MIST 356 Final Exam Study Guide
BIA
A ____ determines the extent of the impact that a particular incident would have on business operations over time.
firewall
A ________ contains rules that define the types of traffic that can come and go through a network.
firewall
A ________ controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network.
cracker
A _________ has a hostile intent, possesses sophisticated skills, and may be interested in financial gain, They represent the greatest threat to networks and information resources.
logic bomb
A __________ is a program that executed a malicious function of some kind when it detects certain conditions.
Disaster Recovery Plan (DRP)
A ____________ defines how a business gets back on its feet after a major disaster like a fire or hurricane.
black-hat hacker
A ____________ tries to break IT security and gain access to systems with no authorization, in order to prove technical prowess.
file infector
A _____________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files).
Caesar cipher
A _____________ is one of the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A.
port scanner
A ______________ is a tool used to scan IP host devices for open ports that have been enabled.
phishing attack
A ______________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.
password cracker
A _______________ is a software program that performs one of two functions: brute-force password attack to gain unauthorized access to a system, or recovery of passwords stored in a computer system.
business continuity plan (BCP)
A _________________ gives priorities to the functions an organization needs to keep going.
business impact analysis (BIA)
A ___________________ is a formal analysis of an organization's functions and activities that classifies them as critical or noncritical.
business impact analysis (BIA)
A ___________________________ will help identify not only which functions are critical, but also how quickly essential business functions must return to full operation following a major interruption.
digital subscriber line (DSL)
A ______________________________ is a high-speed digital broadband service that uses copper cabling for Internet access.
consists of a network of compromised computers that attackers use to launch attacks and spread malware
A botnet _____________________.
asymmetric digital subscriber line (ADSL)
A common DSL service is ______________________________, where the bandwidth is different for downstream and upstream traffic.
risk
A countermeasure, without a corresponding ____, is a solution seeking a problem; you can never justify the cost.
a program or dedicated hardware device that inspects network traffic passing through it and denies or permits that traffic based on a set of rules you determine at configuration.
A firewall is __________________.
packet-filtering firewall
A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator is the definition of ____________________________.
a network device that connects network segments, echoing all received traffic to all other ports
A hub is______________________.
network access control (NAC)
A method to restrict access to a network based on identity or other rules is the definition of ____________________________________.
a firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator
A packet-filtering firewall is ____________________________.
False
A packet-filtering firewall remembers information about the status of a network communication.
SSL handshake
A process that creates the first secure communications session between a client and a server is the definition of _____________.
packet sniffer
A protocol analyzer or __________ is a software program that enables a computer to monitor and capture network traffic.
True
A successful DoS attack crashes a server or network device or creates so much network congestion that authorized users cannot access network resources.
hot site
Among common recovery location options, this is one that can take over operations quickly. It has all the equipment and data already staged at the location,though you may need to refresh or update the data. It is called a ________.
event
An _____ is a measurable occurrence that has an impact on the business.
audit
An ______ gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced (or otherwise addressed) the risks to your organization.
True
An asymmetric key distribution system has no need for couriers, back channels, or expensive storage or inventory plans.
threat source
An attacker or event that might exploit a vulnerability is a _____________.
attack
An attempt to exploit a vulnerability of a computer or network component is the definition of ___________.
secure shell (SSH)
An encrypted channel used for remote access to a server or system, commonly used in Linux and UNIX servers and applications, is the definition of _____________.
the annual probability that a stated threat will be realized.
Annual rate of occurrence (ARO) is ________________________.
an intrusion detection system that compares current activity with stored profiles of normal (expected) activity.
Anomaly-based IDS is _________________________________.
False
Another name for a border firewall is a DMZ firewall.
script kiddie
Another type of attacker is called a _____________. This is a person with little or no skill who simply follows directions or uses a "cookbook" approach to carrying out a cyber attack without understanding the meaning of the steps he or she is performing.
the integration of applications to enhance the productivity. Unified communications is an example of application convergence. Unified communication integrates recorded voice messages into e-mail so that voice messages are receivable via e-mail.
Application convergence is ______________.
access control
Biometrics is another __________________ method for identifying subjects.
True
Border firewalls simply separate the protected network from the Internet.
the output of a one-way algorithm; a mathematically derived numerical representation of some input.
Checksum is ________________.
the opposite of cleartext. Data sent as ciphertext is not visible and not decipherable.
Ciphertext is _______________________.
nonrepudiation
Cryptography accomplished four security goals: confidentiality, integrity, and authentication and ______________.
True
Digital signatures require asymmetric key cryptography.
False
FISMA applies to all privately held companies and their IT systems.
security awareness training
FISMA requires each federal agency to create and agency-wide information security program that includes training employees, contractors, and any other users of their IT systems. This is referred to as ____________________________.
incorrectly identifying abnormal activity as normal
False negative is ___________________.
security testing that is based on limited knowledge of an application's design
Gray-box testing is __________________.
the state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.
Hardened configuration is _________________________.
assets
How your organization responds to risk reflects the value it puts on its ______.
True
Hypertext Transfer Protocol (HTTP) is the communications protocol between Web browsers and Web sites with data in cleartext.
SYN Flood
In a _________, the attacker sends a large number of packets requesting connections to the victim computer.
smurf attack
In a ____________, attackers direct forged Internet Control Message Protocol (ICMP) echo-request packets to IP broadcast addresses from remote locations to generate denial of service attacks.
SYN flood attack
In a ________________, the attacker uses IP spoofing to send a large number of packers requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.
chosen-plaintext attack
In a __________________, the cryptanalyst can encrypt any information and observe the output. This is best for the cryptanalyst.
False
In an asymmetric key system, where everyone shares the same secret, compromising one copy of the key compromises all copies.
hacker
In popular usage and in the media, the term ___________ often describes someone who breaks into a computer system without authorization.
compliance
In the legal system, __________ is the act of following laws, rules, and regulations that apply to organizations.
consumer financial information
Information regulated under the Gramm-Leach-Bliley Act is ____________________________.
corporate financial information
Information regulated under the Sarbanes-Oxley Act is ____________________________.
business continuity plan
It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________________________.
availability
Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ____________.
integrity
Malicious code attacks all three information security properties. Malware can modify database records either immediately or over a period of time. This property is __________.
URL link, PDF file, or ZIP file. (all of the above).
Malicious software can be hidden in a ___________________.
True
Many Trojans spread through e-mail messages or Web site downloads.
reconnaissance
Network ________________________ is gathering information about a network for use in a future attack.
a method of IP addressing assignment that uses an alternate, public IP address to hide a system's real IP address
Network address translation (NAT) is _____________________________________.
CAST
Organizations currently use several symmetric algorithms, including _______, which is a substitution-permutation algorithm similar to DES. Unlike DES, its authors made its design criteria public. This 64-bit symmetric block cipher can use keys from 40 to 256 bits. Although it is patented (U.S. patent 5,511,123), its inventors, C.M. Adams and S.E. Tavares, made it available for free use.
an intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders
Pattern-based IDS is ___________________.
the mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.
Promiscuous mode is _______________.
probability
Risks apply to specific assets. If you multiply the risk _________________ by the cost of the asset, the result is the exposure to a specific risk.
a type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
Rootkit is ___________________.
signaling
SIP is a _________ protocol used to support real-time communications
End-User License Agreement (EULA)
Software vendors must protect themselves from the liabilities of their own vulnerabilities with an _____________ .
secret encryption
Symmetric key encryption is also known as _________________.
confidentiality of data and control of access to classified information
The Bell-La Padula access control model focuses primarily on _____________________.
False
The Delphi method is the estimated loss due to a specific realized threat. The formula to calculate this loss is = SLE x ARO.
a federal agency within the U.S. Department of Commerce whose mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life."
The National Institute of Standards and Technology is ___________________.
bit error rate
The ________________ in analog communications is one error for every 1,000 bits sent; in digital communications, the _____________ is one error for every 1,000,000 bits sent.
American National Standards Institute (ANSI)
The ________________________________________ is a U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.
encryption
The act of transforming cleartext data into undecipherable ciphertext is the definition of _________________.
a BCP does not specify how to recover from disasters, just interruptions; a DRP directs the actions necessary to recover resources after a disaster; and a DRP is part of a BCP. (All of the above).
The difference between a BCP and DRP is_______________.
confidentiality, integrity, and availability
The letters of the C-I-A triad stand for ________________________________________.
Data Encryption Standard (DES)
The most scrutinized cipher in history is the _________________.
Point-to-Point Tunneling Protocol (PPTP)
The name given to a protocol to implement a VPN connection between two computers is ________________________.
keyspace
The number of possible keys to cipher is a ________.
IETF
The purpose of the _____ is to "make the Internet work better." It focuses on the engineering aspects of Internet communication and attempts to avoid policy and business questions. It is an open organization, and it has no membership requirements.
Office of Management and Budget
The regulating agency for the Federal Information Systems Management Act is the __________________________.
FTC
The regulating agency for the Gramm-Leach-Bliley Act is the _____.
confidentiality
The requirement to keep information private or secret is the definition of ______________.
W3C
The stated purpose of the ____ is to develop protocols and guidelines that unify the World Wide Web and ensure its long-term growth.
accountability
The term __________________ is used to describe associating actions with users for later reporting and research.
network address translation (NAT)
The term used to describe a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address is ______________________.
asymmetric key cryptography
The term used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that respondents do not first have to exchange secret information to communicate securely is _____________________________.
data infector
The term used to describe a type of virus that attacks document files containing embedded macro programming capabilities is a _____________.
downtime
The term used to describe the amount of time that an IT system, application, or data is not available to users is ______________.
Wi-Fi Protected Access (WPA)
The term used to describe the current encryption standard for wireless networks is ___________________.
bit error rate
The total number of errors divided by the total number of bits transmitted is the definition of __________________.
True
The trace route command display the path that a particular packer follows so you can identify the source of potential network problems.
Secure Sockets Layer virtual private network (SSL-VPN)
The tunnel can be created between a remote workstation using the public Internet and a VPN router or a secure browser and _________________________ Web site.
False
The worm has to trick users into running it.
ciphertext-only attack (COA)
There are four basic forms of a cryptographic attack. In a ___________________, the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data might be.
business associate
Under HIPAA, an organization that performs a health care activity on behalf of a covered entity is known as a ____________________________.
worm
Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarm thresholds set to monitor and manage disk/user partition space), and unexplained decrease in available disk space are all telltale symptoms of a _________.
False
Unlike symmetric key algorithms, asymmetric algorithms can be fast and are well suited to encryption lots of data.
True
Unlike viruses, worms do not require a host program in order to survive and replicate.
Trojan
Unrecognized new processes running, startup messages indicating that new software has been (or is being) installed (registry updating), unresponsiveness of applications to normal commands, and unusual redirection of normal Web requests to unknown sites are all telltale symptoms of a _________.
False
Voice mail and e-mail are examples of real-time communications.
backdoor
When an attacker discovers a __________, he or she can use it to bypass existing security controls such as passwords, encryption, and so on.
security event log
When an information security breach occurs in your organization, a __________________ helps determine what happened to the system and when.
keystroke logger
Whether software or hardware based, a ________________ captures keystrokes, or user entries, and then forwards that information to the attacker.
brute-force attack
Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ___________________.
Impact
______ refers to the amount of harm a threat can cause by exploiting a vulnerability.
SAS 70
______ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies.
Botnets
_______ are the main source of distributed denial of service (DDoS) attacks and spam.
Privacy
_______ is a person's right to control the use and disclosure of his or her own personal information.
Hash
_______ is the name given to a number that provides for the integrity of transmitted data.
Blowfish
________ is another symmetric algorithm that organizations currently use. It is a 64-bit block cipher that has a variable key length from 32 to 448 bits. It is much faster than KES or IDEA and is a strong algorithm that has been included in more than 150 products, as well as v2.5.47 of the Linux kernel. Its author, Bruce Schneier, placed it in the public domain.
Separation of duties
_________ is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task.
Need-to-know
____________ is used to describe a property that indicates that a specific subject needs access to a specific object in addition to possessing the proper clearance for the object's classification.
Change control
_____________ ensures that any changes to a production system are tested, documented, and approved.
Dense wavelength division multiplexing
______________ is a technique where multiple light streams can transmit data through a single strand of fiber.
Cryptography
______________ is the practice of hiding data and keeping it away from unauthorized users.
Checksum
_______________ is a one-way calculation of information that yields a result usually much smaller than the original message.
Hijacking
_______________ is a type of attack in which the attacker takes control of a session between two machines and masquerades as one of them.
Decryption
_______________ is the act of unscrambling ciphertext into plaintext.
Digital Signature
_______________ is the name given to an object that uses asymmetric encryption to bind a message or data to a specific entity.
Exposure factor (EF)
_______________ is the proportion of value of a particular asset likely to be destroyed by a given risk, expressed as a percentage.
System Infectors
________________ are viruses that target computer hardware and software startup functions.
Security gap
________________ is the difference between the security controls you have in place and the controls you need to have in place in order to address all vulnerabilities.
Agile development
_________________ is the name given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules.
Role-based access control (RBAC)
_________________ is the name given to an access control method that bases access control approvals on the jobs the user is assigned.
Recovery time objective (RTO)
__________________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage.
Federal Information Security Management Act (FISMA)
__________________ is the name given to a U.S. federal law that requires U.S. government agencies to protect citizens' private data and have proper security controls in place.
Asynchronous transfer mode (ATS)
__________________ is the name given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video, or data communications.
Testing and quality assurance
___________________ fills security gaps and software weakness.
Brute-force password attack
___________________ is a method that black-hat hackers use to attempt to compromise logon and password access controls, usually following a specific attack plan, including the use of social engineering to obtain user information.
Quantitative risk analysis
____________________ attempts to describe risk in financial terms and put a dollar value on all the elements of a risk.
Risk transference or risk assignment
_____________________ allows an organization to transfer risk to another entity. Insurance is a common way to reduce risk.
A Request for Comment (RFC)
_____________________ is a document produced by the IETF that contains standards as well as other specifications or descriptive contents.
Denial of Service (DoS)
______________________ is the name given to an attack that uses ping or ICMP echo-request, echo-reply messages to bring down the availability of a server or system.
Exposure factor (EF)
_______________________ represents the percentage of the asset value that will be lost if an incident were to occur.
Nonrepudiation
________________________ enables you to prevent a party from denying a previous statement or action.
Internet Protocol Security (IPSec)
____________________________ is a suite of protocols designed to connect sites securely using IP networks.
A U.S. federal law that protects the private data of students, including their transcripts and grades, with which K-12 and higher-education institutions must comply
_____________________________ best describes the Family Educational Rights and Privacy Act (FERPA).
Data Encryption Standard (DES)
_____________________________ is the name given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 interactions of substitution and transformation.
Dynamic Host Configuration Protocol (DCHP)
____________________________________ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer.It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job.
Encryption
_____________is the process of transforming data from cleartext to ciphertext.