CS-416 Chapter 6 - Final
Organizations are usually not aware of when compliance auditing is a mandated periodic occurrence, so preparation is challenging and often not possible.
False
Security management is the ongoing process of evaluating security so that you can improve it.
False
Single-factor authentication uses a single element of validation or verification to prove the identity of a subject, and it is considered much stronger than multi-factor authentication.
False
The act of containment should not interrupt or interfere with the continued spread or operation of the unwanted event.
False
Training is less rigorous than awareness and more rigorous than education.
False
You should wait at least a month before applying a patch or update from the vendor.
False
To write a comprehensive security policy, you should first inventory and examine the components of the IT infrastructure.
True
Trusted Platform Module (TPM) is a dedicated microchip found on some motherboards; it hosts and protects the encryption key for whole hard drive encryption.
True
You should never assume that a service or protocol is secured by another layer or service.
True
Which form of investigation aims at checking whether or not a target system is subject to attack based on a database of tests, scripts, and simulated exploits? Incident response plan Fail-open Vulnerability scanning Separation of duties
Vulnerability scanning
Which one of the following is not a cause of a configuration error? Physical damage Updates Human error Vulnerability scanning
Vulnerability scanning
What prevents a hard drive from being read by another system if it is stolen? Whole hard drive encryption Host firewall Antivirus scanner Intrusion detection system (IDS)
Whole hard drive encryption
Checking authentication, checking authorization and access control, auditing systems, and verifying firewalls and other filters should all be included on which of the following? A physical security checklist A whitelist A response plan A logical security checklist
A logical security checklist
What is a business continuity plan? A plan explaining the use of only a single element of validation or verification to prove the identity of a subject. A plan outlining the failure response that results in open and unrestricted access or communication. A plan to maintain the mission-critical functions of the organization in the event of a problem that threatens to take business processes offline. A plan to restore the mission-critical functions of the organization once they have been interrupted by an adverse event.
A plan to maintain the mission-critical functions of the organization in the event of a problem that threatens to take business processes offline.
Which of the following describes separation of duties? A security stance that allows all communications except those prohibited by specific deny exceptions A plan to restore the mission-critical functions of the organization once they have been interrupted by an adverse event A security guideline, procedure, or recommendation manual An administrative rule whereby no single individual possesses sufficient rights to perform certain actions
An administrative rule whereby no single individual possesses sufficient rights to perform certain actions
Which of the following creates copies of data on other storage media? Fail-Open Honeynets Backups Security Technical Implementation Guide (STIGS)
Backups
Which of the following describes awareness? A dedicated microchip found on some motherboards that host and protect the encryption key for whole hard drive encryption The third and highest level of obtaining security knowledge that leads to career advancement A security guideline, procedure, or recommendation manual Basic security training that focuses on common or basic security elements that all employees must know and abide by
Basic security training that focuses on common or basic security elements that all employees must know and abide by
Which of the following is an element of infrastructure design that takes into account the likelihood of a security breach by malicious code or some other intruder? Containment Trapping Compartmentalization Intrusion detection
Compartmentalization
Which of the following is a detailed and thorough review of the deployed security infrastructure compared with the organization's security policy and any applicable laws and regulations? Incident response plan Compliance audit Disaster recovery plan Business continuity plan
Compliance audit
Which of the following determines the available vendor patches that are installed or missing? Vulnerability scan Configuration scan Penetration test Post-mortem assessment
Configuration scan
A security stance that blocks access to all resources until a valid authorized explicit exception is defined? Fail-secure Fail-open Default deny Default allow
Default deny
Which of the following is not a step in an incident response solution? Evasion Containment Eradication Recovery
Evasion
Which of the following refers to a failure response resulting in open and unrestricted access or communication? Fail-open Mission-critical Default allow Fail-secure
Fail-open
A fail-open grants all users the minimum level of access and permission required to perform an assigned job task or responsibility.
False
Default deny is a specialized host used to place an attacker into a system where the intruder cannot do any harm.
False
Handling physical security attacks is the most important aspect of a security plan, as these types of attacks pose the highest risks to the organization.
False
Which of the following is a form of security protection that protects individual files by scrambling the contents in such a way as to render them unusable by unauthorized third parties? Default allow Separation of duties File encryption Fail-secure
File encryption
Which of the following describes a predefined procedure that will limit damage, contain the spread of malicious content, stop the compromise of information, and promptly restore the environment to a normal state? Separation of duties Incident response plan Business continuity plan Disaster recovery plan
Incident response plan
Which of the following is not a characteristic of security education? Its purpose is to obtain knowledge that leads to career advancement. It is usually obtained inside of the organization. It is broad and not necessarily focused on specific job tasks or assignments. It is more rigorous than awareness or training.
It is usually obtained inside of the organization.
Which of the following describes the state or condition of an asset or process vitally important to the long-term existence and stability of an organization? Mission-critical Fail-secure Fail-open Compliance audit
Mission-critical
Which of the following refers to a specialized host used to place an attacker into a system where the intruder cannot do any harm? Incident response plan Padded cell Principle of least privilege Default allow
Padded cell
Which of the following refers to the guideline that all users should be granted only the minimum level of access and permission required to perform their assigned job tasks and responsibilities? The whitelist Principle of least privilege Single-factor authentication Incident response plan
Principle of least privilege
The goal of disaster recovery planning is to return the business to functional operation within a limited time to prevent the failure of the organization due to the incident.
True
A Security Technical Implementation Guide (STIGS) is a guideline, procedure, or recommendation manual.
True
A honeynet is a collection of multiple honeypots in a network for the purposes of luring and trapping hackers.
True
A port-mortem assessment review is the self-evaluation performed by individuals and organizations after each security assessment task.
True
Bricking occurs when an update process causes a complete failure of the security control.
True
It is a mistake to use remote system and device management mechanisms that are convenient but not secure, such as telnet, HTTP, and FTP.
True
Patch management watches for the release of new updates from vendors, tests the patches, obtains approval, and then oversees the deployment and implementation of updates across the production environment.
True
Penetration testing involves the application of hacking techniques, methodology, and tools; ethical security experts conduct penetration testing.
True