CIS 322 Final Review

Ace your homework & exams now with Quizwiz!

____ are a component of the security triple.

Threats; assets; vulnerabilities ALL OF THE ABOVE

A cybernetic loop ensures that progress is measured periodically.

True

A proven method for prioritizing a program of complex change is the bull's-eye method.

True

A task or subtask becomes an action step when it can be completed by one individual or skill set and when it includes a single deliverable.

True

A(n) war game puts a subset of plans in place to create a realistic test environment.

True

All systems that are mission critical should be enrolled in PSV measurement.

True

An example of the type of vulnerability exposed via traffic analysis occurs when an organization is trying to determine if all its device signatures have been adequately masked

True

An ideal organization fosters resilience to change.

True

Corrective action decisions are usually expressed in terms of trade-offs.

True

DMZ is the primary way to secure an organization's networks.

True

Digital forensics helps the organization understand what happened and how.

True

Each organization has to determine its own project management methodology for IT and information security projects.

True

External monitoring entails collecting intelligence from various data sources and then giving that intelligence context and meaning for use by decision makers within the organization.

True

If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well.

True

In many organizations, information security teams lacks established roles and responsibilities.

True

In most cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates.

True

Major planning components should be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.

True

Often, US-CERT is viewed as the definitive authority for computer emergency response True

True

Organizations should have a carefully planned and fully populated inventory of all their network devices, communication channels, and computing devices.

True

Over time, external monitoring processes should capture information about the external environment in a format that can be referenced both across the organization as threats emerge and for historical use.

True

Over time, policies and procedures may become inadequate because of changes in agency mission and operational requirements, threats, or the environment.

True

Planners need to estimate the effort required to complete each task, subtask, or action step.

True

Planning for the implementation phase of a security project requires the creation of a detailed project plan.

True

Policy needs to be reviewed and refreshed from time to time to ensure that it's sound.

True

Rehearsal adds value by exercising the procedures, identifying shortcomings, and providing security personnel the opportunity to improve the security plan before it is needed.

True

Remediation of vulnerabilities can be accomplished by accepting or transferring the risk, removing the threat, or repairing the vulnerability.

True

Security managers accomplish objectives identified by the CISO and resolve issues identified by technicians.

True

Security managers are accountable for the day-to-day operation of the information security program.

True

The CISO uses the results of maintenance activities and the review of the information security program to determine if the status quo can adequately meet the threats at hand.

True

The basic function of the external monitoring process is to monitor activity, report results, and escalate warnings.

True

The budgets of public organizations are usually the product of legislation or public meetings.

True

The bull's-eye model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan.

True

The characteristics concerned with manufacturer and software versions are about technical functionality, and they should be kept highly accurate and up-to-date.

True

The general management community of interest must work with the information security professionals to integrate solid information security concepts into the personnel management practices of the organization.

True

The optimum solution in most cases is to repair a(n) vulnerability.

True

The organization should integrate the security awareness education into a new hire's ongoing job orientation and make it a part of every employee's on-the-job security training.

True

The position of security technician can be offered as an entry-level position.

True

The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out.

True

The process of integrating information security perspectives into the hiring process begins with reviewing and updating all job descriptions.

True

The project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes.

True

The size of the organization and the normal conduct of business may preclude a single large training program on new security procedures or technologies.

True

To maintain a secure facility, all contract employees should be escorted from room to room, as well as into and out of the facility.

True

Unfreezing in the Lewin change model involves thawing hard-and-fast habits and established procedures.

True

Upper management should learn more about the budgetary needs of the information security function and the positions within it.

True

When an estimate is flawed, as when the number of effort-hours required is underestimated, the plan should be corrected and downstream tasks updated to reflect the change.

True

When possible, major plan elements should be rehearsed.

True

The Lewin change model consists of ____.

Unfreezing, moving & refreezing All of the Above

____ is a simple planning tool.

WBS

____ pen testing is usually used when a specific system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target.

White Box

To evaluate the performance of a security system, administrators must establish system performance ____.

baselines

The ____ methodology has been used by many organizations, requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems.

bull's-eye

A(n) ____ item is a hardware or software item that is to be modified and revised throughout its life cycle.

configuration

One approach that can improve the situational awareness of the information security function uses a process known as ____ to quickly identify changes to the internal environment.

difference analysis

The information security function can be placed within the ____.

insurance and risk management function; administrative services function; & legal department All of the Above

Detailed ____ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported.

intelligence

The date for sending the final RFP to vendors is considered a(n) ____, because it signals that all RFP preparation work is complete.

milestone

The goal of the ____ is to resolve any pending issues, critique the overall effort of the project, and draw conclusions about how to improve the process for the future.

wrap-up

The primary mailing list, called simply ____, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited, and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists.

Bugtraq

____ are the real techies who create and install security solutions.

Builders

The ____ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.

CERT/CC

The ____ position is typically considered the top information security officer in the organization.

CISO

The breadth and depth covered in each of the domains makes the ____ one of the most difficult-to-attain certifications on the market.

CISSP

Some cases of ____ are simple, such as requiring employees to use a new password beginning on an announced date.

Direct Changeover

Many organizations use a(n) ____ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization.

Exit

A direct changeover is also known as going "fast turnkey."

False

A maintenance model such as the ISO model deals with methods to manage and operate systems.

False

All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan.

False

Court decisions generally do not impact agency policy.

False

Documentation procedures are not required for configuration and change management processes.

False

Each for-profit organization determines its capital budget and the rules for managing capital spending and expenses the same way.

False

Friendly departures include termination for cause, permanent downsizing, temporary lay-off, or some instances of quitting.

False

ISO 27001 Information Security Handbook: A Guide for Managers provides managerial guidance for the establishment and implementation of an information security program.

False

Information security should be visible to the users.

False

Organizations are not required by law to protect employee information that is sensitive or personal.

False

The CISA certification is for information security management professionals.

False

The SCNA track focuses on firewalls and intrusion detection.

False

The final process in the vulnerability assessment and remediation domain is the exit phase.

False

The first step in the WBS approach encompasses activities, but not deliverables.

False

The general management community of interest must plan for the proper staffing for the information security function.

False

The information security function cannot be placed within protective services.

False

The most common qualification for the CISO type of position is the SSCP accreditation.

False

The networks layer of the bull's-eye is the outermost ring of the bull's eye.

False

The parallel implementation works well when an isolated group can serve as the "guinea pig," which prevents any problems with the new system from dramatically interfering with the performance of the organization as a whole.

False

The primary goal of the external monitoring domain is to maintain an informed awareness of the state of all of the organization's networks, information systems, and information security defenses.

False

The security manager position is much more general than that of CISO.

False

The security systems implementation life cycle is a process for collecting information about an organization's objectives, its technical architecture, and its information security environment.

False

The target selection step involves using the external monitoring intelligence to configure a test engine (such as Nessus) for the tests to be performed.

False

Threats cannot be removed without requiring a repair of the vulnerability.

False

Tracking awareness involves assessing the status of the program as indicated by the database information and mapping it to standards established by the agency.

False

WLAN stands for wide local area network.

False

The applicant for the CISA must provide evidence of ____ years of professional work experience in the field of information security, with a waiver or substitution of up to two years for education or previous certification.

Five

There are ____ common vulnerability assessment processes.

Five

Technology ____ guides how frequently technical systems are updated, and how technical updates are approved and funded.

Governance

The ____ examination is designed to provide CISSPs with a mechanism to demonstrate competence in the more in-depth and concentrated requirements of information security management.

ISSMP

In the ____ process, measured results are compared to expected results.

Negative Feedback loop

____ is used to respond to network change requests and network architectural design proposals.

Network Connectivity RA

The ____ list is intended to facilitate the development of a free network exploration tool.

Nmap-hackers

The ____ process is designed to find and document the vulnerabilities that may be present because there are misconfigured systems in use within the organization.

PSV

____, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a malicious external source (hacker).

Penetration Testing

____ baselines are established for network traffic and also for firewall performance and IDPS performance.

Performance

In a ____ implementation, the entire security system is put in place in a single office, department, or division, and issues that arise are dealt with before expanding to the rest of the organization.

Pilot

The ____ level of the bull's-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate, it enables all other information security components to function correctly.

Policies

By managing the ____, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce.

Process of Change

____ allows for the major planning components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.

Program Review

If the task is to write firewall specifications for the preparation of a(n) ____, the planner would note that the deliverable is a specification document suitable for distribution to vendors.

RFP

The ____ program focuses more on building trusted networks, including biometrics and PKI.

SCNA

____ was designed to recognize mastery of an international standard for information security and a common body of knowledge (sometimes called the CBK).

SSCP

The steps of the Internet vulnerability assessment include ____, which is when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection.

Scanning

A(n) ____ is a statement of the boundaries of the RA.

Scope

The ____ involves collecting information about an organization's objectives, its technical architecture, and its information security environment.

SecSDLC

____ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.

Security Technicians

____ is a cornerstone in the protection of information assets and in the prevention of financial loss.

Seperation of duties

The ____ mailing list includes announcements and discussion of an open-source IDPS.

Snort-sigs

The ____ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing systems.

Systems

____ is the requirement that every employee be able to perform the work of another employee.

Task rotation

When the memory usage associated with a particular CPU-based system averages ____% or more over prolonged periods, consider adding more memory.

60


Related study sets

Ch 1 Components of Effective Teaching

View Set

Week 2 - Muscles of the Shoulder

View Set

The Glass Castle Study Guide (12/10/20)

View Set