chapter 8
Which of the following statements are true? IT developments such as virtualization, Cloud computing, and the Internet of Things weaken information security. A large number of emergency changes is a potential red flag of other problems. Information security is improved when the CISO reports to the CIO. All of the statements are true. None of the statements are true.
IT developments such as virtualization, Cloud computing, and the Internet of Things weaken information security.
Which of the following set of authentication credentials provides the strongest access control? A password and a security question. A PIN and a smart card. Voice recognition and a fingerprint. All of the combinations of credentials are equally strong.
a PIN and a smart card
border router
a device that connects an organization's information system to the internet
biometric identifier
a physical or behavioral characteristic that is used as an authentication credential
deep packet inspection
a process that examines the data in the body of a TCP packet to control traffic, rather than looking only at the information in the IP and TCP headers
packet filtering
a process that uses various fields in a packet's IP and TCP headers to decide what to do with the packet
exploit
a program designed to take advantage of a known vulnerability
demilitarized zone
a separate network located outside the organization's internal information system that permits controlled access from the internet
Access Control List (ACL)
a set of IF-THEN rules used to determine what to do with arriving packets
Intrusion Detection System (IDS)
a system that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions
Access Control Matrix
a table used to implement authorization controls
Computer Incident Response Team (CIRT)
a team that is responsible for dealing with major security incidents
Which of the following is a preventive control? a. training b. log analysis c. CIRT d. virtualization
a.
Which of the following techniques is the most effective way for a firewall to use to protect the perimeter? a. deep packet inspection b. packet filtering c. access control list d. All of the above are equally effective.
a.
penetration test
an authorized attempt to break into the organization's information system
The system employs a compatibility test to decide whether to let a particular employee update records in a particular file. The compatibility test is a part of the aspect of access control referred to as . authentication authorization accountability
authorization
vulnerability scanners
automated tools designed to identify whether a given system possesses any unused and unnecessary programs that represent potential security threats
The control procedure designed to restrict what portions of an information system an employee can access and what actions he or she can perform is called . a. authentication b. authorization c. intrusion prevention d. intrusion detection
b
Which of the following combinations of credentials is an example of multifactor authentication? a. voice recognition and a fingerprint reader b. a PIN and an ATM card c. a password and a user ID d. all of the above
b.
Which of the following is a corrective control designed to fix vulnerabilities? a. virtualization b. patch management c. penetration testing d. authorization
b.
Which of the following statements is true? a. The concept of defense-in-depth reflects the fact that security involves the use of a few sophisticated technical controls. b. Information security is necessary for protecting confidentiality, privacy, integrity of processing, and availability of information resources. c. The time-based model of security can be expressed in the following formula: P<D+RP<D+R d. Information security is primarily an IT issue, not a managerial concern.
b.
A weakness that an attacker can take advantage of to either disable or take control of a system is called a(n) . a. exploit b. patch c. vulnerability d. attack
c.
Which of the following is a detective control? a. hardening endpoints b. physical access controls c. penetration testing d. patch management
c.
patch
code released by software developers that fixes a particular vulnerability
endpoints
collective term for the workstations, servers, printers, and other devices that comprise an organization's network
Modifying default configurations to turn off unnecessary programs and features to improve security is called . a. user account management b. defense-in-depth c. vulnerability scanning d. hardening
d.
Which of the following statements is true? a. "Emergency" changes need to be documented once the problem is resolved. b. Changes should be tested in a system separate from the one used to process transactions. c. Change controls are necessary to maintain adequate segregation of duties. d. All of the above are true.
d.
A firewall that uses would be most effective in detecting and stopping an attempt to deface the organization's website by sending an HTML "PUT" command to its web server. static packet filtering stateful packet filtering deep packet inspection
deep packet inspection
Defense in Depth
employing multiple layers of controls to avoid a single point-of-failure
The set of instructions for taking advantage of a flaw in a program is called a(n) . vulnerability patch update exploit
exploit
Vulnerabilities
flaws in programs that can be exploited to either crash the system or take control of it
Time Based Model of Information Security
implementing a combination of controls that protect assets long enough to enable an organization to recognize that an attack is occurring and take steps to thwart it before any information is lost or compromised p>D+R
compatibility test
matching the user's authentication credentials against the access control matrix to determine whether that employee should be allowed to access that resource and perform the requested action
ABC bank wants to strengthen the security of its online bill-pay features. Therefore, it decides that in addition to a password, users must also correctly identify a picture that they have previously chosen to be one of their authentication credentials. This is an example of a process referred to as . multifactor authentication multimodal authentication neither of the above
multimodal authentication
In addition to encryption, organizations should to effectively secure wireless communications. place all wireless access points in the DMZ configure all wireless clients to operate in ad hoc mode do both of the above do none of the above
place all wireless access points in the DMZ
info security procedures protect info integrity by
preventing ficticious transactions
Trust Services Framework
principle of integrity is achieved when system produces data that is complete accurate and valid principle that states info should be protected from unauthorized disclosure is privacy
internet protocol
protocol specifies the route of packets sent over internet to get them to right destination
internet of things
refers to the embedding of sensors in a multitude of devices (lights, heating and air conditioning, appliances) so that those devices can now connect to the internet
A company's current password policy requires that passwords be alphanumeric, case-sensitive, and 10 characters long. Which one of the following changes to a company's password policy will increase password strength the most? Require passwords to also include special characters (such as $, &, etc.) Require passwords to be 15 characters long Both of the above changes would have the same effect on password strength
require passwords to be 15 characters long
Virtualization
running multiple systems simultaneously on one physical computer
Firewalls are most effective in reducing the ability of an attacker to . conduct initial reconnaissance research vulnerabilities and exploits scan and map the target all of the above are prevented by firewalls none of the above are prevented by firewalls
scan and map the target
transmission control protocol
sequencing of packets, re routes to the right place
Intrusion Prevention System (IPS)
software or hardware that monitors patterns in the traffic flow to identify and automatically block attacks
routers
special purpose devices that are designed to read the source and destination address fields in IP packet headers to decide where to send (route) the packet next
reconnaissance
steps criminals take to study target's physical layout to learn about controls it has in place
change control and change management
the formal process used to ensure that modifications to hardware, software, or processes do not reduce systems reliability
log analysis
the process of examining logs to identify evidence of possible attacks
hardening
the process of modifying the default configuration of endpoints to eliminate unnecessary settings and services
Patch Management
the process of regularly applying patches and updates to software
authorization
the process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform
multimodal authentication
the use of multiple authentication credentials of the same type to achieve a greater level of security
multifactor authentication
the use of two or more types of authentication credentials in conjunction to achieve a greater level of security
Cloud Computing
using a browser to remotely access software, data storage, hardware, and applications
Social Engineering
using deception to obtain unauthorized access to information resources
Authentication
verifying the identity of the person or device attempting to access the system
Security Life Cycle
1. assess threats and select risk response 2. develop and communicate policy 3. acquire and implement solutions 4. monitor performance
firewall
A special-purpose hardware device or software running a general-purpose computer that controls both inbound and outbound communication between the system behind the firewall and other networks.