Ch 5-8

Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?

Accountability

A SOC 1 report primarily focuses on security.

False

What is the correct order of steps in the change control process?

Request Impact Assessment Approval Build/test Implement Monitor

Which of the following determines the probability of a risk (such as an earthquake or a power outage) to occur and the impact that occurrence would have on operations?

Risk analysis

Which of the following involves a review of controls that could mitigate each risk and weighs the cost, both in terms of time and money, of implementing those controls against the likelihood of the risk itself?

Risk assessment

Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?

Service level agreement (SLA)

Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions?

Threat

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined there is a 1% chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the SINGLE LOSS EXPECTANCY (SLE)?

$2,000,000

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1% chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the ANNUALIZED LOSS EXPECTANCY (ALE)?

$20,000

By creating users, assigning those users to groups, and then applying groups to resources in the domain, the administrator sets up both authentication using the Active Directory Domain authentication policies, and builds a series of nested _____ to control the access to domain resources.

Access Control Lists

What is the database that provides a centrally controlled and managed access and security management system for an organization's Windows computer systems?

Active directory

During which phase of the access control process does the system answer the question, "What can the requestor access?"

Authorization

Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?

Authorization

In an accreditation process, who has the authority to approve a system for implementation?

Authorizing official (AO)

Which part of the CIA triad refers to making sure information is obtainable when needed?

Availability

Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?

Baseline

Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?

Black-box test

what determines the impact to an organization in the event that key processes and technology are not available?

Business impact analysis

Business Continuity Plan

Clearly defines responsibilities and support structures (e.g. facilities, personnel, equipment, software, data files, vital records, etc.) to carry on the business after an event.

Forensics and incident response are examples of _____ controls

Corrective

Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?

Crossover error rate (CER)

What information should an auditor share with the client during an exit interview?

Details on major issues

Which of the following documents specific procedures to return a given system or subsystem to production in the event of failure or compromise?

Disaster recovery plan

Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?

Discretionary access control (DAC)

Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?

Does the firewall properly block unsolicited network connection attempts?

What is a key principle of risk management programs?

Don't spend more to protect an asset than it is worth.

A structured walk-through test is a review of a business continuity plan to ensure that contact numbers are current and that the plan reflects the company's priorities and structure.

False

Deterrent controls identify that a threat has landed in your system.

False

Jake has been asked to help test the business continuity plan at an offsite location while the system at the main location is shut down. He is participating in a parallel test.

False

What is a set of concepts and policies for managing IT infrastructure, development, and operations?

IT Infrastructure Library (ITIL)

Adam's company recently suffered an attack where hackers exploited an SQL injection issue on their web server and stole sensitive information from a database. What term describes this activity?

Incident

Which part of the CIA triad refers to maintaining and assuring the accuracy of data over its life-cycle?

Integrity

What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?

Kerberos

Which of the following would NOT be considered in the scope of organizational compliance efforts?

Laws

What term describes the longest period of time that a business can survive without a particular critical system?

Maximum tolerable downtime (MTD)

Which agreement type is typically less formal than other agreements and expresses areas of common interest?

Memorandum of understanding (MOU)

On a Windows network share, if the user can add, edit, and delete files and folders within the LabFiles folder, what type of access controls and permissions are probably configured?

Modify

Which security testing activity uses tools that scan for services running on systems?

Network mapping

Marquerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking?

Project initiation and planning

Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities, but does not allow other activities. Which permission level is he planning to use?

Prudent

Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis?

Qualitative

Which data source comes first in the order of volatility when conducting a forensic investigation?

RAM

What does NOT offer authentication, authorization, and accounting (AAA) services?

Redundant Array of Independent Disks (RAID)

In what type of attack does the attacker send unauthorized commands directly to a database?

SQL injection

Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?

Secure Sockets Layer (SSL)

Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?

Security information and event management (SIEM)

The _____ is the central part of a computing environment's hardware, software, and firmware that enforces access control.

Security kernel

Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing?

Separation of duties

Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?

Separation of duties

Joe is responsible for the security of the industrial control systems for a power plant. What type of environment does Joe administer?

Supervisory Control and Data Acquisition (SCADA)

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?

System integrity monitoring

Residual risk

The risk that exists after an organization has performed all planned countermeasures and controls

What is true regarding guest users who require a higher degree of access?

These guest users can be issued local, self-signed certificates that expire on a specific date and limit the guest's access.

Purchasing an insurance policy is an example of the _____ risk management strategy.

Transfer

A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing.

True

A successful change control program should include the following elements to ensure the quality of the change control process: peer review, documentation, and back-out plans.

True

Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than just in individual packets.

True

What control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?

Warm site

By default, Windows will:

inherit the permissions of the parent folder so that all subfolders will have the same permissions as the parent

Signature detection

intrusion detection system strategy that relies on pattern matching

Active directory:

makes the process of accessing machines that are not on the domain much easier

Windows Group Policy can be used _____ to control access to many local computer and network resources such as drives, Internet access, kiosk mode, etc.

on either a local or domain level

Which of the following is the mechanism on a Windows server where you can administer granular policies and permissions on a Windows network using role-based access?

Windows Group Policy

Waterfall

software development model in which activity progresses in a lock-step sequential process where no phase begins until the previous phase is complete

If it's impractical to place guest users in a secure network, isolated from the production network by firewall barriers, then:

specific areas of access should be determined and they should be as restrictive as possible

Microsoft Windows Active Directory provides capabilities in all three of the CIA areas, and the domain administrator will be called upon to implement:

the roles of Confidentiality and Integrity most frequently

Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?

SOC 3

Which of the following combines something you know (e.g. password) with something you are (e.g. fingerprint) or something you possess (e.g. USB stick) and can also employ a certificate system that adds a distinct third layer to the authentication process?

Two-factor authentication

Nancy performs a full backup of her server every Sunday at 1AM and differential backups on Mondays through Fridays at 1AM. Her server fails at 9AM Wednesday. How many backups does Nancy need to restore?

2

Which part of the CIA triad refers to preventing the disclosure of secure information to unauthorized individuals or systems?

Confidentiality