CIS471 Final
right behind your first Internet firewall
A DMZ is located: right in front of your first Internet firewall right behind your first Internet firewall right behind your first network active firewall right behind your first network passive Internet http firewall
An area between a friendly and unfriendly network
A demilitarized zone is: An area between a friendly and unfriendly network Is a synonym for the work firewall An area behind your edge router not accessible from the Internet An area behind your firewall, accessible from the Internet
Spike
A momentary high voltage is a: Blackout Spike Surge Fault
a. Vulnerability
A weakness or lack of a safeguard, which may be exploited by a threat, causing harm to the information systems or networks is called a: a. Vulnerability b. Risk c. Threat d. Overflow
Identified
All risks must be: Transferred Eliminated Identified Insured
d. Role-based policy
An access control policy for a bank teller is an example of the implementation of which of the following? a. Rule-based policy b. Identity-based policy c. User-based policy d. Role-based policy
tunnel
Another name for a VPN is a: tunnel one-time password pipeline bypass
OSI protocol Layer seven, the Application Layer.
Application Layer Firewalls operate at the: OSI protocol Layer seven, the Application Layer OSI protocol Layer six, the Presentation Layer OSI protocol Layer five, the Session Layer OSI protocol Layer four, the Transport Layer
UPS
Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data operations. Which of the following is not an element that can threaten power systems? Humidity UPS Brownouts Transients Noise
passwords
Examples of types of physical access controls include all except which of the following? passwords locks guards badges
Application
FTP, TFTP, SNMP, and SMTP are provided at what level of the Open System Interconnect (OSI) Reference Model? Application Network Presentation Transport
confidentiality
Goals of attackers include all of the following except confidentiality disclosure alteration denial
of a defense in depth
Good security is built on the concept: of a pass-through device that only allows certain traffic in and out of a defense in depth of preventative controls of management ownership of information security
Be lead by a Chief Security Officer and report directly to the CEO
In an organization, an Information Technology security function should: Be a function within the information systems function of an organization. Report directly to a specialized business unit such as legal, corporate security or insurance Be lead by a Chief Security Officer and report directly to the CEO Be independent but report to the Information Systems function
type 1 errors
In biometric identification systems, false reject rate is associated with: type 2 errors type 1 and type 2 errors type 3 errors type 1 errors
The confinement property
In the Bell-LaPadula model, the star property is also called: The simple security property The confidentiality property The confinement property The tranquility property
Sandbox
Java follows which security model: Least privilege Sandbox CIA OSI
Internet protocols
Like an Intranet, an extranet is a private network that uses which of the following? Internet packets Internet protocols Internet patents Internet ports
password guessing
Like the Kerberos protocol, SESAME is also subject to which of the following? timeslot replay password guessing symmetric key guessing asymmetric key guessing
files, directories, and print queue
Mandatory Access requires that sensitivity labels be attached to all objects. Which of the following would be designated as objects on a MAC system? files,directories, processes, and sockets devices, processes, I/O pipe, and sockets users, windows, and programs files, directories, and print queue
Files, directories and devices
Mandatory Access requires that sensitivity labels to be attached to all objects. Which of the following would be designated as objects on a MAC system? Files, directories, processes and sockets Devices, processes, I/O pipe, and sockets Users, windows, and programs Files, directories and devices
ever-evolving process
Network security is a(n): Product protocols ever-evolving process quick-fix solution
destruction
Related to information security, availability is the opposite of which of the following? delegation distribution documentation destruction
softening their networks
Security pros are not interested in which of the following? dealing quickly and economically with incidents detecting intrusions softening their networks hardening their networks
Key agreement
The Diffie-Hellman algorithm is used for: Encryption Digital signature Non-repudiation Key agreement
Physical Layer, Data Link Layer, Network Layer, Transport Layer, Session Layer, Presentation Layer, Application Layer
The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers are in which of the following order (1 to 7) ? Physical Layer, Network Layer, Data Link Layer Transport Layer, Session Layer, Presentation Layer, Application Layer Physical Layer, Data Link Layer, Network Layer, Transport Layer, Session Layer, Presentation Layer, Application Layer Physical Layer, Data Link Layer Transport Layer, Session Layer, Presentation Layer, Network Layer, Application Layer Physical Layer, Data Link Layer, Network Layer, Session Layer, Transport Layer, Presentation Layer, Application Layer
The ISO/OSI Data Link Layer
The Logical Link Control sub-layer is a part of which of the following? The ISO/OSI Data Link Layer The Reference monitor The Transport layer of the TCP/IP stack model Change management control
Asymmetric key
The RSA algorithm is an example of what type of cryptography? Asymmetric key Symmetric key Secret key Private key
any system on the DMZ can be compromised because it's accessible from the Internet
The general philosophy for DMZ's is that: any system on the DMZ can be compromised because it's accessible from the Internet any system on the DMZ cannot be compromised because it's not accessible from the Internet Some systems on the DMZ can be compromised because they are accessible from the Internet any system on the DMZ cannot be compromised because it's by definition 100 percent safe and not accessible from the internet.
in parallel with every phase throughout the project
The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization? in parallel with every phase throughout the project development and documentation phase system design specifications phase project initiation and planning phase
in parallel with every phase throughout the project
The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization? in parallel with every phase throughout the project project initiation and planning phase system design specifications phase development and documentation phase
Electrical distribution systems
The most prevalent cause of computer center fires is which of the following? Electrical distribution systems Heating systems AC equipment Natural causes
Establish a security audit function
The preliminary steps to security planning include all of the following EXCEPT which of the following? Establish objectives List planning assumptions Establish a security audit function Determine alternate course of action
Detective control
The recording or viewing of events after the fact using a closed-circuit TV camera is considered a: Preventive control Detective control Compensating control Corrective control
you are
The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something: you need non-trivial you are you can get
you are
The three classic ways of authentication yourself to the computer security software are: something you know, something you have, and something: you need you read you are you do
Physical
There are three primary attributes, or responsibiliies, of an access control system. They include all of the following except Physical Identity Authority Accountability
no one
Unrestricted access to production programs should be given to which of the following? maintenance programmers only system owner, on request no one auditors
setting allowable thresholds on a reported activity
Using clipping levels refers to: setting allowable thresholds on a reported activity limiting access to top management staff setting personnel authority limits based on need-to-know basis encryption of data so that it cannot be stolen
The reference monitor
What can be best described as an abstract machine which must mediate all access to subjects to objects? A security domain The reference monitor The security level The security perimeter
The security risk that remains after controls have been implemented
What does "residual risk" mean? The security risk that remains after controls have been implemented Weakness of an asset which can be exploited by a threat Risk that remains after risk assessment has been performed A security risk intrinsic to an asset being audited, where no mitigation has taken place
Risk
What is called the probability that at threat to an information system will materialize? Threat Risk Vulnerability Hole
Authentication
What is called the verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time? Authentication Identification Integrity Confidentiality
Type II Error
What is considered the most important error for a biometric access control system? Type I Error Type II Error Combined Error Rate Crossover Error Rate
Wireless Network communications
What is the 802.11 standard related to? Public Key infrastructure (PKI) Wireless Network communications Packet-switching technology The OSI/ISO model
Contain and repair any damage caused by an event
What is the PRIMARY GOAL of incident handling? Successfully retrieve all evidence that can be used to prosecute Improve the company's ability to be prepared for threats and disasters Improve the company's disaster recovery plan Contain and repair any damage caused by an event
Identification
What is the act of a user professing to an identity, usually in the form of a log-in ID? Confidentiality Identification Authentication Integrity
$60000
What is the highest amount a company should spend annually on countermeasures for protecting an asset valued at $1,000,000 from a threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 30%? $300,000 $150,000 $60,000 $1,500
Network layer
What layer of the ISO/OSI model do routers normally operate at? Network layer Session layer Data link layer Transport layer
Disclosure of residual data
What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects? Disclosure of residual data Unauthorized obtaining of a privileged execution state Denial of service through a deadly embrace Data leakage through convert channels
The process of reducing risk to an acceptable level
What would BEST define risk management? The process of eliminating the risk The process of assessing the risk The process of reducing risk to an acceptable level The process of transferring risk
Network layer
Which OSI/ISO layer is responsible for determining the best route for data to be transferred? Session layer Physical layer Network layer Transport layer
Discretionary Access Control
Which access control model enables the OWNER of the resources to specify what subjects can access specific resources based on their identity? Discretionary Access Control Mandatory Access Control Sensitive Access Control Role-based Access Control
Twisted Pair cables
Which cable technology refers to the CAT3 and CAT5 categories? Coaxial cables Fiber Optic cables Axial cables Twisted Pair cables
Class A fires
Which fire class can water be most appropriate for? Class C fires Class B fires Class A fires Class D fires
An organization that coordinates and supports the response to security incidents
Which of the following best defines a Computer Security Incident Response Team (CSIRT)? An organization that provides a secure channel for receiving reports about suspected security incidents An organization that ensures that security incidents are reported to the authorities An organization that coordinates and supports the response to security incidents An organization that disseminates incident-related information to its constituency and other involved parties
A risk
Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability? A risk A residual risk An exposure A countermeasure
Procedures
Which of the following embodies all the detailed actions that personnel are required to follow? Standards Guidelines Procedures Baselines
employees
Which of the following groups represents the leading source of computer crime losses? hackers industrial saboteurs foreign intelligence officers employees
Rjindael
Which of the following identifies the encryption algorithm selected by NIST for the new Advanced Encryption Standard? Rjindael DC6 Serpent Twofish
Response
Which of the following is NOT a fundamental component of an alarm in an Intrusion Detection System? Communications Enunciator Sensor Response
Develop an information security policy
Which of the following is NOT a task normally performed by a Computer Incident Response Team (CIRT)? Coordinate the distribution of information pertaining to the incident to the appropriates parties Mitigate risk to the enterprise Assemble teams to investigate the potential vulnerabilities Develop an information security policy
Logical access control mechanism
Which of the following is NOT an administrative control? Logical access control mechanism Screening of personnel Development of policies, standards, procedures and guidelines Change control procedures
Data Encryption System (DES)
Which of the following is NOT an asymmetric key algorithm? El Garnal Data Encryption System (DES) Elliptic Curve Cryptosystem (ECC) RSA
TCP is connection-oriented, UDP is not
Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)? TCP is connection-oriented, UDP is not UDP provides for Error Correction, TCP does not UDP is useful for longer messages, rather than TCP TCP does not guarantee delivery of data, UDP does guarantee data delivery
TCP is connection-oriented, UDP is not
Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)? TCP is connection-oriented, UDP is not UDP provides for error correction, TCP does not UDP is useful for longer messages, rather than TCP TCP does not guarantee delivery of data, UDP does not guarantee data delivery
Common combustible
Which of the following is a class A fire? Electrical Common combustible Liquid Halon
Audit trails
Which of the following is a detective control? Segregation of duties Back-up procedures Audit trails Physical access control
Guard dogs
Which of the following is a preventive control? Motion detectors Guard dogs Audit logs Intrusion detection system
UDP
Which of the following is an example of a connectionless communication? UDP X.25 Packet switching TCP
The Software Capability Maturity Model (CMM)
Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes? The Software Capability Maturity Model (CMM) Expert Systems Model The Waterfall Model The Spiral Model
Audit trails
Which of the following is most likely to be useful in detecting intrusions? Access control lists Security labels Audit trails Information security policies
Session layer
Which of the following is not a defined layer in the TCP/IP protocol model? Application layer Session layer Internet layer Network access layer
Prevention of the modification of information by authorized users
Which of the following is not a goal of integrity? Prevention of the modification of information by unauthorized users Prevention of the unauthorized or unintentional modification of information by authorized users Preservation of the internal and external consistency Prevention of the modification of information by authorized users
Automated login for remote users
Which of the following is not a security goal for remote access? Reliable authentication of users and systems Protection of confidential data Easy to manage access control to systems and network resources Automated login for remote users
Identify which information is sensitive
Which of the following is the FIRST step in protecting data's confidentially? Install a firewall Implement encryption Identify which information is sensitive Review all user access rights
People
Which of the following is the weakest link in a security system? People Software Communications Hardware
It minimizes chances of accidental discharge of water
Which of the following is true about a "dry pipe" sprinkler system? It minimizes chances of accidental discharge of water It is a substitute of carbon dioxide systems It maximizes chance of accidental discharge of water It uses less water than "wet pipe" systems.
a. Sniffers allow an attacker to monitor data passing across a network
Which of the following is true related to network sniffing? a. Sniffers allow an attacker to monitor data passing across a network b. Sniffers alter the source address of a computer to disguise and exploit weak authentication methods c. Sniffers take over network connections d. Sniffers send IP fragments to a system that overlap with each other
Polyinstantiation
Which of the following is used in database information security to hide information? Polyinstantiation Inheritance Polymorphism Delegation
fiber optic
Which of the following media is MOST resistant to tapping? microwave twisted pair coaxial cable fiber optic
TCP/IP
Which of the following protocols does the Internet use? SNA DECnet TCP/IP MAP
High cohesion, low coupling
Which of the following represents the best programming? High cohesion, low coupling High cohesion, high coupling Low cohesion, low coupling Low cohesion, high coupling
Employee bonding to protect against losses due to the theft.
Which of the following should NOT be addressed by employee termination practices? Removal of the employee from active payroll files Return of access badges Employee bonding to protect against losses due to the theft. Deletion of assigned login-ID and passwords to prohibit system access
Installing system software
Which of the following should be performed by an operator? Changing profiles Approving changes Adding and removal of users Installing system software
Business unit manager
Which of the following staff member would be best suited to provide information during a review. In this case the review is focused on the controls in place related to the process of defining IT service levels? Systems programmer Legal staff Business unit manager Programmer
It requires careful key management
Which of the following statements is true about data encryption as a method of protecting data? It verifies the accuracy of the data It is usually easily administered It makes few demands on system resources It requires careful key management
User can be authenticated by what he knows
Which of the following statements pertaining to biometrics is FALSE? User can be authenticated by what he does User can be authenticated by what he is User can be authenticated by what he knows A biometric system's accuracy is determined by its crossover rate (CER)
Testing should be performed with live data to cover all possible solutions
Which of the following statements pertaining to software testing is incorrect? Test data generators can be used to systematically generate random test data that can be used to test programs Test data should be part of the specifications Testing should be performed with live data to cover all possible solutions Unit testing should be addressed when the modules are being designed
Fiber optic cables
Which of the following transmission media would NOT be affected by cross talk or interference? Coaxial cables Shielded twisted pairs (STP) Satellite radiolink systems Fiber optic cables
Behavior-based ID Systems
Which of the following types of Intrusion Detection Systems uses deviations from the learned patterns of behavior and triggers an alarm when an activity is considered intrusive (outside of normal system use) occurs? Behavior-based ID Systems Host-based ID systems Knowledge-based ID systems Network-based ID systems
The project will fail to meet business and user needs
Which of the following would be MOST serious risk where a systems development life cycle methodology is inadequate? The project will be incompatible with existing systems The project will fail to meet business and user needs The project will be completed late The project will exceed the cost estimates
T1ime4g01F
Which of the following would be an example of the best password? golf001 Elizabeth T1ime4g01F password
Confidentiality
Which property ensures that only those who are supposed to access the data can get access to it? Confidentiality Capability Integrity Availability
Preventive controls
Which type of control is concerned with avoiding occurrences of risks? Deterrent controls Detective controls Preventive controls Compensating controls
Type C
Which type of fire extinguisher is most appropriate for an information processing facility? Type A Type C Type B Type D
Data or information owner
Who can best determine if technical security controls are adequate in a computer-based application system in regards to the protection of the data being used and it's sensitivity? Data or information user System auditor Data or information owner System manager
Senior management
Who should DECIDE how a company should approach security and what security measures should be implemented? Senior management Data owner Auditor The information security specialist
Because input data is not checked for appropriate length at time of input
Why do buffer overflows happen? Because buffers can only hold so much data Because input data is not checked for appropriate length at time of input Because they are an easy weakness to exploit Because of insufficient system meory
To detect improper or illegal acts by the employees
Why do many organizations require every employee to take a mandatory vacation of a week or more? To detect improper or illegal acts by the employees To lead to greater productivity through a better quality of life for the employee To provide proper cross training for another employee To allow more employees to have a better understanding of the overall system