Some cases of __________ are simple, such as requiring employees to begin using a new password on an announced date.

access control list (ACL)

Specifications of authorization that govern the rights and privileges of users to a particular information asset. ACLs include user access lists, matrices, and capabilities tables.

___ inspection firewalls keep track of each network connection between internal and external systems.

Stateful

______ inspection firewalls keep track of each network connection between internal and external systems.

Stateful

__________ inspection firewalls keep track of each network connection between internal and external systems.

Stateful

_________ filterign requires that the filtering rules governing how the firewall decides which packets are allwoed and which are denied be developed an isntalled with the firewall.

Static

Management of classified data

Storage, Distribution, Portability, and Destruction.

Tasks or action steps that come after the task at hand are called __________.

Succesors

A method of encryption that requires the same secret key to encipher and decipher the message is known as __________ encryption.

Symmetric

The popular use for tunnel mode VPNs is the end-to-end transport of encrypted data.

False

Timing channels

TCSEC-defined covert channels that communicate by managing the relative timing of events.

Kerberos ___ provides tickets to clients who request services.

TGS

A mandatory vacation provides the organization with the ability to audit the work of an individual.

TRUE

A permutation cipher simply rearranges the values within a block to create the ciphertext.

TRUE

A(n) known vulnerability is a published weakness or fault in an information asset or its protective systems that may be exploited and result in loss. _________________________

TRUE

Each organization has to determine its own project management methodology for IT and information security projects.

TRUE

If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well.

TRUE

In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network.

TRUE

In general, electrostatic discharge damage to chips produces two types of failures: immediate and latent.

TRUE

Lattice-based access control is a form of access control in which users are assigned a matrix of authorizations for particular areas of access.

TRUE

Over time, policies and procedures may become inadequate due to changes in the organization's mission and operational requirements, threats, or the environment.

TRUE

Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall's database.

TRUE

The Digital Signature Standard established by NIST is used for electronic document authentication by federal information systems. It is based on a variant of the ElGamal algorithm.

TRUE

The use of standard job descriptions can increase the degree of professionalism in the information security field.

TRUE

__________ occurs when an authorized person opens a door, and other people, who may or may not be authorized, also enter.

Tailgating

__________ is the requirement that every employee be able to perform the work of another employee.

Task Rotation

____ is the requirement that every employee be able to perform the work of another employee.

Task rotation

__________ is the requirement that every employee be able to perform the work of another employee.

Task rotation

Successors

Tasks or action steps that come after the task at hand are called __________.

Tasks or action steps that come after the task at hand are called __________. (A) predecessors (B) successors (C) children (D) parents

Governance

Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded.

governance

Technology _____________________ is a complex process that organizations use to manage the impact and costs of technology implementation, innovation, and obsolescence.

Terminal emulation, especially the unprotected ____________________ protocol, should be blocked from any access to all internal servers from the public network.

Telnet

____ are hired by the organization to serve in a temporary position or to supplement the existing workforce.

Temporary employees

__________ are hired by the organization to serve in a temporary position or to supplement the existing workforce.

Temporary employees

False

The CISA credential is geared toward experienced information security managers and others who may have similar management responsibilities. _________________________ True False

accounting

The CISA credential is touted by ISACA as the certification that is appropriate for all but which type of professionals?

international laws

The ISSEP allows CISSP certificate holders to demonstrate expert knowledge of all of the following except __________.

All of the above

The ISSMP examination is designed to provide CISSPs with a mechanism to demonstrate competence in __________.

All of the above

The ISSMP examination is designed to provide CISSPs with a mechanism to demonstrate competence in __________. a. enterprise security management practices b. security management practices c. business continuity planning and disaster recovery planning d. All of the above

All of the Above (Unfreezing, Moving, Refreezing)

The Lewin change model includes __________

The Lewin change model includes __________. (A) unfreezing (B) moving (C) refreezing (D) All of the above

Managerial

The NIST SP 800-100 Information Security Handbook provides __________ guidance for the establishment and implementation of an information security program

___ generates and issues session keys in Kerberos.

KDC

authentication

The Remote ____________________ Dial-In User Service system centralizes the management of user authentication by placing the responsibility for authenticating each user in the central RADIUS server.

multi-vendor

The Secure European System for Applications in a(n) ____________________ Environment is the result of a European research and development project partly funded by the European Commission.

What must a VPN that proposes to offer a secure and reliable capability while relying on public networks accomplish?

The VPN must successfully encapsulate incoming and outgoing data, encrypt incoming and outgoing data and authenticate the remote host user.

CERT/CC

The ____ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.

DMZ

The ____ is an intermediate area between a trusted network and an untrusted network.

modem

The ____ vulnerability assessment process is designed to find and document any vulnerability that is present on dial-up modems connected to the organization's networks.

insecure.org

The __________ Web site is home to the leading free network exploration tool, Nmap.

CISSP

The __________ certification program has added a number of concentrations that can demonstrate advanced knowledge beyond the basic certification's CBK.

CISSP

The __________ certification program has added a number of concentrations that can demonstrate advanced knowledge beyond the basic certification's CBK. a. ISSAP b. ISSEP c. CISSP d. ISSMP

Packet Storm

The __________ commercial site focuses on current security tool resources.

scope

The __________ is a statement of the boundaries of the RA

Demilitarized Zone (DMZ)

The __________ is an intermediate area between a trusted network and an untrusted network.

External monitoring domain

The __________ is the component of the maintenance model that focuses on evaluating external threats to the organization's information assets.

Internal monitoring domain

The __________ is the component of the maintenance model that focuses on identifying, assessing, and managing the configuration and status of information assets in an organization.

CISO

The __________ is typically considered the top information security officer in the organization.

The __________ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing. (A) Policies (B) Networks (C) Systems (D) Applications

Systems

The __________ layer of the bull's-eye model includes computers used as severs, desktop computers, and systems used for process control and manufacturing.

Applications

The __________ layer of the bull's-eye model receives attention last.

The __________ layer of the bull's-eye model receives attention last. (A) Policies (B) Networks (C) Systems (D) Applications

Policies

The __________ level of the bull's-eye model establishes the ground rules for the use of all system and describes what is appropriate and what is inappropriate; it enables all other information security components to function correctly.

Snort

The __________ mailing list includes announcements and discussion of a leading open-source IDPS.

The __________ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems. (A) parallel (B) direct changeover (C) bull's-eye (D) wrap-up

Bull's-eye

PSV (platform security validation)

The __________ process is designed to find and document the vulnerabilities that may be present because there are misconfigured systems in use within the organization.

intranet

The __________ vulnerability assessment is a process designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network.

wireless

The __________ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's wireless local area networks.

both a & b

The International Society of Forensic Computer Examiners (ISFCE) offers which certifications?

Substitution ciphers that use two or more alphabets, are referred to as ____ substitutions.

polyalphabetic

Tasks or action steps that come after the task at hand are called ______.

successors

Federal agencies such as the NSA, FBI, and CIA use specialty classification schemes. For materials that are not considered National Security Information, _______ data is the lowest lever classification

unclassified

(n) __________ is a simple project management planning tool. a.WBS b.ISO 17799 c.SDLC d.RFP

wbs

In a _______, assets or threats can be prioritized by identifying criteria with differing levels of importance, assiging a score for each of the criteria and then summing and ranking those scores.

weighted factor analysis

The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future. a.phased implementation b.pilot implementation c.direct changeover d.wrap-up

wrap-up

The ISSMP examination is designed to provide CISSPs with a mechanism to demonstrate competence in __________.

Enterprise security management practices Security management practices Business continuity planning and disaster recovery planning

Domain Name System (DNS) Protocol Port Number

Intrusion detection and prevention systems can deal effectively with switched networks. A) True B) False

B) False Intrusion Prevention

Most information security projects require a trained project developer.

False (Manager)

It is important to gather employee ____________________ early about the information security program and respond to it quickly.

Feedback

address restrictions

Firewall rules designed to prohibit packets with certain addresses or partial addresses from passing through the device.

five

Firewalls fall into ____ major processing-mode categories.

Global Information Assurance Certification

GIAC

SANS - System Administration, Networking, and Security Institute Offers

GIAC certifications

ICMP uses port ____ to request a response to a query and can be the first indicator of a malicious attack.

TGS

Kerberos ____ provides tickets to clients who request services.

____ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.

PKI

Interior walls only partially reach to the next floor, which leaves a space above the ceiling. This space is called a(n) __________.

PLENUM

_ is a phenomenon in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than accomplishing meaningful project work.

Projectitis

Scaled down version of CISSP

SSCP

terminal

The ____________________ Access Controller Access Control System contains a centralized database, and it validates the user's credentials at this TACACS server.

kerberos

The ____________________ authentication system is named after the three-headed dog of Greek mythology, that guards the gates to the underworld.

The applicant for the CISA must provide evidence of ____ years of professional work experience in the field of information security, with a waiver or substitution of up to two years for education or previous certification.

five

___________ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.

packet-filtering

A _ is usually the best approach to security project implementation.

phased implementation

The first phase of risk management is _________

risk identification

parallel

The ____________________ operations strategy involves running the new system concurrently with the old system.

Briefly describe the seven best practices rules for firewall use.

1. All traffic from the trusted network is allowed out. 2. The firewall device is never directly accessible form the public network for configuration or management purposes. 3. Simple Mail Transport Protocol (SMTP) data is allowed to pass through the firewall but it should all be routed to a well-configured SMTP gateway to filter and route messaging traffic securely. 4. All Internet Control Message Protocol (ICMP) data should be denied. 5. Telnet (terminal emulation) access to all internal servers form the public networks should be blocked. 6. When Web services are offered outside the firewall, HTTP traffic should be denied from reaching your internal networks through the use of some form of proxy access or DMZ architecture. 7. All data that is not veritably authentic should be denied.

10. Most NBA sensors can be deployed in ____ mode only, using the same connection methods as network-based IDPSs. a. passive c. reactive b. active d. dynamic

11. ____ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall. a. Inline c. Passive b. Offline d. Bypass

12. ____ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files. a. NIDPSs c. AppIDPSs b. HIDPSs d. SIDPSs

The SSCP exam consists of ____ multiple-choice questions, and must be completed within three hours.

125

13. Using ____, the system reviews the log files generated by servers, network devices, and even other IDPSs. a. LFM c. AppIDPS b. stat IDPS d. HIDPS

14. ____ are decoy systems designed to lure potential attackers away from critical systems. a. Honeypots c. Padded cells b. Honeycells d. Padded nets

15. IDPS researchers have used padded cell and honeypot systems since the late ____. a. 1960s c. 1980s b. 1970s d. 1990s

16. ____ applications use a combination of techniques to detect an intrusion and then trace it back to its source. a. Trace and treat c. Treat and trap b. Trap and trace d. Trace and clip

Protocol Port Number Simple Network Management Protocol (SNMP)

161

17. ____ is the action of luring an individual into committing a crime to get a conviction. a. Entrapment c. Intrusion b. Enticement d. Padding

18. In TCP/IP networking, port ____ is not used. a. 0 c. 13 b. 1 d. 1023

19. Which of the following ports is commonly used for the HTTP protocol? a. 20 c. 53 b. 25 d. 80

2. Intrusion ____ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again. a. prevention c. detection b. reaction d. correction

File Transfer [Default Data] (FTP) Protocol Port Number

20. ____ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol. a. Buzz c. Spike b. Fuzz d. Black

File Transfer [Control] (FTP) Protocol Port Number

21. A(n) ____ is a network tool that collects copies of packets from the network and analyzes them. a. packet scanner c. honey pot b. packet sniffer d. honey packet

22. Among all possible biometrics, ____ is(are) considered truly unique. a. retina of the eye c. iris of the eye b. fingerprints d. All of the above

Telnet protocol packets usually go to TCP port ___.

Telnet protocol packets usually go to TCP port________, whereas SMTP packets go to port___________.

23, 25

Telnet protocol packets usually go to TCP port __ whereas SMTP packets go to port ________.

23,25

23. ____ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user. a. Biometric access control c. Software access control b. Physical access control d. System access control

24. A(n) ____ is a proposed systems user. a. authenticator c. supplicant b. challenger d. activator

Simple Mail Transfer Protocol (SMTP) Protocol Port Number

25. The ____ is the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate. a. BIOM c. IIS b. REC d. CER

3. ____ is an event that triggers an alarm when no actual attack is in progress. a. False Positive c. False Negative b. False Attack Stimulus d. Noise

4. ____ is the process of classifying IDPS alerts so that they can be more effectively managed. a. Alarm filtering c. Alarm compaction b. Alarm clustering d. Alarm attenuation

5. Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____. a. filtering c. footprinting b. doorknob rattling d. fingerprinting

6. A(n) ____ IDPS is focused on protecting network information assets. a. network-based c. application-based b. host-based d. server-based

DES uses a(n) _____-bit block size.

ICMP uses port ___ to request a response to a query and can be the first indicator of a malicious attack.

CH 10 Implementing Information Security, Ch12, Info Sec Chapter 10 Implementing Security, Chapter 10: Implementing Information Security, Info Sec Chapter 11, Chapter 10 PoIA, Chapter 10 Quiz Question Bank - CIST1601-Information Security Fund, PriCy C...

संबंधित स्टडी सेट्स

Chapter 26

Series 7 - Mastery Exam III #2 (Q1 - Q36)

WRS study guide (All units)

Remote Sensing Cumulative Final

Questions I got wrong on the progress check

Pituitary Adenomas

Patho exam 4

Retirement plans and special types of accounts

C# Data Types

Fin test 2

CFCC 211 Final (iggy)

NSG 1050 Exam 2 CU

Women in the bible midterm

بيتر ميلاد : شرح وحدات اللغة الأنجليزية 3ث

english

Art Appreciation - Chapter 9

2401AHS Therapeutic Exercise : Neuromuscular Viva

Sustainability

Electric circuits

Banana