CIS 481 Exam 2

File Transfer [Default Data] (FTP)

20

Simple Mail Transfer Protocol (SMTP)

25

Domain Name System (DNS)

53

Hypertext Transfer Protocol (HTTP)

80

(Extra Credit) What is the acronym for the "world's first educational and scientific computing society" that delivers educational resources to advance computing as a science and a profession?

ACM

specifications of authorization that govern the rights and privilege's of users to a particular information asset

Access control lists (ACL)

Which of the following attributes is typically associated with ethical frameworks that are deemed to be deontological in nature?

Actions are intrinsically wrong or right based on duty or rights & Gives consideration to the personal and professional duties of individuals

The current federal standard for the encryption of data, as specified by NIST. _________ is based on the Rijndael algorithm, which was developed by Vincent Rijmen and Joan Daemen

Advanced Encryption Standard (AES)

Which of the following basic IDPS deployment and implementation control strategies is depicted in the accompanying image?

Centralized

requires all federal agencies that handle classified digital information to have security plans and periodic training in place

Computer Security Act (CSA-1987)

Fixed moral attitudes or customs of a particular group

Cultural mores

The __________ is an intermediate area between a trusted network and an untrusted network.

DMZ

a hybrid cryptosystem that facilitates exchanging private keys using public key encryption

Diffie-Hellman key exchange

The NIST standard for digital signature algorithm usage by federal information systems. ________ is based on a variant of the EIGamal signature scheme

Digital Signature Standard (DSS)

Which of the following provides the ability to share resources in a peer-to-peer configuration that allows users to control and possibly provide access to information or other technology resources at their disposal?

Discretionary Access Controls (DAC)

NIST standards specify that all network interface hardware devices have a unique identification number typically referred to as a media access control (MAC) address.

FALSE

Day one vulnerabilities (or day one attacks) are unknown or undisclosed vulnerabilities that can't be predicted or prepared for because once they are discovered, the technology owners have only one day to identify, mitigate, and resolve the vulnerability.

False

Enticement refers to an act which is intended to lure an individual into committing a crime in order to obtain a conviction.

False

For cryptosystems, the security of encrypted data is largely dependent on keeping both the encryption algorithm and the associated key secret.

False

Intrusion correction activities is the formal process by which organizations examine what happened following an intrusion and determine how the attack occurred.

False

The Triple DES (3DES) standard was recently created by NIST to provide a level of security far beyond what AES and DES offer.

False

governs access to educational information and records by public entities such as potential employers, educational institutions, and foreign governments

Family Educational Rights and Privacy Act (FERPA-1974)

requires banks, security firms, and insurance companies disclose their private policies on the sharing of nonpublic personal information

Gramm-Leach-Bliley Act (1999)

provided financial "boundaries" in the form of monetary incentives for investigators to pursue violations, including legal, accounting, and technology firms

Health Information for Economic and Clinical Health Act (HITECH - 2009)

Protects the confidentiality and security of medical records by establishing standards for data interchange

Health Insurance Portability and Accountability Act (HIPPA - 1996)

an IDPS that resides on a particular computer or server, known as the host, and monitors activity only on that system

Host-based IDPS (HIDPS)

The primary and now dominant cryptographic authentication and encryption product of the IETF's IP Protocol Security Working Group. A framework for security development within the TCP/IP family of protocol standards, __________ provides application support for all uses within TCP/IP, including virtual private networks

IP Security (IPSec)

Which of the following is not a significant strength of an IDPS?

Instantaneously detecting, reporting, responding to attack when there is heavy network load

an authentication system that uses the symmetric key encryption to validate an individual users success to various network resources by keeping a database containing the private keys of clients and servers that are in the authentication domain supervises

Kerberos

a required, structured classification scheme that rates each collection of information as well as each other - ratings are referred to as sensitivity or classification levels

Mandatory Access controls (MAC)

also known as switch port analysis (SPAN) port or mirror port, a specially configured connection on a network device that can view all the traffic that moves through the device

Monitoring port

a technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually one one to one basis; that is one external valid address directly maps to one assigned internal address

Network Address Translation (NAT)

An IDPS that resides on a computer or appliance connected to a segment of an organizations network and monitors traffic on that segment, looking for indications of ongoing or successful attacks

Network-based IDPS (NIDPS)

Which of the following attributes is typically associated with ethical frameworks that are deemed to be teleological in nature?

Optimizes social welfare over the rights of individuals & Gives priority to the good of society in general & Proponents would say "the ends always justify the means" & Not really concerned with the notion of equality or fairness

information about a person's history, background, and attributes that can be used to commit identity left - person's name, address, Social Security number, family information, employment history, and financial information

Personally Identifiable Information (PII)

a technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one to many basis; that is, one external valid address is mapped dynamically to a range of internal addresses by adding a unique port number to the address to when traffic leaves the private network and is placed on the public network

Port Address Translation (PAT)

a standard proposed by the Internet Engineering Task Force (IETF) that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures

Privacy-Enhanced Mail (PEM)

a computer connection system that centralizes the management of user authentication by placing the responsibility for authenticating each user on a central authentication center

Remote Authentication Dial In User Service (RADIUS)

includes measures for financial reporting related to willful destruction of evidence - applies to all US public company boards, management and accounting firms

Sarbanes-Oxley Act of 2002

A protocol developed by credit card companies to protect against electronic payment fraud

Secure Electronic Transactions (SET)

an extended version of Hypertext Transfer Protocol that provides for the encryption of protected Web pages transmitted via the Internet between a client and server

Secure HTTP (S-HTTP)

A standard issued by the National Institute of Standards and Technology (NIST) that specifies secure algorithms, such as SHA-1, for computing a condensed representation of message or data file

Secure Hash Standards (SHS)

A security protocol that builds on the encoding format of the Multipurpose Internet Mail Extensions (MIME) protocol and uses digital signatures based on public-key cryptosystems to secure e-mail

Secure Multipurpose Internet Mail Extensions (S/MIME)

A security protocol developed by Netscape to use public key encryption to secure a channel over the Internet

Secure Pockets Layer (SSL)

allows electronic surveillance in order to gather information related to foreign intelligence and to counter terrorism

USA Freedom Act (2015)

initial legislation allowing U.S. law enforcement agencies to utilize appropriate tools to intercept and obstruct terrorism

USA Patriot Act (2001)

a cryptographic technique developed at AT&T and known as the "one-time pad" this cipher uses a set of characters for encryption operations only one time and then discards it

Vernman Cipher

an advanced type of substitution cipher that uses a simple polyalphabetic code

Vigenere cipher

the selective method by which systems specify who may use a particular resource and how they may use it

access control

an integration of access control lists (focusing on assets) and capabilities tables (focusing on users) that results in a matrix with an organizational assets listed in the column headings and users listed in the row headings

access control matrix

access control mechanism that ensures all actions on a system - authorized or un authorized - can be attributed to an authenticated identity

accountability

an application that scans networks to identify exposed usernames and groups, open network shares, configuration problems, and other vulnerabilities in servers

active vulnerabilities scanner

firewall rules designed to prohibit packets with certain addresses or partial addresses from passing through the device

address restrictions

collective data that relates to a group or category of people and that has been altered to remove characteristics or components that make it possible to identify individuals within the group

aggregate information

also known as behavior based detection, and IDPS detection method that compares current data and traffic patterns to an established baseline of normalcy

anomaly-based detection

in IPSec, a protocol that provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of network communications

application header (AH) protocol

a device capable of functioning both as a firewall and an application layer proxy server

application layer proxy firewall

The process of examining and verifying the high-order protocols (HTTP, FTP, and Telnet) in network traffic for unexpected packet behavior or improper use

application protocol verification

a cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message. Either key can be used to encrypt a message, but then the other key is required to decrypt it

asymmetric encryption

an authentication component in the form of a token - a card or key fob that contains a computer chip and liquid crystal display and shows a computer generated number used to support remote login authentication - the token does not require calibration, it uses challenge/response system

asynchronous token

a logical sequence of steps or processes used by an attacker to launch an attack against a target system or network

attack protocol

the functions and features that a system exposes to an unauthenticated users

attack surface

a characteristic of a subject (user or system) that can be used to restrict access to an object

attribute

an access control approach whereby the organization specifies the use of objects on some attribute of the user or system

attribute-based access control (ABAC)

the access control mechanism that requires the validation and verification of an unauthenticated entity's purported identity

authentication

three mechanisms that provide authentication based on something an unauthenticated entity knows, something an unauthenticated entity has, and something an unauthenticated entity is

authentication factors

the access control mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels

authorization

the process illegally attempting to determine the source of an intrusion by tracing it and trying to gain access to the originating system

back hack

a device placed between an external, untrusted network and an internal, trusted network - serves as the sole target for attack and should therefore be thoroughly secured

bastion host

the use of physiological characteristics to provide authentication for a provided identification.

biometrics access control

a list of systems, users, files, or addresses that have been associated with malicious activity; it is commonly used to block those entities for systems or network access

blacklist

In a lattice-based access control, the row of attributes associated with a particular subject (such as user)

capabilities table

an IDPS implementation approach in which all control functions are implemented and managed in a control location

centralized IDPS control strategy

In PKI, a third party that manages users' digital certificates

certificate authority (CA)

In PKI, a published list of revoked or terminated digital certificates

certificate revocation (CRL)

Which of the following represents a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizational entities and people?

civil

a predefined assessment level that triggers a predetermined response when surpassed - typically the response it to write the event to a log file and or notify an administrator

clipping level

the instructions a system administrator codes into a server, networking device, or security device to specify how it operates

configuration rules

a software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network

content filter

unauthorized or unintended methods or communications hidden inside a computer system

covert channels

also called the equal error rate, the point at which the rate of false rejections equals the rate of false acceptances

crossover error rate (CER)

the process of obtaining the plaintext message from a cyphertext message without knowing the keys used to perform the encryption

cryptanalysis

the process of making and using codes to secure information

cryptography

the field of science that encompasses cryptography and cryptanalysis

cryptology

a strategy to gain assurance that the users of a network do not send high value information or other critical information outside the network

data loss prevention

an intermediate are between two networks designed to provide servers and firewall filtering between a trusted internal network and the outside, untrusted network

demilitarized zone (DMZ)

Public-key container files that allow PKI system components and end users to validate a public key and identify its owner

digital certificates

Encrypted message components that can be mathematically proven as authentic

digital signatures

access controls that are implemented at the discretion or option of the data user

discretionary access controls (DACs)

measures that an organization takes to ensure every employee knows what is acceptable and what is not

due care

reasonable steps taken by people or organizations to meet the obligations imposed by laws or regulations

due diligence

an authentication card that contains digital user data, such as a personal identification number (PIN), against which user input is compared

dumb card

a firewall type that can react to network traffic and create or modify configuration rules to adapt

dynamic packet filtering firewall

In IPSec, a protocol that provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification

encapsulating security payload (ESP) protocol

the act of attracting attention to a system by placing tantalizing information in key locations

enticement

the act of luring a person into committing a crime in order to get a conviction

entrapment

branch of philosophy that considers nature, criteria, sources, logic, and the validity of moral judgement

ethics

a function within Boolean algebra used as an encryption function in which two bits are compared - if the two are identical, the result is a binary 0; otherwise, the result is a binary 1

exclusive or operation (XOR)

a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public

extranet

the rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometrics device

false accept rate

the systematic survey of a targeted organization's internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range

fingerprinting

a combination of hardware and software that filters or prevents specific information from moving between the outside network and the inside network

firewall

Which of the following cyber security techniques is often used by hackers trying to gather useful information about an organization's network and computer systems in order to crack them?

footprinting

the organized research and investigation of internet addresses owned or controlled by a target organization

footprinting

public functions that creates a hash value, also known as a message digest, by converting variable-length messages into a single fixed-length value

hash algorithms

mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity

hash functions

a monitored network or network segment that contains multiple honeypot systems

honeynet

an application that entices people who are illegally perusing the internet areas of a network by providing simulated rich content while the software notifies the administrator of the intrusion

honeypot

a combination of trusted and secure VPN implementations

hybrid VPN

Pretty Good Privacy (PGP)

hybrid cryptosystem designed in 1991 by Phil Zimmermann - Combined best available cryptographic algorithms to become open source de facto standard for encryption and authentication of e-mail and file storage applications - Freeware and low-cost commercial PGP versions are available for many platforms - PGP security solution provides six services: authentication by digital signatures, message encryption, compression, e-mail compatibility, segmentation, key management

the access control mechanism whereby unverified or unauthenticated entities who seek access to a resource provide a label by which they are known to the system

identification

the unauthorized taking of personally identifiable information with the intent of committing fraud and abuse of a person's financial and personal reputation, purchasing goods and services without authorization, and generally impersonating the victim for illegal or unethical purposed.

identity theft

an IDPS sensor intended for network perimeter use and deployed in close proximity to a perimeter firewall to detect incoming attacks that could overwhelm the firewall

incline sensor

Which of the following terms refers to an entity that processes information to enhance its overall value as depicted in the accompanying image from the text?

information aggregation

pieces of nonprivate data that, when combined, may create information that violates privacy

information aggregation

the affirmation or guarantee of the confidentiality, integrity, and availability of information in storage, processing, and transmission

information assurance

an adverse event in which an attacker attempts to gain entry into an information system or disrupt its normal operations, almost always, with the intent to do harm

intrusion

The general term or a system that can both detect and modify its configuration and environment to prevent intrusions. An __________ encompasses the functions of both intrusion detection systems and intrusions prevention technology.

intrusion detection

a system capable of automatically detecting an intrusion into an organization's network or host systems and notifying a designated authority

intrusion detection system (IDS)

the power to make legal decisions and judgements; typically an area within which an entity such as a court or law enforcement agency is empowered to make legal decisions

jurisdiction

a published weakness or fault in an information asset or its protective systems that may be exploited and result in loss

known vulnerability

assigns users a matrix of authorizations for a particular area of access, incorporating the information assets of subjects such as users and objects

lattice-based access control (LBAC)

rules that mandate or prohibit certain behavior and are enforced by the state

laws

an entity's legal obligation or responsibility

liability

an entity's legal obligation or responsibility based on the decisions and judgements made by their employees

liability

an attack detection method that reviews the log files generated by the computer systems, looking for patterns and signatures that may indicate an attack or intrusion is in process or has already occurred

log file monitor (LFM)

the ability of a legal entity to exercise its influence beyond its normal boundaries by asserting a connection between an out of jurisdiction entity and a local legal case

long-arm jurisdiction

a firewall designed to operate as the media access control sublayer of the network's data link layer

media access control layer firewall

a key-dependent, one way hash functions that allows only specific recipients (symmetry key holders) to access the message digest

message authentication code (MAC)

a value representing the application of hash algorithm on a message that is transmitted with the message so it can be compared with the recipient's locally calculated hash of the same message. If both hashes are identical after transmission, the message has arrived without modification - also known as hash value

message digest

in biometrics access controls, unique points of reference that are digitalized and stored in an encrypted format when the user's system access credentials are created

minutiae

a substitution cipher that only incorporates a single alphabet in the encryption process

monoalphabetic substitution

a security appliance that delivers unified threat management capabilities in a single appliance

next generation firewall (NextGen)

access controls that are implemented by a central authority

nondiscretionary access controls (NDACs )

the process of reversing public key encryption to verify that a message was sent by the sender thus cannot be refuted

nonrepudiation

a software program or hardware appliance that can intercept, copy, and intercept network traffic

packet sniffer

a networking device that examines the header information of data packets that come into a network and determines whether to drop them or forward them (deny) to the next network connection (allow), based on its configuration rules

packet-sniffing firewall

a protected honeypot that cannot be easily compromised

padded cell system

an IDPS implementation approach that combines the best aspects of the centralized and fully distributed strategies

partially distributed IDPS control strategy

an IDPS sensor setting in which the device simply monitors and analyzes observed network or system traffic

passive mode

a scanner that listens in on a network and identifies vulnerable versions of both server and client software

passive vulnerability scanner

a plain-language phrase, typically longer than a password, from which a virtual password is derived

passphrase

a secret word or combination of characters that only user should known

password

an application that records information about outbound communications

pen register

guidelines that dictate certain behavior within the organization

policy

a substitution cipher that incorporates two or more alphabets in the encryption process

polyalphabetic substitution

tools used both by attackers and defenders to identify or fingerprint active computers on a network, the active ports and services on those computers, the functions and roles of the machines

port scanners

The right of individuals or groups to protect themselves and their information from unauthorized access, providing confidentiality

privacy

the process of examining and verifying network traffic for invalid data packets - packets that are malformed under the rules of the TCP/IP protocol

protocol stack verification

a server that exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server, thus protecting and minimizing the demand on internal servers

proxy server

An integrated system of software, encryption methodologies, protocols, legal agreements, and third party services that enables users to communicate securely through the use of digital certificates

public key infrastructure (PKI)

within TCB, a conceptual piece of the system that manages access controls - it mediates all access to objects by subjects

reference monitor

In PKI, a third party, that operates under the trusted collaboration of the certificate authority and handles day to day certification functions

registration authority (RA)

a legal requirement to make compensation or payment resulting from loss or injury

restitution

a proxy server that most commonly retrieves information from inside an organization and provides it to a requesting user or system outside the organization

reverse proxy

an example of a nondiscretionary control where privileges are tied to the role a user performs in an organization, and are inherited when a user is assigned to that role. Example of LDAC

role-based access control (RBAC)

a firewall architectural model that combines the packet filtering router with a second, dedicated device such as a proxy server or proxy firewall

screened host architecture

a firewall architecture model that consists of one or more internal bastions hosts located behind a packet filtering router on a dedicated network segment, with each host performing a role in protesting the trusted network

screened subnet architecture

a key that can be used in symmetric encryption both to encipher and decipher the message

secret key

A VPN implementation that uses security protocols to encrypt traffic transmitted across unsecured public networks

secure VPN

A software-enable approach to aggregating, filtering, and managing the reaction events, many of which are collected by logging activities of IDPSs and network management devices

security information and event management (SIEM)

A hardware and/or software component deployed on a remote computer or network or segment and designed to monitor network or system traffic for suspicious activities and report back to the host application

sensor

limited use symmetric for temporary communications during an online session

session keys

the collection, analysis, and distribution of information from foreign communications networks for intelligence and counterintelligence purposes and in support of military operations

signals intelligence

also known as knowledge based detection or misuse detection, the examination of system or network data in search of patterns that match known attack signatures

signature-based detection

patterns that correspond to known attack

signatures

an authentication component similar to a dumb card that contains a computer chip to verify and validate several pieces of information instead of just a PIN

smart card

a tabular record of the state and context of each network connection between internal and external user or system

state table

a firewall type that keeps track of each network connection between internal and external systems using a state table and that expedites the filtering of those communications

stateful packet inspection (SPI) firewall

the comparison of vendor supplied profiles of protocol use and behavior against observed data and network patterns in an effort to detect misuse and attacks

stateful protocol analysis (SPA)

a firewall type that requires the configuration rules to be manually created, sequenced, and modified within the firewall

static packet filtering firewall

the process of hiding messages; example, hiding a message within the digital encoding of a picture or graphic so that it is almost impossible to detect that the hidden message even exists

steganography

TCSEC - defined covert channels that communicate by modifying a stored object, such as in steganography

storage channels

in access control, the use of at least two different authentication mechanisms drawn from two different factors of authentication

strong authentication

an encryption method which one value is substituted for another

substitution cipher

a cryptographic method in which the same algorithm and secret key are used both to encipher and decipher the message

symmetric encryption

an authentication component in the form of a token - a card or key fob that contains a computer chip and a liquid crystal display and shows a computer-generated number used to support remote login authentication - must be calibrated with the corresponding software on the central authentication server

synchronous token

an example of a nondiscretionary control where privileges are tied to a task a user performs in an organization and are inherited when a user is assigned that task

task-based access control (TBAC)

a value that sets the limit between normal and abnormal behavior

threshold

TCSEC - defined covert channels that communicate by managing the relative timing of events

timing channels

In IPSec, an encryption method in which only packet's IP data is encrypted, not the IP headers themselves; this method allows intermediate nodes to read the source and destination addresses

transport mode

a cryptographic operation that involves simply rearranging the values within a block based on an established pattern

transposition cipher

an application that combines the function of honey pots or honeynets with the capability to track the attacker back through the network

trap and trace application

a VPN implementation that uses leased circuits from a power service provider who gives contractual assurance that no one else is allowed to use these circuits and that they are properly maintained and protected

trusted VPN

the system of networks inside the organization that contains its information assets and is under the organization's control

trusted network

Under the Trusted Computer System Evaluation Criteria (TCSEC), the combination of all hardware, firmware, and software responsible for enforcing the security policy

trusting computing base

Which of the following is not one of the three defined Virtual Private Network (VPN) technologies?

tunnel

In IPSec, an encryption method in which the entire IP packets is encrypted and inserted as the payload in another IP packet. This requires other systems at the beginning and end of the tunnel to act as proxies to send and receive the encrypted packets and then transmit the packets to their ultimate destination

tunnel mode

networking devices categorized by their ability to perform the work of multiple devices, such as stateful packet inspection firewalls, network intrusion detection and preventative systems, content filters, spam filters, and malware scanners and filters

unified threat management (UTM)

the system of networks outside the organization over which the organization has no control

untrusted network

the derivative of a passphrase

virtual password

a private, secure network operated over a public and insecure network

virtual private network

an automatic phone-dialing program that dials every number in a configured range and checks whether a person, answering machine, or modem picks up

war dialer

a list of systems, users, files, or addresses that are known to be benign; it is commonly used to expedite those entities' access to systems or networks

whitelist

an unknown or undisclosed vulnerability in an information asset or its protection systems that may be exploited and result in loss. It is also referred to as a zero day or zero hour because once it is discovered, the technology owners have zero days to identify, mitigate and resolve the vulnerability

zero day vulnerability