Chapter 12
All of these
Common vulnerability assessment processes include: (A) Internet VA (B) wireless VA (C) intranet VA (D) All of these
performance
Control __________ baselines are established for network traffic and for firewall performance and IDPS performance. (A) system (B) application (C) performance (D) environment
intelligence
Detailed __________ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported. (A) escalation (B) intelligence (C) monitoring (D) elimination
Both of these are approaches that might be chosen
Each organization sets policy to choose one of two approaches when employing digital forensics. Select the statement that best identifies the options. (A) Protect and forget (B) Apprehend and prosecute (C) Neither of these is an approach to be chosen (D) Both of these are approaches that might be chosen
Determine whether to "apprehend and prosecute."
In digital forensics, all investigations follow the same basic methodology once permissionfor search and seizure has been obtained. Which of the following is NOT one of the elements of that process? (A) Analyze the data without risking modification or unauthorized access. (B) Report the findings to the proper authority. (C) Determine whether to "apprehend and prosecute." (D) Identify relevant EM.
difference analysis
One approach that can improve the situational awareness of the information security function is to use a process known as __________ to quickly identify changes to the internal environment. (A) baselining (B) difference analysis (C) differentials (D) revision
insecure.org
The __________ Web site and list site seclists.org is home to the leading free network exploration tool, Nmap. (A) insecure.org (B) Packet Storm (C) Security Focus (D) Snort-sigs
Packet Storm
The __________ commercial site focuses on current security tool resources. (A) Nmap-hackerz (B) Packet Storm (C) Security Laser (D) Snort-SIGs
CERT/CC
The __________ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. (A) US-CERT (B) Bugtraq (C) CM-CERT (D) CERT/CC
scope
The __________ is a statement of the boundaries of the RA. (A) scope (B) disclaimer (C) footer (D) head
Snort
The __________ mailing list includes announcements and discussion of a leading open-source IDPS. (A) Nmap-hackers (B) Packet Storm (C) Security Focus (D) Snort
PSV
The __________ process is designed to find and document vulnerabilities that may be present because there are misconfigured systems in use within the organization. (A) ASP (B) ISP (C) SVP (D) PSV
intranet
The __________ vulnerability assessment is a process designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network. (A) intranet (B) Internet (C) LAN (D) WAN
wireless
The __________ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's wireless local area networks. (A) wireless (B) phone-in (C) battle-dialing (D) network
IRP
The optimum approach for escalation is based on a thorough integration of the monitoring process into the __________. (A) IDE (B) CERT (C) ERP (D) IRP
baselines
To evaluate the performance of a security system, administrators must establish system performance __________. (A) baselines (B) profiles (C) maxima (D) means
60
To maintain optimal performance, one typical recommendation suggests that when the memory usage associated with a particular CPU-based system averages __________% or more over prolonged periods, you should consider adding more memory. (A) 40 (B) 60 (C) 10 (D) 100
Program review
______ allows for major security control components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate. (A) System review (B) Project review (C) Program review (D) Application review
All of the above
______ are a component of the security triple. (A) Threats (B) Assets (C) Vulnerabilities (D) All of the above
White box
______ penetration testing is usually used when a specific system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target. (A) White box (B) Black box (C) Gray box (D) Green box
Network connectivity RA
_______ is used to respond to network change requests and network architectural design proposals. (A) Network connectivity RA (B) Dialed modem RA (C) Application RA (D) Vulnerability RA
Penetration testing
_______, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a malicious external source (hacker). (A) Penetration testing (B) Penetration simulation (C) Attack simulation (D) Attack testing
version
A __________ is the recorded condition of a particular revision of a software or hardware configuration item. (A) state (B) version (C) configuration (D) baseline
Bugtraq
A primary mailing list for new vulnerabilities, called simply __________, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists. (A) Bug (B) Bugfix (C) Buglist (D) Bugtraq
traffic analysis
A process called __________ examines the traffic that flows through a system and its associated devices to identify the most frequently used devices. (A) difference analysis (B) traffic analysis (C) schema analysis (D) data flow assessment
scanning
A step commonly used for Internet vulnerability assessment includes __________, which occurs when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection. (A) scanning (B) subrogation (C) delegation (D) targeting
configuration
A(n) __________ item is a hardware or software item that is to be modified and revised throughout its life cycle. (A) revision (B) update (C) change (D) configuration