CYBR 3100 Final Exam Review (Chapter 6-12)
Intrusion __________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.
Correction
Alarm filtering may be based on combinations of frequency, similarity in attack signature, similarity in attack target, or other criteria that are defined by the system administrators.
False
An advance-fee fraud attack involves the interception of cryptographic elements to determine keys and encryption algorithms.
False
An effective information security governance program requires constant change.
False
Authentication is a mechanism whereby unverified entities or supplicants who seek access to a resource provide a label by which they are known to the system.
False
Digital forensics involves chemical and microscopic analysis of evidence using computerized laboratory instruments.
False
Discretionary access control is an access control approach whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users.
False
Encryption methodologies that require the same secret key to encipher and decipher the message are using what is called public key encryption.
False
Hashing functions require the use of keys.
False
In the early stages of planning, the project planner should attempt to specify completion dates only for major employees within the project.
False
The __________ is typically considered the top information security officer in the organization.
CISO
The International Society of Forensic Computer Examiners (ISFCE) offers which certifications?
Certified Computer Examiner (CCE) and Master Certified Computer Examiner (MCCE)
__________ is the requirement that every employee be able to perform the work of another employee.
Task rotation
The capacity of UPS devices is measured using the voltage output rating.
False
The information security function cannot be placed within protective services in an organization's management structure.
False
The most common credential for a CISO-level position is the Security+ certification.
False
Mandatory access controls (MACs)
A required, structured data classification scheme that rates each collection of information as well as each user
__________ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.
HIDPSs
__________ occurs when an authorized person opens a door, and other people, who may or may not be authorized, also enter.
Tailgating
The use of standard job descriptions can increase the degree of professionalism in the information security field.
True
Access Control
A selective method by which systems specify who may use a particular resource and how they may use it. Rely on the following mechanisms: identification, authentication, authorization, and accountability
Discretionary access controls (DACs)
Access controls that are implemented at the discretion or option of the data user
Nondiscretionary controls
Access controls that are implemented by a central authority
Class __________ fires are best extinguished by agents that remove oxygen from the fire.
B
To evaluate the performance of a security system, administrators must establish system performance __________.
Baselines
Class __________ fires are safely extinguished only with non-conducting agents.
C
A(n) __________ is used to justify that the project will be reviewed and verified prior to the development of the project plan.
CBA
The __________ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.
CERT/CC
The __________ is an intermediate area between a trusted network and an untrusted network.
DMZ
One approach that can improve the situational awareness of the information security function uses a process known as __________ to quickly identify changes to the internal environment.
Difference analysis
A __________ system is designed to work in areas where electrical equipment is used. Instead of containing water, the system contains pressurized air.
Dry-pipe
__________ is the process of converting an original message into a form that is unreadable to unauthorized individuals.
Encryption
A technique used to compromise a system is known as a(n) ___________.
Exploit
A(n) _________ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.
FCO
A false positive is the failure of an IDPS system to react to an actual attack event.
False
The parallel operations strategy works well when an isolated group can serve as a test area, which prevents any problems with the new system from dramatically interfering with the performance of the organization as a whole.
False
The work breakdown structure (WBS) can only be prepared with a complex specialized desktop PC application.
False
Water damage from fire suppression systems is considered less dangerous to computer systems than hazardous chemicals like Halon.
False
Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as __________.
Fingerprinting
The Computer __________ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts.
Fraud
Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded.
Governance
__________ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.
Hash
A(n) __________ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.
IDPS
The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________.
Information security
The model commonly used by large organizations places the information security department within the __________ department.
Information technology
Detailed __________ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported.
Intelligence
_________ is the entire range of values that can possibly be used to construct an individual key.
Keyspace
Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs.
LFM
In the __________ process, measured results are compared against expected results.
Negative feedback loop
In a __________ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization.
Pilot
Interior walls only partially reach to the next floor, which leaves a space above the ceiling. This space is called a(n) __________.
Plenum
More advanced substitution ciphers use two or more alphabets, and are referred to as __________ substitutions.
Polyalphabetic
By managing the __________, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce.
Process of change
Using a database of precomputed hashes from sequentially calculated passwords called a(n) __________, an attacker can simply look up a hashed password and read out the text version.
Rainbow table
In most common implementation models, the content filter has two components: __________.
Rating and filtering
A __________ port, also known as a monitoring port, is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.
SPAN
The dominant architecture used to secure network access today is the __________ firewall.
Screened subnet
__________ are the technically qualified individuals tasked to configure firewalls, deploy IDSs, implement security software, diagnose and troubleshoot problems, and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented.
Security technicians
__________ is a cornerstone in the protection of information assets and in the prevention of financial loss.
Separation of duties
Authentication factors
Something you know (password, passphrase); something you have (dumb card, smart card, synchronous tokens, asynchronous tokens); something you are (relies upon individual characteristics, strong authentication)
__________ inspection firewalls keep track of each network connection between internal and external systems.
Stateful
Tasks or action steps that come after the task at hand are called __________.
Successors
A method of encryption that requires the same secret key to encipher and decipher the message is known as __________ encryption.
Symmetric
Accountability
The access control mechanism that ensures all actions on a system—authorized or unauthorized—can be attributed to an authenticated identity. Also known as auditability
Authorization
The access control mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels
identification
The access control mechanism that requires the validation and verification of an unauthenticated entity's purported identity
Authentification
The access control mechanism that requires the validation and verification of an unauthenticated entity's purported identity.
A process called __________ examines the traffic that flows through a system and its associated devices to identifies the most frequently used devices.
Traffic analysis
In IPSec's __________ mode, the data within an IP packet is encrypted, but the header information is not.
Transport
__________ applications use a combination of techniques to detect an intrusion and then trace it back to its source.
Trap and trace
A mandatory vacation provides the organization with the ability to audit the work of an individual.
True
A permutation cipher simply rearranges the values within a block to create the ciphertext.
True
A(n) known vulnerability is a published weakness or fault in an information asset or its protective systems that may be exploited and result in loss.
True
Authentication is the process of validating and verifying an unauthenticated entity's purported identity.
True
Each organization has to determine its own project management methodology for IT and information security projects.
True
If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well.
True
In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network.
True
In general, electrostatic discharge damage to chips produces two types of failures: immediate and latent.
True
Lattice-based access control is a form of access control in which users are assigned a matrix of authorizations for particular areas of access.
True
Over time, policies and procedures may become inadequate due to changes in the organization's mission and operational requirements, threats, or the environment.
True
Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall's database.
True
Physical security is as important as logical security to an information security program.
True
The Digital Signature Standard established by NIST is used for electronic document authentication by federal information systems. It is based on a variant of the ElGamal algorithm.
True
The primary benefit of a VPN that uses _________ is that an intercepted packet reveals nothing about the true destination system.
Tunnel mode
A device that assures the delivery of electric power without interruption is a(n) __________.
UPS
A __________ is the recorded state of a particular revision of a software or hardware configuration item.
Version
The goal of the project __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future.
Wrap-up
