Exam 2: Ch 8
Which of the following techniques is the most effective way to protect the perimeter? A) deep packet inspection B) stateful packet filtering C) static packet filtering D) all of the above are equally effective E) moat
A) deep packet inspection
Which of the following combinations of credentials is an example of multifactor authentication? A) Voice recognition and a fingerprint reader B) Password and a user ID C) A PIN and an ATM card D) All of the above E) An excuse and a note from your Mommy
C) A PIN and an ATM card
Which of the following statements is true? A) The concept of defense-in-depth reflects the fact that security involves the use of a few sophisticated technical controls. B) The time-based model of security can be expressed in the following formula: P < D + C. C) Information security is necessary for protecting confidentiality, privacy, integrity of the processing, and availability of information resources. D) Information security is primarily an IT issue, not a managerial concern.
C) Information security is necessary for protecting confidentiality, privacy, integrity of the processing, and availability of information resources.
Which of the following is a detective control? A) Endpoint hardening B) Physical access controls C) Penetration testing D) Patch management E) Sherlock-o-meter
C) Penetration testing
Which of the following is a preventive control? A) Log analysis B) CIRT C) Training D) Virtualization E) Security testing and audits
C) Training
The control procedure designed to restrict what portions of an information system an employee can access and what actions he or she can perform is called __________. A) authentication B) intrusion prevention C) authorization D) intrusion detection E) Mom
C) authorization
Modifying default configurations to turn off unnecessary programs and features to improve security is called _________. A) user account management B) defense-in-depth C) hardening D) vulnerability scanning E) lock-down
C) hardening
Which of the following is a corrective control designed to fix vulnerabilities? A) virtualization B) penetration testing C) patch management D) authorization E) vulnerabilities-fix-it kit
C) patch management
A firewall that implements perimeter defense by examining only information in the packet header of a single IP packet in isolation is using a technique referred to as _________. A) deep packet inspection B) stateful packet filtering C) static packet filtering D) single packet inspection E) Inspector Rejector
C) static packet filtering
A weakness that an attacker can take advantage of to either disable or take control of a system is called a(n) __________. A) exploit B) patch C) vulnerability D) attack E) virus
C) vulnerability
The Trust Services Principle "Privacy" focuses on
Ensuring that personal information from customers, suppliers, and employees is collected, used, disclosed, and maintained in a manner that is consistent with organization policies.
The Trust Services Principle "Processing Integrity" focuses on
Ensuring the accuracy of data
The Trust Services Principle "Confidentiality" focuses on
Protection of sensitive corporate data from unauthorized disclosure
Which step should happen first as part of the incident response process? a) Recognition of an attack b)Containment of the problem by the incident response team c)Analysis of the root cause of the incident d)Recovery from backups
a) Recognition of an attack
Which term refers to software that an attacker can use to compromise a system? a)exploit b)virtualization c)vulnerability d)patch
a)exploit
A firewall is an example of a _________ control. a)preventive b)detective c)corrective d)None of these answers are correct
a)preventive
Virtualization refers to the ability to a)run multiple systems simultaneously on one physical computer. b)use the Internet to perform all needed system functions. c)eliminate the need for a physical computer. d)use web-based security to protect an organization.
a)run multiple systems simultaneously on one physical computer.
The Trust Services Reliability Principle that states, "access to the system and its data is controlled and restricted to legitimate users," is known as: a)Processing integrity. b) Security. c)Privacy. d)Confidentiality.
b) Security.
Which of the following statements about virtualization and cloud computing are true? a)Perimeter protection techniques (e.g., firewalls, IDS, and IPS) are important b)All of these are correct c)Strong user access controls are important d)The time-based model of security applies
b)All of these are correct
Which of the following is an example of multi-factor authentication: a)Password plus smart card b)All of these are examples of multi-factor authentication c)Voice recognition plus answer to security question d) USB device plus retina scan
b)All of these are examples of multi-factor authentication
Which of the following is the final phase of the incident response process? a)Containment of the problem by the incident response team b)Analysis of the root cause of the incident c)Recognition of an attack d)Recovery from backups
b)Analysis of the root cause of the incident
According to the time-based model of security, one way to increase the effectiveness is to a)Increase R b)Increase P c)All of these are correct d)Increase D
b)Increase P
Which of the following is the correct sequence of steps in the incident response process? a)Stop the attack, repair the damage, recognize that a problem exists, learn from the attack b)Recognize that a problem exists, stop the attack, repair the damage, learn from the attack c)Stop the attack, recognize that a problem exists, repair the damage, learn from the attack d)Recognize that a problem exists, repair the damage, stop the attack, learn from the attack
b)Recognize that a problem exists, stop the attack, repair the damage, learn from the attack
If the time an attacker takes to break through the organization's preventive controls is shorter than the sum of the time required for the organization to detect the attack and the time required to respond to the attack, then organization's security is considered a)efficient. b)ineffective. c)inefficient. d)effective.
b)ineffective.
Which of the following are examples of social engineering? a)Researching the existence of vulnerabilities b)Distributing free USB flash drives to attendees at a trade show c)Phone calls to staff, impersonating an executive and asking staff to provide emergency access d)Spear phishing e)Using software tools to scan and map the target network
b,c,d
Which of the following is NOT example of multi-factor authentication? a)A fingerprint and a USB device b)A password and a cellphone c)A passphrase and a security question d)A 6-digit PIN and a smart card
c)A passphrase and a security question
Combining a password with which of the following is an example of multi-modal authentication: a)Your email address b)Correctly identifying a picture you had selected when you set up the account c)All of these are examples of multi-modal authentication d) Name of your first grade teacher
c)All of these are examples of multi-modal authentication
Which device blocks or admits individual packets by examining information in the TCP and IP headers? a)Intrusion prevention systems b)DMZ c)Firewalls
c)Firewalls
Which device not only detects that a sequence of packets represents an attack but also automatically takes steps to block that attack? a)Firewall b)Intrusion Detection System (IDS) c)Intrusion Prevention System (IPS) d)None of these are correct
c)Intrusion Prevention System (IPS)
Which device inspects a pattern of packets and automatically blocks that traffic if the device thinks the sequence represents part of an attack? a)Firewalls b)Intrusion detection systems (IDS) c)Intrusion prevention system (IPS)
c)Intrusion prevention system (IPS)
The time-based model of security posits that security is effective when the following equation is satisfied: a)P < D + R b)P = D + R c)P > D +R d)None of these are correct.
c)P > D +R
Which of the following is an example of multi-modal authentication: a)PIN plus ATM card b)Smart card plus fingerprint scan c)Passphrase plus answer to a security question d)All of these are examples of multi-modal authentication
c)Passphrase plus answer to a security question
The Trust Services Framework identifies 5 principles for systems reliability. Which one of those 5 principles is a necessary prerequisite to the other four? a)Confidentiality b)Processing integrity c)Security d)Privacy e)Availability
c)Security
The steps that criminals take to identify potential points of remote entry is called a)research. b)conduct reconnaissance. c)scan and map the target. d)attempt social engineering.
c)scan and map the target.
Which steps in a targeted attack do organizations have little or no ability to prevent? a)Scan and map the target b)Cover tracks c) Conduct reconnaissance d)Research e)Attempt social engineering f)Execute the attack
c,d,e
Which of the following statements are true? a)The Internet of Things can either increase or decrease security, depending upon how it is implemented b)Virtualization can either increase or decrease security, depending upon how it is implemented c)Cloud computing can either increase or decrease security, depending upon how it is implemented d)All of these are correct
d)All of these are correct
Which of the following is the second step in the incident response process? a)Recovery from backups b)Analysis of the root cause of the incident c)Recognition of an attack d)Containment of the problem by the incident response team
d)Containment of the problem by the incident response team
What is the objective of a penetration test? a)To correct identified weaknesses by applying updates that eliminate known vulnerabilities. b)To prevent employees from doing actions that are incompatible with their job functions. c)To determine whether or not a system can be broken into. d)To identify where additional protections are most needed to increase the time and effort required to compromise the system.
d)To identify where additional protections are most needed to increase the time and effort required to compromise the system.
Running multiple systems (e.g., Windows, Unix, and Mac) on a single physical machine is referred to as: a)Cloud Computing b)None of these are correct c)Internet of Things d)Virtualization
d)Virtualization
