TCMG 308 Exam 1
A key is:
A code used with ciphers to transform plaintext into ciphertext
Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management.
False
80
HTTP
System/Application Domain
Holds all of the mission-critical systems, applications, and data
Formal security models define:
How privileges are allocated and to who
PGP is a:
Hybrid private/public key scheme
Internet
Links communication networks to one another
Reconnaissance
The act of gathering information about a network for use in a future attack
Keyspace
The set of all possible keys
Which term describes an action that can damage or compromise an asset?
Threat
True or False: Devices that combine the capabilities of mobile phones and personal digital assistants (PDAs) are commonly called smartphones
True
Types of Attacks
Unstructured attacks Structured attacks Direct attacks
Which of the following does NOT offer authentication, authorization, and accounting (AAA) services? Select one: a. Remote Authentication Dial-In User Service (RADIUS) b. Terminal Access Controller Access Control System Plus (TACACS+) c. Redundant Array of Independent Disks (RAID) d. DIAMETER
c. Redundant Array of Independent Disks (RAID)
disclosure threats
sabotage or espionage
Data infectors
(Also called macro infectors) Attack document files containing embedded macro programming capabilities
IP mobile communications graph
1.Mobile node (MN) connects to foreign agent (FA). 2.FA assigns care of address (COA) to MN. 3.FA sends COA to home agent (HA). 4.Correspondent node (CN) sends message to MN. 4a.CN's message for MN goes first to HA. 4b.HA forwards message to COA. 4c.FA forwards message to MN.
The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?
13
U.S. Office of Personal Management 2015
22 million people affected, stolen SSNs, names, places of birth, addresses, millions must be monitored for identity theft for years
? Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?
443
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support the service?
80
RACE Integrity Primitives Evaluation Message Digest (RIPEMD)
A collection of functions that provide hash values for a wide range of applications
denial of service attack
A coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks -Logic attacks -Flooding attacks Protect using -Intrusion prevention system (IPS) -Intrusion detection system (IDS) Attacks launched using -SYN flood -Smurfing
The exclusive right of a creator to reproduce, prepare derivative works, distribute, perform, display, sell, lend or rent (with the exclusion of fair-use) is:
A copyright
what may a risk register contain
A description of the risk The expected impact if the associated event occurs The probability of the event occurring Steps to mitigate the risk Steps to take should the event occur Rank of the risk
gray hat hacker
A hacker who will identify but not exploit discovered vulnerabilities, yet may still expect a reward for not disclosing the vulnerability openly.
Hash message authentication code (HMAC)
A hash function that uses a key to create the hash, or message digest
Employee agreements may include all Except the following:
A notice that an employee must comply with the 10 Commandments.
The process of getting a security clearance is called:
A personnel security investigation
Algorithm
A repeatable process that produces the same result when it receives the same input
worm definition
A self-contained program that replicates and sends copies of itself to other computers without user input or action Does not need a host program to infect Is a standalone program
Malware Inspection
A specialized form of content inspection, the device looks at packet content for signs of malware
World Wide Web
A system that defines how documents and resources are related across a network machines
A formula, pattern, device or compilation of information used in one's business that creates a competitive advantage is:
A trade secret
Key
A value that is an input to a cryptosystem
Business Continuity Plan definition
A written plan for a structured response to any events that result in an interruption to critical business activities or functions
foundational IT security policies
Acceptable use policy (AUP): The AUP defines the actions that are and are not allowed with respect to the use of organization-owned IT assets. This policy is specific to the User Domain and mitigates risk between an organization and its employees. • Security awareness policy: This policy defines how to ensure that all personnel are aware of the importance of security and behavioral expectations under the organization's security policy. This policy is specific to the User Domain and is relevant when you need to change organizational security awareness behavior. • Asset classification policy: This policy defines an organization's data classification standard. It tells what IT assets are critical to the organization's mission. It usually defines the organization's systems, uses, and data priorities and identifies assets within the seven domains of a typical IT infrastructure. • Asset protection policy: This policy helps organizations define a priority for mission-critical IT systems and data. This policy is aligned with an organization's business impact analysis (BIA) and is used to address risks that could threaten the organization's ability to continue operations after a disaster. • Asset management policy: This policy includes the security operations and management of all IT assets within the seven domains of a typical IT infrastructure. • Vulnerability assessment and management: This policy defines an organization-wide vulnerability window for production operating system and application software. You develop organization-wide vulnerability assessment and management standards, procedures, and guidelines from this policy. • Threat assessment and monitoring: This policy defines an organization-wide threat assessment and monitoring authority. You should also include specific details regarding the LAN-to-WAN Domain and AUP compliance in this policy.
Active Content Vulnerabilities
Active content threats are considered mobile code because these programs run on a wide variety of computer platforms
A potentially dangerous feature in Microsoft Windows that allows interactive objects in a Web page is:
ActiveX
Malicious Add-Ons
Add-ons are companion programs that extend the web browser; can decrease security Malicious add-ons are browser add-ons that contain some type of malware that, once installed, perform malicious actions
Diffie-Hellman is used to:
Allow parties to share private keys over an insecure channel
Simple substitution cipher
Allows any letter to uniquely map to any other letter
white hack hacker
Also called an ethical hacker, is an information systems security professional who has authorization to identify vulnerabilities and perform penetration testing. Difference between white-hat hackers and black-hat hackers is that white-hat hackers will identify weaknesses for the purpose of fixing them, and black-hat hackers find weaknesses just for the fun of it or to exploit them.
ISO/IEC 27005 "Information Security Risk Management"
An ISO standard that describes information security risk management in a generic manner. The documents include examples of approaches to information security risk assessment and lists of possible threats, vulnerabilities, and security controls.
Cipher
An algorithm to encrypt or decrypt information
Business Impact Analysis (BIA)
An analysis of an organization's functions and activities that classifies them as critical or noncritical Identifies the impact to the business if one or more IT functions fails Identifies the priority of different critical systems
what is a security breach
Any event that results in a violation of any of the C-I-A security tenets Some security breaches disrupt system services on purpose Some are accidental and may result from hardware or software failures
Spyware
Any unsolicited background process that installs itself on a user's computer and collects information about the user's browsing habits and website activities
what are the type of web application attacks
Arbitrary/remote code execution: Having gained privileged access or sys admin rights access, the attacker can run commands or execute a command at will on the remote system. Buffer overflow: Attempting to push more data than the buffer can handle, thus creating a condition where further compromise might be possible. Client-side attack: Using malware on a user's workstation or laptop, within an internal network, acting in tandem with a malicious server or application on the Internet (outside the protected network). Cookies and attachments: Using cookies or other attachments (or the information they contain) to compromise security. Cross-site scripting (XSS): Injecting scripts into a web application server to redirect attacks back to the client. This is not an attack on the web application but rather on users of the server to launch attacks on other computers that access it. Directory traversal /command injection: Exploiting a web application server, gaining root file directory access from outside the protected network, and executing commands, including data dumps. Header manipulation: Stealing cookies and browser URL information and manipulating the header with invalid or false commands to create an insecure communication or action. Integer overflow: Creating a mathematical overflow which exceeds the maximum size allowed. This can cause a financial or mathematical application to freeze or create a vulnerability and opening. Lightweight Directory Access Protocol (LDAP) injection: Creating fake or bogus ID and authentication LDAP commands and packets to falsely ID and authenticate to a web application. Local shared objects (LSO): Using Flash cookies (named after the Adobe Flash player), which cannot be deleted through the browser's normal configuration settings. Flash cookies can also be used to reinstate regular cookies that a user has deleted or blocked. • Malicious add-ons: Using software plug-ins or add-ons that run additional malicious software on legitimate programs or applications. • SQL injection: Injecting Structured Query Language (SQL) commands to obtain information and data in the back-end SQL database. • Watering-hole attack: Luring a targeted user to a commonly visited website on which has been planted the malicious code or malware, in hopes that the user will trigger the attack with a unknowing click. • XML injection: Injecting XML tags and data into a database in an attempt to retrieve data. • Zero-day: Exploiting a new vulnerability or software bug for which no specific defenses yet exist.
Public keys are:
Asymmetric
virus defintion
Attaches itself to or copies itself into another program on a computer Tricks the computer into following instructions not intended by the original program developer Infects a host program and may cause that host program to replicate itself to other computers User who runs infected program authenticates the virus
File infectors
Attack and modify executable programs (COM, EXE, SYS, and DLL files in Microsoft Windows)
SYN Flood
Attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer
Smurf Attack
Attackers direct forged Internet Control Message Protocol (ICMP) echo request packets to IP broadcast addresses from remote locations to generate DoS attacks
what are common types of attacks
Attacks on availability: These attacks impact access or uptime to a critical system, application, or data. Attacks on people: These attacks involve using coercion or deception to get another human to divulge information or to perform an action (e.g., clicking on a suspicious URL link or opening an email attachment from an unknown email address). Attacks on IT assets: These attacks include penetration testing, unauthorized access, privileged escalation, stolen passwords, deletion of data, or performing a data breach.
Ransomware
Attempts to generate funds directly from a computer user, Attacks a computer and limits the user's ability to access the computer's data
Telephony denial of service (TDoS)
Attempts to prevent telephone calls from being successfully initiated or received by some person or organization
Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?
Audit
A masquerade is a threat to:
Authenticity
what are the type of social engineering attacks
Authority: Using a position of authority to coerce or persuade an individual to divulge information. Consensus/social proof: Using a position that "everyone else has been doing it" as proof that it is okay or acceptable to do. Dumpster diving: Finding unshredded pieces of paper that may contain sensitive data or private data for identity theft. Familiarity/liking: Interacting with the victim in a frequent way that creates a comfort and familiarity and liking for an individual (e.g., a delivery person may become familiar to office workers over time) that might encourage the victim to want to help the familiar person. Hoax: Creating a con or a false perception in order to get an individual to do something or divulge information. Impersonation: Pretending to be someone else (e.g., an IT help desk support person, a delivery person, a bank representative). Intimidation: Using force to extort or pressure an individual into doing something or divulging information. Trust: Building a human trust bond over time and then using that trust to get the individual to do something or divulge information. Scarcity: Pressuring another individual into doing something or divulging information for fear of not having something or losing access to something. Shoulder surfing: Looking over the shoulder of a person typing into a computer screen. Tailgating: Following an individual closely enough to sneak past a secure door or access area. Urgency: Using urgency or an emergency stress situation to get someone to do something or divulge information (e.g., claiming that there's a fire in the hallway might get the front desk security guard to leave their her desk). Vishing: Performing a phishing attack by telephone in order to elicit personal information; using verbal coercion and persuasion ("sweet talking") the individual under attack. Whaling: Targeting the executive user or most valuable employees, otherwise considered the "whale" or "big fish" (often called spear phishing).
ISO 27002
Best-practices document that gives good guidelines for information security management. Part of growing suite of standards.
Which password attack is typically used specifically against password files that contain cryptographic hashes?
Birthday attacks
what are types of active threats
Birthday attacks Brute-force password attacks Dictionary password attacks IP address spoofing Hijacking Replay attacks Man-in-the-middle attacks Masquerading Social engineering Phishing Phreaking Pharming
The most common cipher today is:
Block
what are some type of networking attacks
Bluejacking: Hacking and gaining control of the Bluetooth wireless communication link between a user's earphone and smartphone device. Bluesnarfing: Packet sniffing communications traffic between Bluetooth devices. Evil twin: Faking an open or public wireless network to use a packet sniffer on any user who connects to it. IV attack: Modifying the initialization vector of an encrypted IP packet in transmission in hopes of decrypting a common encryption key over time. Jamming/Interference: Sending radio frequencies in the same frequency as wireless network access points to jam and interfere with wireless communications and disrupting availability for legitimate users. Near field communication attack: Intercepting, at close range (a few inches), communications between two mobile operating system devices. Packet sniffing: Capturing IP packets off a wireless network and analyzing the TCP/IP packet data using a tool such as Wireshark. Replay attacks: Replaying an IP packet stream to fool a server into thinking you are authenticating to it. Rogue access points: Using an unauthorized network device to offer wireless availability to unsuspecting users. War chalking: Creating a map of the physical or geographic location of any wireless access points and networks. War driving: Physically driving around neighborhoods or business complexes looking for wireless access points and networks that broadcast an open or public network connection.
common threats in the remote access domain
Brute force user ID and password attacks: Define user ID and password policy definitions. Use of passwords must be strictly more than eight characters and alphanumeric. Multiple logon retries and access control attacks: Set automatic blocking for attempted for logon retries. Unauthorized remote access to IT systems, applications, and data: Apply first-level and second-level security for remote access to sensitive systems and data. Confidential data compromised remotely: Encrypt all confidential data in the database or hard drive. If the data is stolen, it's encrypted and can't be used. Data leakage in violation of data classification standards: Apply security countermeasures in the LAN-to-WAN domain.
Business-to-business (B2B)
Businesses that sell primarily to other businesses
Keystroke Loggers
Capture keystrokes or user entries and forwards information to attacker
Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?
Checklist
Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs?
Collaboration
Jody would like to find a solution that allows realtime document sharing and editing between teams. Which technology would best suit her needs?
Collaboration
common threats to WAN domain (connectivity)
Commingling of WAN IP traffic on the same service provider router and infrastructure: Encrypt confidential data transmissions through service provider WAN using VPN tunnels. Maintaining high WAN service availability: Obtain WAN service availability SLAs. Deploy redundant Internet and WAN connections when 100 percent availability is required. Maximizing WAN performance and throughput: Apply WAN optimization and data compression solutions when accessing remote systems, applications, and data. Enable access control lists (ACLs) on outbound router WAN interfaces, in keeping with policy. Using SNMP network management applications and protocols maliciously (ICMP, Telnet, SNMP, DNS, etc.): Create separate WAN network management VLANs. Use strict firewall ACLs allowing SNMP manager and router IP addresses through the LAN- to-WAN Domain. SNMP alarms and security monitoring 24 X 7 X 365: Outsource security operations and monitoring. Expand services to include managed security.
gap analysis
Comparison of the security controls in place and the controls you need to address all identified threats
what are three tenets of information security
Confidentiality, Integrity, Availability
Wide Area Networks
Connect systems over a large geographic area
Spam
Consumes computing resources bandwidth and CPU time Diverts IT personnel from activities more critical to network security
In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?
Correspondent node
In Mobile IP, what term describes a device that would like to communicate with a mobile node(MN)?
Correspondent node (CN)
how to counter malware
Create a user education program Post regular bulletins about malware problems Never transfer files from an unknown or untrusted source (unless anti-malware is installed) Test new programs or open suspect files on a quarantine computer Install anti-malware software, make sure it remains current, and schedule regular malware scans Use a secure logon and authentication process
Which term describes any action that could damage an asset? a. Likelihood b. Countermeasure c. Vulnerability d. Threat
D. Threat
User Domain
Defines the people who access an organization's information system
? Which network device is capable of blocking network connections that are identified as potentially malicious?
Demilitarized Zone (DMZ)
security challenges of IT devices
Deployed in large quantities (such as sensors or consumer items) Ubiquitous and can have wide reach into the user or household population Not maintained or updated devices allow vulnerabilities Upgrades can be difficult to distribute and deploy No owner visibility of how the device connects to the Internet Not physically secure Capture readings and measurements in the open
Worms
Designed to propagate from one host machine to another using the host's own network communications protocols
What information should an auditor share with the client during an exit interview?
Details on major issues
security gap
Difference between the security controls in place and controls you need to address vulnerabilities
Which risk is most effectively mitigated by an upstream Internet Service Provider (ISP)?
Distributed Denial of Service (DDoS)
denial or destruction threats
DoS attack
Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?
Does the firewall properly block unsolicited network connection attempts?
53
Domain Name System (DNS)
Caesar cipher
Each letter in the English alphabet a fixed number of positions, with Z wrapping back to A
The most basic countermeasure of network security is:
Encryption
public (asymmetric) key ciphers
Encryption ciphers that use different keys to encrypt and decrypt
Private (symmetric) key ciphers
Encryption ciphers that use the same key to encrypt and decrypt
Vigenère (vee-zhen-AIR) cipher
Encrypts every letter with its own substitution scheme
What is the first step in a disaster recovery effort?
Ensure that everyone is safe
Homepage Hijacking
Exploiting a browser vulnerability to reset the homepage Covertly installing a browser helper object (BHO) Trojan program
21
FTP Control
20
FTP Data Transfer
Which type of attack involves the creation of some deception in order to trick unsuspecting users?
Fabrication
?True or False: A VPN router is a security appliance that is used to filter IP packets
False
A bricks-and-mortar strategy includes marketing and selling goods and services on the Internet.
False
A report indicating that a system's disk is 80 percent full is a good indication that something is wrong with that system.
False
An SOC 1 report primarily focuses on security.
False
DIAMETER is a research and development project funded by the European Commission.
False
Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks.
False
During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system.
False
Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages.
False
IoT devices cannot share and communicate your IoT device data to other systems and applications without your authorization or knowledge.
False
Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.
False
Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device.
False
The auto industry has not yet implemented the Internet of Things (IoT).
False
The four main types of logs that you need to keep to support security auditing include event, access, user, and security.
False
The main difference between a virus and a worm is that a virus does not need a host program to infect.
False
True or False: A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.
False
True or False: Denial of service (DoS) attacks are larger in scope than Distributed Denial of Service (DDoS) attacks
False
True or False: Store-and-Forward communications should be used when you need to talk to someone immediately.
False
True or False: You should use easy-to-remember personal information to create secure passwords
False
True or False? In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.
False
True or False? The asset protection policy defines an organization's data classification standard.
False
True or False? The weakest link in the security of an IT infrastructure is the server.
False
True or False: Cryptography is the process of transforming data from cleartext to ciphertext.
False (Encryption not Cryptography)
Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?
False positive error
True or False: In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.
False: Apply first level and second level tokens and biometrics
True or False: Cryptography is the process of transforming data from cleartext into ciphertext
False: Encryption
True or False: A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.
False: Gap analysis
True or False: The anti-malware utility is one of the most popular backdoor tools in use today
False: Netcat
True or False: A phishing attack "poisons" a domain name on a domain name server.
False: Pharming
True or False: Vishing is a type of wireless network attack
False: Social Engineering attacks
True or False: User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity
False: Task-based
True or False: Bricks-and-mortar stores are completely obsolete now.
False: They have global reach
True or False: Voice patter biometrics are accurate for authentication because voices can't easily be replicated by computer software
False: easy to replicate
What compliance regulation applies specifically to the educational records maintained by schools about students?
Family Education Rights and Privacy Act (FERPA)
Network separation
Filtering rules enforce divisions between networks, keeping traffic from moving from one network to another
URL Filter
Filters web traffic by examining the URL as opposed to the IP address
Loop protection
Firewalls can look at message addresses to determine whether a message is being sent around an unending loop (for example, from another form of flooding)
Denial of service (DoS)
Flooding a network with traffic and shutting down a single point of failure
The objectives of network security are to verify and maintain all Except the following:
Fragmentation
Committee of sponsoring organizations COSCO
Gives guidance to executive management & governance entities in critical aspects of organizational governance, business ethics, internal control, enterprise risk management, fraud, & financial reporting.
Which element of the security policy framework offers suggestions rather than mandatory actions?
Guideline
Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer?
HIPPA
Which law governs the use of the IoT by healthcare providers, such as physicians and hospitals
HIPPA
443
HTTP over Secure Sockets Layer (SSL)
The fundamental security technique used for a bastion host is:
Hardening
cracker
Has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. Crackers represent the greatest threat to networks and information resources.
cold site
Has basic environmental utilities but no infrastructure components
Which act governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals?
Health Insurance Portability and Accountability Act (HIPAA)
what can a trojan do
Hide programs that collect sensitive information Open backdoors into computers Actively upload and download files
What do organizations expect to occur with the growth of the IoT?
Higher Risks
drivers for internet of things
IP-based networking, connectivity, smaller and faster computing, cloud computing, data analytics
LAN-to-WAN Domain
IT infrastructures links to wide area network and the internet
steps for conducting a gap analysis
Identify applicable elements of security policy and other standards Assemble policy, standard, procedure, and guideline documents Review and assess implementation of policies, standards, procedures, and guidelines Collect hardware and software inventory information Interview users to assess knowledge of and compliance with policies Compare current security environment with policies Prioritize identified gaps for resolution Document and implement remedies to conform to policies
Disaster Recovery Plan
Includes specific steps and procedures to recover from a disaster Is part of a BCP Extends and supports the BCP
Encrypted information
Information in scrambled form (ciphertext)
Unencrypted information
Information in understandable form (plaintext or cleartext)
internal use only
Information or data shared internally by an organization
public domain data
Information or data shared with the public such as web site content, white papers, etc.
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?
Integrity
In addition to authorized use, the elements of information security are concerned with:
Integrity, Availability, Confidentiality
Interoperability and standards of IT devices
Internet Engineering Task Force (IETF) ensures interoperability and standards can be pursued for IoT solutions Interoperability has significant financial impacts if not properly addressed Goal is to bring the cost of IoT devices and supporting applications down so they are affordable Some manufacturers want to design and deploy proprietary IoT devices and solutions Cost factors to implement functional, operational, technical, and security capabilities into IoT devices and applications Time-to-market risk Technology outdated risk A void in interoperability and standards for IoT devices can create an environment of bad IoT devices
143
Internet Message Access Protocol (IMAP)
Which organization pursues standards for the IoT devices and is widely recognized as the authority for creating standards of the Internet?
Internet Society
Which IoT challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?
Interoperability
interceptions
Involves eavesdropping on transmissions and redirecting them for unauthorized use.
e-commerce and economic development issues
IoT technology has a significant impact on developing economies. Infrastructure resources: Foundational to the deployment of the IoT, a communication infrastructure and broadband Internet network are needed within that country. This is the foundation for IoT device connectivity and communications in a global marketplace. Foundational investments: Countries seeking to invest in critical infrastructures may be able to leapfrog past other countries that are struggling with regulatory and legal issues in regard to accelerating deployments. Technical and industry development: New skills are needed to bring new technologies and economic solutions to bear using the Internet and the IoT as a key economic driver. As IoT technology and industry interoperability and standards mature, so will IoT device deployment and user and business adoption. Policy and regulatory definitions: Countries and emerging economies are positioned to create and implement policies and regulations to help ensure that security and privacy become part of the deployment.
What is a disaster in DRP
Is an event that affects multiple business processes for an extended period Causes substantial resource damage you must address before you can resolve business process interruption
Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?
Is the security control likely to become obsolete in the near future?
Trojan Horses
Largest class of malware Any program that masquerades as a useful program while hiding its malicious intent
Which type of denial of service attack exploits the existence of software flaws to disrupt a service?
Logic attack
Open ciphers
Make it possible for experts around the world to examine the ciphers for weaknesses
The most frequent threats that are most likely to succeed come from:
Malicious insiders
Confidentiality
Malware can disclose your organization's private information
Availability
Malware can erase or overwrite files or inflict considerable damage to storage media
Integrity
Malware can modify database records, either immediately or over a period of time
trojan horse definition
Malware that masquerades as a useful program
When should an organization's managers have an opportunity to respond to the findings in an audit?
Managers should include their responses to the draft audit report in the final audit report.
When information (packets or datagrams) traverse the Internet, they:
May travel different routes.
IP Mobile Communications
Mobile IP provides connection transparency for several entities working together to ensure that mobile devices can move from one network to another without dropping connections: Mobile node (MN): The mobile device that moves from one network to another. The MN has a fixed IP address regardless of the current network. Home agent (HA): A router with additional capabilities over standard routers, the HA keeps track of the MNs it manages. When an MN leaves the local network, the HA forwards packets to the MN's current network. Foreign agent (FA): A router with additional capabilities connected to another network (not the HA network), the FA assigns the MN a local address. When the MN connects to another network that supports Mobile IP, it announces itself to the FA. Care of address (COA): The local address for the MN when it connects to another network, the FA assigns the COA to the MN and sends it to the HA when the MN connects. In many cases, the COA is actually the FA address. The HA forwards any packets for the MN to the COA. The FA receives the packets and forwards them to the MN. Correspondent node (CN): This is the node that wants to communicate with the MN.
what are some facts about rootkit
Modifies or replaces one or more existing programs to hide traces of attacks Many different types of rootkits Conceals its existence once installed Is difficult to detect and remove
how does a spyware threaten confidentiality
Monitors keystrokes Scans files on the hard drive Snoops other applications Installs other spyware programs Reads cookies Changes default homepage on the web browser
139
NetBIOS Session Service
issues with mobile computing
Network Usability Security
Key management
One of the most difficult and critical parts of a cryptosystem
Filtering routers using a white-list:
Only allow permitted connections
common threats to WAN domain (internet)
Open, public, and accessible data: Apply AUPs modeled after RFC 1087, Ethics and the Internet. Most traffic being sent as clear text: Stop the use of the Internet for private communications unless encryption and virtual private network (VPN) tunnels are used. Enforce the organization's data classification standard. Vulnerable to eavesdropping: Use encryption and VPN tunneling for secure IP communications. Vulnerable to malicious attacks: Deploy layered LAN-to-WAN security countermeasures. Vulnerable to DoS and DDoS attacks: Apply filters on exterior IP stateful firewalls and IP router WAN interfaces. Vulnerable to corruption of information and data: Encrypt IP data transmissions with VPNs. Back up and store data in offsite data vaults (online or physical data backup) with tested recovery procedures. Inherently insecure TCP/IP applications (HTTP, FTP, TFTP, etc.): Refer to your data classification standard for proper handling of data and use of TCP/IP applications. Never use TCP/IP applications for confidential data without proper encryption. Create a network management VLAN and isolate TFTP and SNMP traffic used for network management.
Denial of Service Attacks
Overwhelm a server or network segment to the point that the server or network becomes unusable Crash a server or network device or create so much network congestion that authorized users cannot access network resources
Risk Management Guide for Information Technology Systems (NIST SP800-30)
Part of the Special Publication 800 series reports, these products provide detailed guidance of what you should consider in risk management and risk assessment in computer security. The reports include checklists, graphics, formulas, and references to U.S. regulatory issues.
A kind of attack that is difficult to detect:
Passive
Which regulatory standard would NOT require audits of companies in the United States?
Personal Information Protection and Electronic Documents Act (PIPEDA)
Which element of the security policy framework requires approval from upper management and applies to the entire organization?
Policy
what are the elements of a complete BCP
Policy statement defining the policy, standards, procedures, and guidelines for deployment Project team members with defined roles, responsibilities, and accountabilities Emergency response procedures and protection of life, safety, and infrastructure Situation and damage assessment Resource salvage and recovery Alternate facilities or triage for short-term or long-term emergency mode of operations and business recovery
IT security policy framework
Policy: short written statement that defines a course of action that applies to entire org Standard: detailed written definition of how software and hardware are to be used Procedures: written instructions for how to use policies and standards Guidelines: suggested course of action for using policy, standards, or procedure
A background check typically involves all Except the following:
Polygraph tests.
110
Post Office Protocol v3 (POP3)
Cryptography
Practice of hiding data and keeping it away from unauthorized users
privacy challenges of IT devices
Privacy policy statement Definition of data, metadata, or analytical data use and rights Ability for a user to provide consent to a manufacturer's or application service provider's privacy policy statement Determine the domain of privacy
Secure Hash Algorithm (SHA-1)
Produces a 160-bit hash from a message of any arbitrary length
Logic Bombs
Programs that execute a malicious function of some kind when they detect certain conditions Typically originate with organization insiders because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders
legal and regulatory issues of IT devices
Proper handling and protection of sensitive data Privacy data subject to privacy laws of state you live in as well as state that the IoT hosting company resides in IoT vendor or solutions provider required to adhere to security control requirements and data protection laws
Which tool can capture the packets transmitted between systems over a network?
Protocol analyzer
Local Area Networks
Provide network connectivity for computers located in the same geographic area
Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities but does not allow other activities. Which permission level is he planning to use?
Prudent
Transposition Ciphers
Rearranges characters or bits of data
BIA Recovery Goals and Requirements
Recovery point objective (RPO) Recovery time objective (RTO) Business recovery requirements Technical recovery requirements
Change control is a process and technology that:
Regulates changes to information including the security policy.
NIST Cybersecurity framework CSF
Released 2014; focuses on critical infrastructure components but is applicable to many general systems. Help auditors align business drivers & security requirements.
Substitution ciphers
Replaces bits, characters, or blocks of information with other bits, characters, or blocks.
Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?
Report writing
Service Value System
Represents how the various components and activities of the organization work together to facilitate value creation through IT-enabled services.
A security policy covers all of the following Except:
Retaliation
Which formula is typically used to describe the components of information security?
Risk = Threat X Vulnerabilities
Earl is preparing a risk register for his organization's risk management program. Which data is LEAST likely to be included in a risk register?
Risk Survey results
Botnets
Robotically controlled networks Attackers infect vulnerable machines with agents that perform various functions at the command of the bot-herder or controller Controllers communicate with other members of the botnet using Internet Relay Chat (IRC) channels Attackers can use botnets to distribute malware and spam and to launch DoS attacks against organizations or even countries
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?
Rule-based access control
Flood guard
Rules can limit traffic bandwidth from hosts, reducing the ability for any one host to flood a network
Order of priorities for Business continuity plan
Safety and well-being of people Continuity of critical business functions and operations Continuity of IT infrastructure components within the seven domains of an IT infrastructure
22
Secure Shell (ssh)
Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?
Secure Sockets Layer (SSL)
Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?
Security information and event management (SIEM)
new challenges created by IoT
Security: How do you keep the bad guys out if you enable the IoT for your personal and professional life? Privacy: How do you protect your family's identity and privacy data from theft or unauthorized access that can lead to identity theft? Interoperability and standards: How well do IoT manufacturers and ASP developers ensure that devices communicate securely? Legal and regulatory compliance: What role do the international, federal, and state levels contribute toward legal, tax, and regulatory requirements regarding IoT-related business transactions that involve payment for goods and services? E-commerce and economic development issues: What are the economic rules of engagement for conducting business on the World Wide Web? How is IoT connectivity and information sharing to be deployed globally?
Control objectives for information and related technology COBIT
Set of best practices for IT management in 1996. Gives managers, auditors, & IT users a set of generally accepted measures, indicators, processors, & best practices.
Information technology infrastructure library ITIL
Set of concepts & policies for managing IT infrastructure, development, & operations. Published in a series of books, covering a separate IT management topic.
A potentially dangerous privilege on Unix machines is to allow files with:
Setuid
Which intrusion detection system strategy relies upon pattern matching?
Signature detection
25
Simple Mail Transfer Protocol (SMTP)
Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?
Simulation Test
Webpage Defacements
Someone gaining unauthorized access to a web server and altering the index page of a site on the server The attacker replaces the original pages on the site with altered versions
Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place?
Spim
An example of a passive attack against a host is:
Spyware
Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?
Standard
Adobe Systems Inc, 2013
Stole credit card data, compromised login credentials, published data for 150 million accounts
What is NOT generally a section in an audit report?
System configurations
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
System integrity monitoring
MD5 message digest algorithm
Takes an input of any arbitrary length and generates a 128-bit message digest that is computationally infeasible to match by finding another input
System infectors
Target computer hardware and software startup functions
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
The OCTAVE approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach. There are two versions of OCTAVE: OCTAVE and OCTAVE-S. OCTAVE is best suited for large organizations, whereas OCTAVE-S works well for organizations consisting of fewer than 100 people.
IT Service
The activities directed by policies, organized and structured processes and supporting procedures that are performed by an organization to design, plan, deliver, operate and control information technology (IT) services offered to customers.
modifications
The alteration of data contained in transmissions or files.
Mean time to failure (MTTF)
The average amount of time between failures for a particular system.
Content Inspection
The device looks at some or all network packet content to determine if the packet should be allowed to pass
risk management definition
The identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.
Operations management is:
The management resources according to the security policy
Data Encryption Standard (DES)
The most scrutinized cipher in history
Keyspace
The number of possible keys to a cipher
Encryption
The process of scrambling plaintext into ciphertext
Decryption
The process of unscrambling ciphertext into plaintext
Information classification schemes define:
The sensitivity of information
how has the internet changed our lives
The transition to a Transmission Control Protocol/Internet Protocol (TCP/IP) world changed our way of life. People, families, businesses, educators, and government all communicate differently than they did before. Nearly everyone has easy access to the Internet.
Between-the-lines wiretapping
This type of wiretapping does not alter the messages sent by the legitimate user but inserts additional messages into the communication line when the legitimate user pauses.
piggyback-entry wiretapping
This type of wiretapping does not alter the messages sent by the legitimate user but inserts additional messages into the communication line when the legitimate user pauses.
Availability equation
TotalUptime / TotalUptime+TotalDowntime
mobile site
Trailer with necessary environmental utilities, can operate as warm or cold site
At what layer begins end-to-end security
Transport
Phishing
Tricks users into providing logon information on what appears to be a legitimate website but is actually a website set up by an attacker to obtain this information
black hat hacker
Tries to break IT security and gain access to systems with no authorization in order to prove technical prowess. Black-hat hackers generally develop and use special software tools to exploit vulnerabilities. May exploit holes in systems but generally do not attempt to disclose vulnerabilities they find to the administrators of those systems.
Adware
Triggers nuisances such as popup ads and banners when user visits certain websites
What type of malicious software masquerades as legitimate software to entice the user to run it?
Trojan Horse
? True or False: IoT devices cannot share and communicate you IoT device data to other systems and applications without your authorization or knowledge
True
?True or False: Networks, routers, and equipment require continuous monitoring and management to keep WAN service available
True
A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match.
True
A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.
True
Access control lists (ACLs) are used to permit and deny traffic in an IP router.
True
An alteration threat violates information integrity.
True
An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.
True
Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet.
True
Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.
True
Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it.
True
Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.
True
During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences.
True
Encrypting the data within databases and storage devices gives an added layer of security.
True
In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data.
True
In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks.
True
Many jurisdictions require audits by law.
True
Metadata of Internet of Things (IoT) devices can be sold to companies seeking demographic marketing data about users and their spending habits.
True
Performing security testing includes vulnerability testing and penetration testing.
True
Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than justin individual packets.
True
SOC 2 reports are created for internal and other authorized stakeholders and are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.
True
Screen locks are a form of endpoint device security control.
True
The Gramm-Leach-Bliley Act (GLBA) addresses information security concerns in the financial industry.
True
The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.
True
True or False: A Chinese wall security policy defines a barrier and develops a set of rules that makes sure no subject gets to objects on the other side of the wall
True
True or False: A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.
True
True or False: A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.
True
True or False: A trusted operating system (TOS) provides features that satisfy specific government requirements for security.
True
True or False: An IT security policy framework is like an outline that identifies where security controls should be used
True
True or False: Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.
True
True or False: Authorization is the process of granting rights to use an organizations IT assets, systems, applications, and data to a specific user.
True
True or False: Bring your own device (BYOD) opens the door to considerable security risks
True
True or False: Cars that have Wi-Fi access and onboard computers require software patches and upgrades from the manufacturer.
True
True or False: Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it
True
True or False: E-commerce systems and applications demand strict confidentiality, integrity, and availability (CIA) security controls.
True
True or False: Each 4g device has a unique Internet Protocol (IP) address and appears just like any other wired device on a network.
True
True or False: Encrypting the data within databases and storage devices gives an added layer of security
True
True or False: Failing to prevent an attack all but invites an attack
True
True or False: Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext.
True
True or False: IoT technology has a significant impact on developing economies, given that it can transform countries into e-commerce-ready nations
True
True or False: Metadata of IoT devices can be sold to companies seeking demographic marketing data about users and their spending habits
True
True or False: One of the first industries to adopt and widely use mobile applications was the healthcare industry
True
True or False: Organizations should start defining their IT security policy framework by defining as asset classification policy
True
True or False: Rootkits are malicious software programs designed to be hidden from normal methods of detection
True
True or False: The Director of IT security is generally in charge of ensuring that the Workstation Domain conforms to Policy
True
True or False: The Government Information Security Reform Act of 2000 focuses on management and evaluation of the security of unclassified and national security systems.
True
True or False: The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services
True
True or False: The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.
True
True or False: The system/application domain holds all the mission critical systems, applications, and data.
True
True or False: The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.
True
True or False: The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.
True
True or False: Using a secure logon and authentication process is one of the six steps to prevent malware.
True
True or False: When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks
True
True or False? For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public domain categories.
True
True or False? Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available.
True
True or False? The System/Application Domain holds all the mission-critical systems, applications, and data.
True
True or False? The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy.
True
True or False? The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services.
True
When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks.
True
Rootkits
Type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised, Modify parts of the operating system to conceal traces of their presence, Provide attackers with access to compromised computers and easy access to launching additional attacks, Difficult to detect and remove
Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?
Typosquatting
common threats in the system application domain
Unauthorized access to data centers, computer rooms, and wiring closets: Apply policies, standards, procedures, and guidelines for staff and visitors to secure facilities. Downtime of servers to perform maintenance: Create a system that brings together servers, storage, and networking. Server operating systems software vulnerability: Define vulnerability window for server operating system environments. Maintain hardened production server operating systems. Insecure cloud computing virtual environments by default: Implement virtual firewalls and server segmentation on separate VLANs. A virtual firewall is a software based firewall used in virtual environments. Corrupt or lost data: Implement daily data backups and off-site data storage for monthly data archiving. Define data recovery procedures based on defined Recovery Time Objectives (RTOs). Loss of backed-up data as backup media are reused: Convert all data into digital data for long-term storage. Retain backups from offsite data vaults based on defined RTOs.
common threats in the LAN Domain
Unauthorized physical access to LAN: Make sure wiring closets, data centers, and computer rooms are secure. No access is there without proper credentials. Unauthorized access to systems, applications, and data: Strict access control policies, standards, procedures, and guidelines should be implemented. Second-level identity required to access sensitive systems, applications, and data. LAN server operating system vulnerabilities: Define vulnerability window policies, standards, procedures, and guidelines. Conduct LAN domain vulnerability assessments. LAN server application software vulnerabilities and software patch updates: Define a strict software vulnerability window policy requiring quick software patching. Rogue users on WLANs: Eliminate rogue users from unauthorized access. Use WLAN network keys that require a password for wireless access. Turn off broadcasting on wireless access points (WAPs). Enable second-level authentication prior to granting WLAN access. Confidentiality of data on WLANs: Maintain confidentiality of data transmissions. Implement encryption between workstation and WAP to maintain confidentiality. LAN server configuration guidelines and standards: LAN servers have different hardware, operating systems, and software, making it difficult to manage and troubleshoot consistently.
common threats to WAN-to-LAN domain
Unauthorized probing and port scanning: Disable ping, probing, and port scanning on all exterior IP devices within the LAN-to-WAN domain. Ping uses the Internet Control Message Protocol (ICMP) echo-request and echo-reply protocol. Disallow IP port numbers used for probing and scanning and monitor with intrusion detection system/intrusion prevention system (IDS/IPS). Unauthorized access: Apply strict security monitoring controls for intrusion detection and prevention. Monitor traffic and block it right away if malicious. IP router, firewall, and network appliance operating system vulnerability: Define a strict zero-day vulnerability window definition. Update devices with security fixes and software patches right away. Local users downloading unknown file types from unknown sources: Apply file transfer monitoring, scanning, and alarming for unknown file types/sources. Unknown email attachments and embedded URL links received by local users: Apply email server and attachment antivirus and email quarantining for unknown file types. Stop domain-name website access based on content filtering policies.
Common Threats in the Workstation Domain
Unauthorized workstation access: Enable password protection on workstations for access. Unauthorized access to systems, applications, and data: Define strict access control policies, standards, procedures, and guidelines. Implement a second-level test to verify a user's right to gain access. Desktop or laptop operating system vulnerabilities: Define workstation operating system vulnerability window policy. A vulnerability window is the gap in time that you leave a computer unpatched with a security update. Start periodic workstation domain vulnerability tests to find gaps. Desktop or laptop application software vulnerabilities or patches: Define a workstation application software vulnerability window policy. Update application software and security patches according to defined policies, standards, procedures, and guidelines. Viruses, malicious code, and other malware: Use workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. User inserting CD/DVD/USB with personal files: Deactivate all CD-ROM, DVD, and USB ports. Enable automatic virus scans for all installed media containing files. User downloading photos, music, or videos: Enable user content filtering and antivirus scanning at Internet entry and exit points. Enable workstation auto-scans and auto-quarantine for unknown file types.
Keyword mixed alphabet cipher
Uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet
Distributed DoS (DDoS)
Uses multiple compromised systems to flood the network from many different directions
Eavesdropping
When an attacker an attacker taps the data cable to see all data passing through it
An operations center is:
Where the information infrastructure is located
Mandatory access controls define:
Who can see what on the basis of "need to know."
LAN Domain
a collection of computers connected to one another or to a common connection medium
Blockchain
a database encompassing a physical chain of fixed-length blocks that include 1 to N transactions, where each transaction added to a new block is validated and then [appended to the end of the existing chain of] blocks.
risk methodology definition
a description of how you will manage risk
risk register definition
a list of identified risks
CCTA Risk Analysis and Management Method (CRAMM)
a risk analysis method developed by the UK government. Best suited for large organizations
Juan's web server was down for an entire day last September. It experienced no other downtime during that month. Which one of the following represents the web server uptime for that month? a)96.67% b)3.33% c)99.96% d)0.04%
a) 96.67%
Which risk is most effectively mitigated by an upstream Internet service provider (ISP)? a) Distributed denial of service (DDoS) b) Lost productivity c) Firewall configuration error d) Unauthorized remote access
a) Distributed denial of service (DDoS)
Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations? a) Correct Password protection b) Antivirus software c) Deactivating USB ports d) Vulnerability scanning
a) Password protection
Which element of the security policy framework requires approval from upper management and applies to the entire organization? a) Policy b) Standard c) Guideline d) Procedure
a) Policy
Which one of the following is typically used during the identification phase of a remote access connection? a) Username b) Password c) Token d) Fingerprint
a) Username
Lidia would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario? Select one: a. Discretionary access control (DAC) b. Mandatory access control (MAC) c. Rule-based access control d. Role-based access control (RBAC)
a. Discretionary access control (DAC)
Which one of the following is an example of a disclosure threat? Select one: a. Espionage b. Alteration c. Denial d. Destruction
a. Espionage
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? Select one: a. Evil twin b. Wardriving c. Bluesnarfing d. Replay attack
a. Evil twin
With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network? Select one: a. Home agent (HA) b. Foreign agent (FA) c. Care of address (COA) d. Correspondent node (CN)
a. Home agent (HA)
Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that will have the shortest switchover time even though it may be costly. What would be the best option in this situation? Select one: a. Hot site b. Warm site c. Cold site d. Primary site
a. Hot site
Which element of the security policy framework requires approval from upper management and applies to the entire organization? Select one: a. Policy b. Standard c. Guideline d. Procedure
a. Policy
Which group is the most likely target of a social engineering attack? Select one: a. Receptionists and administrative assistants b. Information security response team c. Internal auditors d. Independent contractors
a. Receptionists and administrative assistants
Fernando is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use? Select one: a. Risk Management Guide for Information Technology Systems (NIST SP 800-30) b. CCTA Risk Analysis and Management Method (CRAMM) c. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) d. ISO/IEC 27005, "Information Security Risk Management"
a. Risk Management Guide for Information Technology Systems (NIST SP 800-30)
What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications? Select one: a. Security Assertion Markup Language (SAML) b. Secure European System for Applications in a Multi-Vendor Environment (SESAME) c. User Datagram Protocol (UDP) d. Password Authentication Protocol (PAP)
a. Security Assertion Markup Language (SAML)
From a security perspective, what should organizations expect will occur as they become more dependent upon the Internet of Things (IoT)? Select one: a. Security risks will increase. b. Security risks will decrease. c. Security risks will stay the same. d. Security risks will be eliminated.
a. Security risks will increase.
Which one of the following is an example of two-factor authentication? Select one: a. Smart card and personal identification number (PIN) b. Personal identification number (PIN) and password c. Password and security questions d. Token and smart card
a. Smart card and personal identification number (PIN)
Which classification level is the highest level used by the U.S. federal government? Select one: a. Top Secret b. Secret c. Confidential d. Private
a. Top Secret
Which one of the following is typically used during the identification phase of a remote access connection? Select one: a. Username b. Password c. Token d. Fingerprint
a. Username
The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control. Select one: a. security kernel b. CPU c. memory d. co-processor
a. security kernel
store-and-forward communication
acceptable delay in transmitting communication
wiretapping
active: between the lines wire tapping, piggyback entry wiretapping passive: also called sniffing
Assumption of standard economics - Unbounded self-interest
always aim to maximize their own payoffs / minimize their own costs
Recovery Time Objective (RTO)
amount of time it takes to recover and make a system, application, and data available for use after an outage
Availability in context of information security
amount of time users can use a system, application, and data
Threat
any action that could damage an asset
Matthew captures traffic on his network and notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted connections? a) 20 b) 22 c) 23 d) 80
b) 22
Which network device is capable of blocking network connections that are identified as potentially malicious? a) Intrusion detection system (IDS) b) Correct Intrusion prevention system (IPS) c) Demilitarized zone (DMZ) d) Web server
b) Correct Intrusion prevention system (IPS)
Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement? Select one: a. Privacy b. Bring Your Own Device (BYOD) c. Acceptable use d. Data classification
b. Bring Your Own Device (BYOD)
Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer? a. Federal Information Security Management Act (FISMA) b. Health Insurance Portability and Accountability Act (HIPAA) c. Children's Internet Protection Act (CIPA) d. Gramm-Leach-Bliley Act (GLBA)
b. Health Insurance Portability and Accountability Act (HIPAA)
Which organization pursues standards for Internet of Things (IoT) devices and is widely recognized as the authority for creating standards on the Internet? Select one: a. Internet Society b. Internet Engineering Task Force c. Internet Association d. Internet Authority
b. Internet Engineering Task Force
Which network device is capable of blocking network connections that are identified as potentially malicious? Select one: a. Intrusion detection system (IDS) b. Intrusion prevention system (IPS) c. Demilitarized zone (DMZ) d. Web server
b. Intrusion prevention system (IPS)
Which type of authentication includes smart cards? Select one: a. Knowledge b. Ownership c. Location d. Action
b. Ownership
A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals? Select one: a. Health Insurance Portability and Accountability Act (HIPAA) b. Payment Card Industry Data Security Standard (PCI DSS) c. Federal Information Security Management Act (FISMA) d. Federal Financial Institutions Examination Council (FFIEC)
b. Payment Card Industry Data Security Standard (PCI DSS)
Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri? Select one: a. Cracker b. White-hat hacker c. Black-hat hacker d. Grey-hat hacker
b. White-hat hacker
Which element of the security policy framework offers suggestions rather than mandatory actions? a) Policy b) Standard c) Guideline d) Procedure
c) Guideline
Which one of the following is NOT a good technique for performing authentication of an end user? a) Password b) Biometric scan c) Identification number d) Token
c) Identification number
Which one of the following measures the average amount of time that it takes to repair a system, application, or component? a) Uptime b) Mean time to failure (MTTF) c) Mean time to repair (MTTR) d) Recovery time objective (RTO)
c) Mean time to repair (MTTR)
During which phase of the access control process does the system answer the question,"What can the requestor access?" Select one: a. Identification b. Authentication c. Authorization d. Accountability
c. Authorization
Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate? Select one: a. Encryption b. Decryption c. Deidentification d. Aggregation
c. Deidentification
Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers? Select one: a. FFIEC b. FISMA c. HIPAA d. PCI DSS
c. HIPAA
Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)? Select one: a. Virtual workplace b. Infrastructure monitoring c. Health monitoring d. Supply chain management
c. Health monitoring
Which one of the following is NOT a good technique for performing authentication of an end user? Select one: a. Password b. Biometric scan c. Identification number d. Token
c. Identification number
Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion? Select one: a. Security b. Privacy c. Interoperability d. Compliance
c. Interoperability
Which one of the following measures the average amount of time that it takes to repair a system, application, or component? Select one: a. Uptime b. Mean time to failure (MTTF) c. Mean time to repair (MTTR) d. Recovery time objective (RTO)
c. Mean time to repair (MTTR)
Ernie is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register? Select one: a. Description of the risk b. Expected impact c. Risk survey results d. Mitigation steps
c. Risk survey results
What is NOT one of the three tenets of information security? Select one: a. Confidentiality b. Integrity c. Safety d. Availability
c. Safety
n which type of attack does the attacker attempt to take over an existing connection between two systems? Select one: a. Man-in-the-middle attack b. URL hijacking c. Session hijacking d. Typosquatting
c. Session hijacking
As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct? Select one: a. Checklist test b. Parallel test c. Simulation test d. Structured walk-through
c. Simulation test
What type of malicious software masquerades as legitimate software to entice the user to run it? Select one: a. Virus b. Worm c. Trojan horse d. Rootkit
c. Trojan horse
interruptions
causes a break in a communication channel, which blocks the transmission of data
what is malicious software
causes damage, escalates security privileges, divulges private data, modifies or deletes data
strategies for reducing risk (weakest link in the security of an IT infrastructure)
check background of job candidates carefully, evaluate staff regularly, rotate access to sensitive systems, apps, and data among staff positions, test apps and software and review for quality, regularly review security plans, perform annual security control audits
top country of origin for cyberattacks at 41 percent
china in 2013, US was at 10 percent
Internet of Things
connects personal devices, home devices, and vehicles to the internet
WAN Domain
connects remote locations
Remote Access DOmains
connects remote users to an organizations IT infrastructure
Business-to-consumer (B2C)
customer purchases good and services directly from their website
Which of the following is an example of a hardware security control? a) Security Policy b) NTFS permission c) MAC filtering d) ID badge
d
Which of the following is an example of two-factor authentication? a) personal identification number (PIN) and password b) token and smart card c) password and security questions d) smart card and personal identification number (PIN)
d
Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality? a) Securing wiring closets b) Applying patches promptly c) Implementing LAN configuration standards d) Applying strong encryption
d) Applying strong encryption
Which term describes any action that could damage an asset? a) Risk b) Countermeasure c) Vulnerability d) Threat
d) Threat
Which of the following is NOT an area of critical infrastructure where the Internet of Things (IOT) is likely to spur economic development in less developed countries? a) Water Supply management b) Agriculture c) Wastewater Treatment d) E-commerce
d) e-commerce
Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering? Select one: a. Accuracy b. Reaction time c. Dynamism d. Acceptability
d. Acceptability
Malek wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Malek concerned about? Select one: a. Identification b. Authentication c. Authorization d. Accountability
d. Accountability
Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality? Select one: a. Securing wiring closets b. Applying patches promptly c. Implementing LAN configuration standards d. Applying strong encryption
d. Applying strong encryption
Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value? Select one: a. Dictionary attack b. Rainbow table attack c. Social engineering attack d. Brute-force attack
d. Brute-force attack
Aaliyah would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs? Select one: a. Voice over IP (VoIP) b. Audio conferencing c. Video conferencing d. Collaboration
d. Collaboration
Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices? Select one: a. Support ownership b. Onboarding/offboarding c. Forensics d. Data ownership
d. Data ownership
Which one of the following is an example of a direct cost that might result from a business disruption? Select one: a. Damaged reputation b. Lost market share c. Lost customers d. Facility repair
d. Facility repair
Which compliance obligation includes security requirements that apply specifically to federal government agencies in the United States? Select one: a. Gramm-Leach-Bliley Act (GLBA) b. Health Insurance Portability and Accountability Act (HIPAA) c. Family Educational Rights and Privacy Act (FERPA) d. Federal Information Security Management Act (FISMA)
d. Federal Information Security Management Act (FISMA)
What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)? Select one: a. Secure European System for Applications in a Multi-Vendor Environment (SESAME) b. Lightweight Directory Access Protocol (LDAP) c. Security Assertion Markup Language (SAML) d. Kerberos
d. Kerberos
What level of technology infrastructure should you expect to find in a cold site alternative data center facility? Select one: a. Hardware and data that mirror the primary site b. Hardware that mirrors the primary site, but no data c. Basic computer hardware d. No technology infrastructure
d. No technology infrastructure
Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing? Select one: a. Active wiretap b. Between-the-lines wiretap c. Piggyback-entry wiretap d. Passive wiretap
d. Passive wiretap
Faisal's company is planning to accept credit cards over the Internet. Which one of the following governs this type of activity and includes provisions that Faisal should implement before accepting credit card transactions? Select one: a. Health Insurance Portability and Accountability Act (HIPAA) b. Family Educational Rights and Privacy Act (FERPA) c. Communications Assistance for Law Enforcement Act (CALEA) d. Payment Card Industry Data Security Standard (PCI DSS)
d. Payment Card Industry Data Security Standard (PCI DSS)
Which one of the following is NOT an advantage of biometric systems? Select one: a. Biometrics require physical presence. b. Biometrics are hard to fake. c. Users do not need to remember anything. d. Physical characteristics may change.
d. Physical characteristics may change.
Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing? Select one: a. Policy b. Standard c. Guideline d. Procedure
d. Procedure
Which tool can capture the packets transmitted between systems over a network? Select one: a. Wardialer b. OS fingerprinter c. Port scanner d. Protocol analyzer
d. Protocol analyzer
Which term describes an action that can damage or compromise an asset? Select one: a. Likelihood b. Vulnerability c. Countermeasure d. Threat
d. Threat
Which type of attack against a web application uses a newly discovered vulnerability that is not patchable? Select one: a. SQL injection b. Cross-site scripting c. Cross-site request forgery d. Zero-day attack
d. Zero-day attack
private data
data about people that must be kept private
Cryptocurrencies
decentralized digital currency
ITIL framework
designed to standardize the selection, planning, delivery and support of IT services to a business.
what is a countermeasure
detect vulnerabilities, prevent attacks, respond to the effects of successful attacks. get help from law enforcement agencies, forensic experts, security consultants, incident response teams
Smart contracts
digital contracts that run exactly as programmed without any possibility of downtime, censorship, fraud, or third-party interference
what are the three types of threats
disclosure threats, alteration threats, denial or destruction threats
public blockchain
distributed and maintained by multiple computers or nodes that compete to validate the newest block entries before the other nodes to gain a reward for doing so.
Cybersecurity
duty of govt that wants to ensure its national security
business drivers definition
elements in an organization that support business objectives such as people, information, and conditions
what are the four categories of attacks
fabrications, interceptions, interruptions, modifications
True or False: A bricks-and-mortar strategy includes marketing and selling goods and services on the Internet
false: e-commerce
internet business challenges
growing the business through the internet, changing existing conventional business to an e-business, building secure and highly available websites and e-commerce portals, building a web-enabled customer-service strategy, finding new customers with internet marketing
Information System
hardware, OS, and application software that work together to collect, process, and store data for individuals and organizations
warm site
has environmental utilities and basic and computer hardware
hot site
has environmental utilities, hardware, software, and data like original data center
Assumption of standard economics - Unbounded rationality
have unlimited access to perfect information, capable of deriving optimal strategy
backdoors
hidden access included by developers, attackers can use them to gain access
Workstation Domain
includes desktop computers, laptops, special-purpose terminals, other devices that connects to the network
Availability
information is accessible by authorized users whenever they request the information
confidential
information or data owned by the org
fabrications
involve the creation of some deception in order to trick unsuspecting users
When does data have integrity
it is not altered, is valid, is accurate
Common Threats in the User Domain
lack of user awareness: conduct security awareness training, display awareness posters, insert reminders in banner greetings, and send email reminders to employees user apathy towards policies: conduct annual security awareness training, implement AUP, update staff manual and handbook, and discuss status during performance reviews user violating security policy: place employee on probation, review AUP and employee manual, and discuss status during performance reviews user inserting CD/DVD/USB with personal files: Enable automatic antivirus scans for inserted media drives, files, and e-mail attachments. An antivirus scanning system examines all new files on your computer's hard drive for viruses. Enable e-mail antivirus scanning for e-mails with attachments. User downloading photos, music, or videos: Enable content filtering and antivirus scanning on e-mail attachments. Content filtering security appliances configured to permit or deny specific domain names in accordance with AUP definition. User destructing systems, applications, and data: Restrict access for users to only those systems, applications, and data needed to perform their job. Minimize write or delete permissions to the data owner only. Disgruntled employee attacking organization or committing sabotage: Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance. Employee blackmail or extortion: Track and monitor abnormal employee behavior and use of IT infrastructure during off-hours. Enable intrusion detection system/intrusion prevention system (IDS/IPS) monitoring for sensitive employee positions and access. IDS/IPS security appliances examine the Internet Protocol (IP) data streams for inbound and outbound traffic. Alarms and alerts programmed within an IDS/IPS help identify abnormal traffic and can block IP traffic per policy definition.
Risk
likelihood that something bad will happen to an asset
why business must have an internet and IOT marketing strategy
must remain competitive, bricks-and-mortar business model out of data in global market, customers require continuous access to information, products, and services. this means they expose themselves to online risk
Real-time communication
occurs instantaneously
Integrity
only authorized users can change information
Confidentiality
only authorized users can view info
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through it's online site. Which type of loss did the company experience as a result of lost sales?
opportunity cost
why is distributed denial of service attack more difficult to stop than just regular denial of service
overloads computers and prevents legitimate users from gaining access, more difficult to stop because they originate from different sources
Prospect Theory
people make decisions based on the potential value of losses and gains rather than the final outcome, and evaluate these losses and gains subjectively
what does a firewall do
program or dedicated hardware device, inspects network traffic passing through it, denies or permits traffic based on a set of rules
Payment Card Industry Data Security Standard (PCI DSS)
protects private customer data
data modifications
purposely or accidentally modified, incomplete, truncated
Data Security
responsibility of every org that needs to protect its information assets and sensitive data
WAN domain
roles and tasks: allow users the most access possible while making sure what goes in and out is safe responsibilities: physical components and logical elements accountability: maintain, update, and provide technical support and ensure that the company meets security policies, standards, procedures, and guidelines
Workstation Domain (3)
roles and tasks: configure hardware, harden systems, and verify antivirus files responsibilities: ensure the integrity of user workstations and data accountability: director of IT security is generally in charge of ensuring that the workstation domain conforms to policy
remote access domain (3)
roles and tasks: connect mobile users to their IT systems through the public internet responsibilities: maintain, update, and troubleshoot the hardware and logical remote access connection accountability: ensure that the remote access domain security plans, standards, methods, and guidelines are used
LAN Domain
roles and tasks: includes both physical network components and logical configuration of services for users responsibilities: lan support group is in charge of physical components and logical elements accountability: lan manager's duty to maximize use and integrity of data within the LAN domain
LAN-to-WAN domain
roles and tasks: includes both the physical pieces and logical design of security appliances. physical parts need to be managed to give easy access to the services responsibilities: physical components, logical elements, and applying the defined security controls accountability: ensure the security policies, standards, procedures, and guidelines are used
system application domain
roles and tasks: includes hardware and logical design, secure mission-critical applications and intellectual property assets both physically and logically responsibilities: server systems admin, database design, and management, designing access rights to systems and apps and more accountability: ensure that security policies, standards, procedures, and guidelines are in compliance
User Domain (3)
roles and tasks: users can access systems, apps, data depending upon their access rights responsibilities: employees are responsible for their use of IT assets accountability: HR department is accountable for implementing proper employee background checks
Ciphertext
scrambled data that are the results of encrypting cleartext
Mean time repair (MTTR)
the average amount of time it takes to repair a system, application, or component. the goal is to bring the system back up quickly
Information System Security
the collection of activities that protect the information system and the data stored in it
Encryption
the process of transforming clear text into coded, unintelligible text for secure storage or communication
e-commerce
the sales of goods and services online
what is spyware
the type of malware that specifically threatens confidentiality of information such
Equation for risk
threat times vulnerability
Uptime
total amount of time that a system, app, or data are accessible. often expressed as a percentage of time available
Downtime
total amount of time that something is not accessible
alteration threats
unauthorized changes
examples of unacceptable web browsing
unauthorized users searching files or storage directories, users visiting prohibited websites
Vulnerability
weakness that allows a threat to be realized or to have an effect on an asset
Assumption of standard economics - Unbounded will power
will always follow the optimal strategy
what is it about risk, threats, and vulnerabilities that you can't do
you cannot eliminate risk, you can minimize the impact of threats, you can reduce the number of vulnerabilities, minimizing threats and reducing vulnerabilities lessens overall risk. threats, risk, and vulnerabilities