1
The _________ level focuses on developing the ability and vision to perform complex, multidisciplinary activities and the skills needed to further the IT security profession and to keep pace with threat and technology changes Security awareness Security basics and literacy Roles and responsibilities relative to IT systems Education and experience
Education and experience
Severe messages, such as immediate system shutdown, is a(n) _____ severity Emerg Crit Warning Alert
Emerg
The _________ is logic embedded into the software of the system that monitors system activity and detects security-related events that it has been configured to detect. Event discriminator Archive Audit analyzer Alarm processor
Event discriminator
____ need training on the development of risk management goals, means of measurement, and the need to lead by example in the area of security awareness Executives Trainers Managers Analysts
Executives
A threat action in which sensitive data are directly released to an unauthorized entity is __________. Intrusion Corruption Disruption Exposure
Exposure
In the United States, student grade information is an asset whose confidentiality is regulated by the __________.
FERPA Family Educational Rights and Privacy Act family educational rights and privacy act
_______are decoy systems that are designed to lure a potential attacker away from critical systems.
Honeypots
Network and host _________________ monitor and analyze network and host activity and usually compare this information with a collection of attack signatures to identify potential security incidents
IDS ids intrusion detection systems Intrusion Detection Systems
Release of message contents and traffic analysis are two types of _________ attacks.
passive
Employees have no expectation of _________in their use of company-provided e-mail or Internet access, even if the communication is personal in nature
privacy
After security basics and literacy, training becomes focused on providing the knowledge, skills, and abilities specific to an individual's ___________________ relative to IT systems.
roles and responsibilities
A ______________ is an independent review and examination of a system's records and activities
security audit
A _____________ is a chronological record of system activities that is sufficient to enable the reconstruction and examination of the sequence of environments and activities surrounding or leading to an operation, procedure, or event in a security-relevant transaction from inception to final results
security audit trail
___________ is a form of auditing that focuses on the security of an organization's IS assets.
security auditing
In general, a ________________ program seeks to inform and focus an employee's attention on issues related to security within the organization.
security awareness
The ____________ is the predefined formally documented statement that defines what activities are allowed to take place on an organization's network or on particular hosts to support the organization's requirements.
security policy
___________is UNIX's general-purpose logging mechanism found on all UNIX variants and Linux
syslog
Monitoring areas suggested in ISO 27002 include: authorized access, all privileged operations, unauthorized access attempts, changes to (or attempts to change) system security settings and controls, and ________________
system alerts or failure
The goal of the _________function is to ensure that all information destined for the incident handling service is channeled through a single focal point regardless of the method by which it arrives for appropriate redistribution and handling within the service
triage
Any action that threatens one or more of the classic security services of confidentiality, integrity, availability, accountability, authenticity, and reliability in a system constitutes a(n) __________
incident
___________ lists the following security objective with respect to current employees: to ensure that employees, contractors, and third-party users are aware of information security threats and concerns and their responsibilities and liabilities with regard to information security and are equipped to support organizational security policy in the course of their normal work and to reduce the risk of human error.
iso 27002
The principles that should be followed for personnel security are: limited reliance on key employees, separation of duties, and ______________.
least privilege
_________ audit trails may be used to detect security violations within an application or to detect flaws in the application's interaction with the system Application-level System-level User-level None of the above
Application-level
A loss of _________ is the unauthorized disclosure of information. A. Confidentiality B. Authenticity C. Integrity D. Availability
A. Confidentiality
assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.System integrity A. System integrity B. Availability C. Data integrity D. Confidentiality
A. System integrity
Security awareness, training, and education programs can serve as a deterrent to fraud and actions by disgruntled employees by increasing employees' knowledge of their ________ and of potential penalties Incidents Regulations Liability Accountability
Accountability
The rule _______ tells Snort what to do when it finds a packet that matches the rule criteria. Direction Destination port Protocol Action
Action
Replay, masquerade, modification of messages, and denial of service are example of _________ attacks.
Active
System conditions requiring immediate attention is a(n) _______ severity Notice Err Alert Emert
Alert
A capability set up for the purpose of assisting in responding to computer security-related incidents that involve sites within a defined constituency is called a ______. CIRT CSIRT CIRC All of the above
All of the above
Data items to capture for a security audit trail include events related to the security mechanisms on the system Operating system access Remote access All of the above
All of the above
From a security point of view, which of the following actions should be done upon the termination of an employee? Recover all assets, including employee ID, disks, documents and equipment Remove all personal access codes Remove the person's name from all lists of authorized access All of the above
All of the above
Security auditing can: Generate data that can be used in after-the-fact analysis of an attack Maintain a record useful in computer forensics Provide data that can be used to define anomalous behavior All of the above
All of the above
______ is a benefit of security awareness, training, and education programs to organizations. Mitigating liability of the organization for an employee's behavior Increasing the ability to hold employees accountable for their actions Improving employee behavior All of the above
All of the above
_______ are ways for an awareness program to promote the security message to employees Newsletters Workshops and training sessions Posters All of the above
All of the above
________ can include computer viruses, Trojan horse programs, worms, exploit scripts, and toolkits Artifacts CSIRT Constituencies Vulnerabilities
Artifacts
A(n) _________ is a threat that is carried out and, if successful, leads to an undesirable violation of security, or threat consequence.
Attack
An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) __________. Attack Vulnerability Risk Asset
Attack
The ________ is a module that transmits the audit trail records from its local system to the centralized audit trail collector Audit analyzer Audit trail collector Audit dispatcher None of the above
Audit dispatcher
The ________ is a module on a centralized system that collects audit trail records from other systems and creates a combined audit trail Audit analyzer Audit provider Audit dispatcher Audit trail collector
Audit trail collector
A loss of _________ is the disruption of access to or use of information or an information system.
Availability
Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. A. Availability B. Privacy C. System integrity D. Data integrity
B. Privacy
Confidentiality, Integrity, and Availability form what is often referred to as the _____
CIA triad
A _______ policy states that the company may access, monitor, intercept, block access, inspect, copy, disclose, use, destroy, or recover using computer forensics any data covered by this policy Business use only Company rights Unlawful activity prohibited Standard of conduct
Company rights
CERT stands for ___________. Compliance Error Repair Technology Computer Error Response Team Computer Emergency Response Team Compliance Emergency Response Technology
Computer Emergency Response Team
__________ is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.
Computer Security
A loss of _________ is the unauthorized disclosure of information. Integrity Availability Confidentiality Authenticity
Confidentiality
A(n) _________ is any means taken to deal with a security attack.
Countermeasure
A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken. Protocol Adversary Attack Countermeasure
Countermeasure
A________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A. Low B. Moderate C. Normal D. High
D. High
The assets of a computer system can be categorized as hardware, software, communication lines and networks, and _________.
Data
_________ identifies the level of auditing, enumerates the types of auditable events, and identifies the minimum set of audit-related information provided Event selection Automatic response Data generation Audit analysis
Data generation
Masquerade, falsification, and repudiation are threat actions that cause __________ threat consequences. Deception Disruption Unauthorized disclosure Usurpation
Deception
The _________ prevents or inhibits the normal use or management of communications facilities. Masquerade Denial of service Traffic encryption Passive attack
Denial of service
A __________ is data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.
Digital Signature
With _________ the linking to shared library routines is deferred until load time so that if changes are made any program that references the library is unaffected Statically linked shared libraries all of the above Dynamically linked shared libraries System linked shared libraries
Dynamically linked shared libraries
A(n) ________ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor. Inline sensor Passive sensor Analysis sensor LAN sensor
Inline sensor
An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user. Privacy Masquerade Interception Inference
Masquerade
The OSI security architecture focuses on security attacks, __________, and services.
Mechanisms
Messages in the BSD syslog format consist of three parts: PRI, Header, and _____
Msg
Windows allows the system user to enable auditing in _______ different categories Eleven Five Nine Seven
Nine
A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources. Outside attack Active attack Passive attack Inside attack
Passive attack
assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. System integrity Data integrity Availability Privacy
Privacy
_________ is a document that describes the application level protocol for exchanging data between intrusion detection entities RFC 4767 RFC 4764 RFC 4766 RFC 4765
RFC 4767
Security implementation involves four complementary courses of action: prevention, detection, response, and _________.
Recovery
A(n) _________ assessment is periodically assessing the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission or organizational information.
Risk
______ software is a centralized logging software package similar to, but much more complex than, syslog NetScan IPConfig SIEM McAfee
SIEM
A __________ is any action that compromises the security of information owned by an organization. Security atatck Security policy Security mechanism Security service
Security atatck
A _______ is conducted to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures Security audit trail Security audit System-level audit trail User-level audit
Security audit
________ is explicitly required for all employees Security awareness Roles and responsibilities relative to IT systems Security basics and literacy Education and experience
Security awareness
The _______ category is a transitional stage between awareness and training Roles and responsibilities relative to IT systems Education and experience Security basics and literacy Security awareness
Security basics and literacy
A _________ is a security event that constitutes a security incident in which an intruder gains access to a system without having authorization to do so Intrusion detection IDS Security intrusion Criminal enterprise
Security intrusion
__________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder. Profile based detection Threshold detection Anomaly detection Signature detection
Signature detection
assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.System integrity Data integrity Availability Confidentiality System integrity
System integrity
___________ scan critical system files, directories, and services to ensure they have not been changed without proper authorization Log analysis tools Intrusion prevention systems Network and host intrusion detection systems System integrity verification tools
System integrity verification tools
_________ audit trails are generally used to monitor and optimize system performance System-level Physical-level User-level all
System-level
______ is the identification of data that exceed a particular baseline value Thresholding Anomaly detection Real-time analysis all of above
Thresholding
The assurance that data received are exactly as sent by an authorized entity is __________. Traffic routing Traffic control Traffic integrity Authentication
Traffic integrity
__________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. Traffic integrity Traffic routing Traffic control Traffic padding
Traffic padding
________ is the process of receiving, initial sorting, and prioritizing of information to facilitate its appropriate handling Constituency Triage Handling Incident
Triage
__________ audit trail traces the activity of individual users over time and can be used to hold a user accountable for his or her actions
User-level
Misappropriation and misuse are attacks that result in ________ threat consequences.
Usurpation
A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is a(n) __________. Countermeasure Risk Adversary Vulnerability
Vulnerability
_________________is detection of events within a given set of parameters, such as within a given time period or outside a given time period
Windowing windowing
SIEM software has two general configuration approaches: agentless and _____________.
agent-based
Windows is equipped with three types of event logs: system event log, security event log, and _________event log
application
The audit ____________ are a permanent store of security-related events on a system
archives
A(n) __________is any file or object found on a system that might be involved in probing or attacking systems and networks or that is being used to defeat security measures
artifact
The ______repository contains the auditing code to be inserted into an application
audit
The ___________________is an application or user who examines the audit trail and the audit archives for historical trends, for computer forensic purposes, and for other analysis
audit trail examiner
There is a need for a continuum of learning programs that starts with _______builds to training, and evolves into education.
awareness
_______________is the process of defining normal versus unusual events and patterns
baselining
In large and medium-sized organizations, a _____________________ is responsible for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services
computer security incident response team
The group of users, sites, networks, or organizations served by the CSIRT is a __________
constituency
Establishing, maintaining, and implementing plans for emergency response, backup operations, and post disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in emergency situations is a __________ plan.
contingency
The four layers of the learning continuum as summarized by NIST SP 800-16 are: security awareness, security basics and literacy, roles and responsibilities relative to IT systems, and the ________________ level.
education and experience
The principal problems associated with employee behavior are errors and omissions, _____, and actions by disgruntled employees.
fraud
A _____________is a characteristic of a piece of technology that can be exploited to perpetrate a security incident
vulnerability
RFC 2196 (Site Security Handbook) lists three alternatives for storing audit records: read/write file on a host, write-once/read-many device, and _____________.
write-only device