Exam 2 Study Guide

Ace your homework & exams now with Quizwiz!

The steps in an Internet vulnerability assessment

1. Planning, scheduling, and notification 2. Target Selection 3. Scanning 4. Analysis 5. Record Keeping

version

A __________ is the recorded condition of a particular revision of a software or hardware configuration item.

Electronic Vaulting

A backup method that uses bulk batch transfer of data to an off-site facility; this transfer is usually conducted via leased lines or secure Internet connections

symmetric encryption

A cryptographic method in which the same algorithm and secret key are used both to encipher and decipher the message

Encryption: Asymmetric Key

A cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message.

asymmetric encryption

A cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message.

transposition cipher

A cryptographic operation that involves simply rearranging the values within a block based on an established pattern.

Vernam cipher

A cryptographic technique developed at AT&T and known as the "one-time pad," this cipher uses a set of characters for encryption operations only one time and then discards it.

Penetration Testing

A level beyond vulnerability testing, set of test that simulate a malicious external attack performed as part of a full security audit.

Difficult

A password should be _________________ to guess. __________

Bugtraq

A primary mailing list for new vulnerabilities, called simply __________, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists.

VPN

A private, secure network operated over a public and insecure network.

traffic analysis

A process called __________ examines the traffic that flows through a system and its associated devices to identify the most frequently used devices.

Proxy Server

A server that exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server, thus protecting and minimizing the demand on internal servers

Content Filter

A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example, restricting user access to Web sites with material that is not related to business, such as pornography or entertainment.

content filter

A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example, restricting user access to Web sites with material that is not related to business, such as pornography or entertainment.

scanning

A step commonly used for Internet vulnerability assessment includes __________, which occurs when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection.

weighted table analysis or weighted factor analysis

A useful tool for resolving the issue of what business function is the most critical, based on criteria selected by the organization, is the __________.

configuration

A(n) __________ item is a hardware or software item that is to be modified and revised throughout its life cycle.

Calculate asset valuation and combine with the likelihood and impact of potential attacks in a TVA worksheet.

According to NIST's SP 800-34, Rev. 1, which of the following is NOT one of the stages of the business impact assessment?

Conduct an after-action review.

After an incident, but before returning to its normal duties, the CSIRT must do which of the following?

Mission Critical

All systems that are ________________should be enrolled in platform security validation (PSV) measurement.

Honey Pot

An application that entices individuals who are illegally perusing the internal areas of a network by providing simulated rich content areas while the software notifies the administrator of the intrusion

Example of Traffic Analysis

An example of the type of vulnerability exposed via occurs when an organization is trying to determine if all its device signatures have been adequately masked. __________

PKI

An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates.

Business Continuity

An organization's set of efforts to ensure its long-term viability when a disaster precludes normal operations at the primary site. The organizations temporarily establishes critical operations at an alternate site until it can resume operations at the primary site or select and occupy a new primary site

Crisis Management

An organization's set of planning and preparation efforts for dealing with potential human injury, emotional trauma, or loss of life as a result of a disaster

when an incident is detected that affects the organization

At what point in the incident life cycle is the IR plan initiated?

plans for unexpected adverse events

Contingency planning is primarily focused on developing __________.

performance

Control __________ baselines are established for network traffic and for firewall performance and IDPS performance.

intelligence

Detailed __________ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported.

Which of the following is the first major task in the BIA, according to NIST SP 800-34, Rev. 1? a. Determine mission/business processes and recovery criticality. b. Calculate asset valuation and combine with the likelihood and impact of potential attacks in a TVA worksheet. c. Identify recovery priorities for system resources. d. Identify resource requirements.

Determine mission/business processes and recovery criticality.

When an information security team is faced with a new technology, which of the following is NOT a recommended approach? a. Determine if the benefits of the proposed technology justify the expected costs. b. Consider how the proposed solution will affect the organization's risk exposure. c. Include costs for any additional risk control requirements that are mandated by the new technology. d. Evaluate how the new technology will enhance employee skills.

Evaluate how the new technology will enhance employee skills.

Which of the following is true about firewalls and their ability to adapt in a network? a. Firewalls deal strictly with defined patterns of measured observation. b. Because firewalls are not programmed like a computer, they are less error prone. c. Firewalls are flexible and can adapt to new threats. d. Firewalls can interpret human actions and make decisions outside their programming.

Firewalls deal strictly with defined patterns of measured observation.

Packet Sniffer

Hardware or software that can provide a network administrator with valuable information to help diagnose and resolve networking issues

What is included in detailed intelligence

Highest risk warnings from monitoring

Which technology has two modes of operation: transport and tunnel? a. Secure Hypertext Transfer Protocol b. Secure Sockets Layer c. Secure Shell d. IP Security Protocol

IP Security Protocol

Work well

If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to __________________

transport mode

In IPSec, an encryption method in which only a packet's IP data is encrypted, not the IP headers themselves; this method allows intermediate nodes to read the source and destination addresses.

Sensor

In an IDPS, a ______________ is a piece of software that resides on a system and reports back to a management server. __________

risk

In some instances, _______________ is acknowledged as being part of an organization's business process.

single bastion host

In the _________ firewall architecture, a single device configured to filter packets serves as the sole security point between the two networks.

business continuity

In the event of an incident or disaster, which planning element is used to guide off-site operations?

permutation

In which cipher method are values rearranged within a block to create the ciphertext?

full-interruption

In which contingency plan testing strategy do individuals follow each and every IR/DR/BC procedure, including the disruption of service, restoration of data from backups, and notification of appropriate individuals?

simulation

In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?

cold site

In which type of site are no computer hardware or peripherals provided?

External Monitoring

Intelligence can come from a number of sources: vendors, CERT organizations, public network sources, and membership sites.

Which of the following is true about a hot site? a. It is an empty room with standard heating, air conditioning, and electrical service. b. It includes computing equipment and peripherals with servers but not client workstations. c. All communications services must be installed after the site is occupied. d. It duplicates computing resources, peripherals, phone systems, applications, and workstations.

It duplicates computing resources, peripherals, phone systems, applications, and workstations.

Which of the following is true about symmetric encryption? a. It is also known as public key encryption. b. It requires four keys to hold a conversation. c. It uses a private and public key. d. It uses a secret key to encrypt and decrypt.

It uses a secret key to encrypt and decrypt.

difference analysis

One approach that can improve the situational awareness of the information security function is to use a process known as __________ to quickly identify changes to the internal environment.

inventory

Organizations should have a carefully planned and fully populated ____________ of all their network devices, communication channels, and computing devices. __________

external environment

Over time, external monitoring processes should capture information about the _________________________in a format that can be referenced across the organization as threats emerge and for historical use.

may become inadequate

Over time, policies and procedures ____________________________due to changes in the organization's mission and operational requirements, threats, or the environment.

Reviewed and refreshed

Policy needs to be _______________________ from time to time to ensure that it's providing a current foundation for the information security program.

digital certificate

Public key container files that allow PKI system components and end users to validate a public key and identify its owner.

over 40 percent of

The Hartford insurance company estimates that, on average, __________ businesses that don't have a disaster plan go out of business after a major loss like a fire, a break-in, or a storm.

insecure.org

The __________ Web site is home to the leading free network exploration tool, Nmap.

Packet Storm

The __________ commercial site focuses on current security tool resources.

CERT/CC

The __________ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.

scope

The __________ is a statement of the boundaries of the RA.

Snort

The __________ mailing list includes announcements and discussion of a leading open-source IDPS.

PSV

The __________ process is designed to find and document vulnerabilities that may be present because there are misconfigured systems in use within the organization.

intranet

The __________ vulnerability assessment is a process designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network.

wireless

The __________ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's wireless local area networks.

contingency planning

The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster are known as __________.

...

The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster. This planning includes incident response, disaster recovery, and business continuity efforts, as well as preparatory business impact analysis

work recovery time (WRT)

The amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered is known as __________.

Remote Journaling

The backup of data to an off-site facility in close to real time based on transactions as they occur

monitor activity, report results and escalate warnings

The basic function of the external monitoring process is to ________________________

dual-homed host

The bastion host is usually implemented as a __________, as it contains two network interfaces: one that is connected to the external network and one that is connected to the internal network, such that all traffic must go through the device to move between the internal and external networks.

Repair

The best method of remediation in most cases is to ________________a vulnerability. __________

socket

The combination of a system's TCP/IP address and a service port is known as a __________.

Cryptology

The field of science that encompasses cryptography and cryptanalysis

crisis management planning team (CMPT)

The group of senior managers and project members organized to conduct and lead all CP efforts is known as the __________.

Incident Damage Assessment

The initial determination of the scope of the breach of confidentiality, integrity, and availability of information and information assets

demilitarized zone

The intermediate area between trusted and untrusted networks is referred to as which of the following?

recovery time objective (RTO)

The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources and supported business processes is known as __________.

IRP

The optimum approach for escalation is based on a thorough integration of the monitoring process into the __________.

Footprinting

The organized research and investigation of Internet addresses owned or controlled by a target organization

footprinting

The organized research and investigation of Internet addresses owned or controlled by a target organization.

vulnerability assessment (VA). _________

The process of identifying and documenting specific and provable flaws in the organization's information asset environment is called

cryptanalysis

The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption is known as __________.

Cryptanalysis

The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption.

Nonrepudiation

The process of reversing public key encryption to verify that a message was sent by a specific sender and thus cannot be refuted.

false reject rate

The rate at which authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device is known as the __________.

Desk Check Test

The simplest kind of validation involves distributing copies of the appropriate plans to all individuals who will be assigned roles during an actual incident or disaster.

stop the incident, mitigate incident effects, provide information for recovery from the incident

The steps in IR are designed to:

computer security incident response team (CSIRT)

The team responsible for designing and managing the IR plan by specifying the organization's preparation, reaction, and recovery from incidents is known as the __________.

maximum tolerable downtime (MTD)

The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption, including all impact considerations, is known as __________.

KDC

The_______________ component of Kerberos knows the secret keys of all clients and servers on the network.

The components of the "security triple"

Threats Assets vulnerabilities

baselines

To evaluate the performance of a security system, administrators must establish system performance __________.

60

To maintain optimal performance, one typical recommendation suggests that when the memory usage associated with a particular CPU-based system averages __________% or more over prolonged periods, you should consider adding more memory.

Port Scanner

Tools used both by attackers and defenders to identify or fingerprint active computers on a network, the active ports and services on those computers, the functions and roles of the machines, and other useful information.

Network Connectivity RA

Used to respond to network change requests and network architectural design proposals.

SSL

Was developed by Netscape in 1994 to provide security for online e-commerce transactions.

honey pot

What is an application that entices individuals who are illegally perusing the internal areas of a network by providing simulated rich content areas while the software notifies the administrator of the intrusion?

digital signature

What is most commonly used for the goal of nonrepudiation in cryptography?

Identify recovery priorities for system resources.

What is the final stage of the business impact analysis when using the NIST SP 800-34 approach?

fingerprinting

What is the next phase of the pre-attack data gathering process after an attacker has collected all of an organization's Internet addresses?

packet sniffer

What tool would you use if you want to collect information as it is being transmitted on the network and analyze the contents for the purpose of solving network problems?

business continuity plan

When a disaster renders the current business location unusable, which plan is put into action?

Evaluate how the new technology will enhance employee skills.

When an information security team is faced with a new technology, which of the following is NOT a recommended approach?

Incident response plan elements

When possible, major _________________________________ should be rehearsed. __________

Protect

Which of the following NIST Cybersecurity Framework (CSF) stages relates to implementation of effective security controls (policy, education, training and awareness, and technology)?

Respond

Which of the following NIST Cybersecurity Framework (CSF) stages relates to reacting to an incident?

authentication

Which of the following access control processes confirms the identity of the entity seeking access to a logical or physical area?

fingerprint recognition

Which of the following biometric authentication systems is considered to be truly unique, suitable for use, and currently cost-effective?

iris scan

Which of the following biometric authentication systems is the most accepted by users?

face geometry

Which of the following characteristics currently used for authentication purposes is the LEAST unique?

incident damage assessment

Which of the following determines the scope of the breach of confidentiality, integrity, and availability of information and information assets?

sending DoS packets to the source

Which of the following is NOT a method employed by IDPSs to prevent an attack from succeeding?

React

Which of the following is NOT a stage in the NIST Cybersecurity Framework (CSF)?

something a person says

Which of the following is NOT among the three types of authentication mechanisms?

replacement

Which of the following is NOT one of the administrative challenges to the operation of firewalls?

unusual consumption of computing resources

Which of the following is a "possible" indicator of an actual incident, according to Donald Pipkin?

key distribution center

Which of the following is a Kerberos service that initially exchanges information with the client and server by using secret keys?

electronic vaulting

Which of the following is a backup method that uses bulk batch transfer of data to an off-site facility and is usually conducted via leased lines or secure Internet connections?

crossover error rate

Which of the following is a commonly used criterion for comparing and evaluating biometric technologies?

use of dormant accounts

Which of the following is a definite indicator of an actual incident, according to Donald Pipkin?

weighted table analysis

Which of the following is a mathematical tool that is useful in assessing the relative importance of business functions based on criteria selected by the organization?

identifying the vulnerabilities that allowed the incident to occur and spread

Which of the following is a part of the incident recovery process?

keeping the public informed about the event and the actions being taken

Which of the following is a responsibility of the crisis management team?

protect and forget

Which of the following is an organizational CP philosophy for overall approach to contingency planning reactions?

flood

Which of the following is the best example of a rapid-onset disaster?

business impact analysis

Which of the following is the first component in the contingency planning process?

Determine mission/business processes and recovery criticality.

Which of the following is the first major task in the BIA, according to NIST SP 800-34, Rev. 1?

incident classification

Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident?

It duplicates computing resources, peripherals, phone systems, applications, and workstations.

Which of the following is true about a hot site?

Firewalls deal strictly with defined patterns of measured observation.

Which of the following is true about firewalls and their ability to adapt in a network?

It uses a secret key to encrypt and decrypt.

Which of the following is true about symmetric encryption?

key

Which of the following is used in conjunction with an algorithm to make computer data secure from anybody except the intended recipient of the data?

ticket granting service

Which of the following provides an identification card of sorts to clients who request services in a Kerberos system?

remote journaling

Which of the following refers to the backup of data to an off-site facility in close to real time based on transactions as they occur?

port-address translation

Which technology employs sockets to map internal private network addresses to a public address using one-to-many mapping?

IP Security Protocol

Which technology has two modes of operation: transport and tunnel?

port scanner

Which tool can best identify active computers on a network?

anomaly-based

Which type of IDPS is also known as a behavior-based intrusion detection system?

signature-based

Which type of IDPS works like antivirus software?

dynamic packet filtering firewall

Which type of device can react to network traffic and create or modify configuration rules to adapt?

proxy server

Which type of device exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server?

stateful packet inspection

Which type of firewall keeps track of each network connection established between internal and external systems?

Program review

__________ allows for major security control components to be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.

Network connectivity RA

__________ is used to respond to network change requests and network architectural design proposals.

White box

__________ penetration testing is usually used when a specific system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target.

Penetration testing

__________, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a malicious external source (hacker).

Remediation

_________________ of vulnerabilities can be accomplished by accepting or transferring the risk, removing the threat, or repairing the vulnerability.

rehersal

adds value by exercising the procedures, identifying shortcomings, and providing security personnel the opportunity to improve the security plan before it is needed.

In an IDPS, a piece of software that resides on a system and reports back to a management server is known as a(n) __________. a. agent b. Both of these are correct. c. Neither of these is correct. d. sensor

agent

DMZ

an intermediate area between a trusted network and an untrusted network that restricts access to internal systems

Patch and Proceed

an organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker's identification and prosecution. __________

Biometrics

are the use of physiological characteristics to provide authentication of an identification. __________

Control Performance Baseline

basis for process control and improvement

In the event of an incident or disaster, which planning element is used to guide off-site operations? a. disaster recovery b. incident response c. project management d. business continuity

business continuity

Which of the following is the first component in the contingency planning process? a. disaster recovery planning b. business impact analysis c. incident response planning d. business continuity training

business impact analysis

CM assists in

change management processes and prevents changes that could detrimentally affect the security posture of a system before they happen. __________

In which type of site are no computer hardware or peripherals provided? a. hot site b. cold site c. timeshare d. warm site

cold site

The team responsible for designing and managing the IR plan by specifying the organization's preparation, reaction, and recovery from incidents is known as the __________. a. computer security incident response team (CSIRT) b. incident response planning team (IRPT) c. disaster recovery planning team (DRPT) d. contingency planning management team (CPMT)

computer security incident response team (CSIRT)

The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster are known as __________. a. disaster readiness b. risk management c. business impact d. contingency planning

contingency planning

Which of the following is a commonly used criterion for comparing and evaluating biometric technologies? a. valid accept rate b. false accept rate c. false reject rate d. crossover error rate

crossover error rate

The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption is known as __________. a. cryptography b. cryptology c. nonrepudiation d. cryptanalysis

cryptanalysis

What is most commonly used for the goal of nonrepudiation in cryptography? a. digital signature b. block cipher c. PKI d. digital certificate

digital signature

Which type of device can react to network traffic and create or modify configuration rules to adapt? a. application layer firewall b. dynamic packet filtering firewall c. proxy server d. intrusion detection system

dynamic packet filtering firewall

The rate at which authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device is known as the __________. a. reset error ratio b. false reject rate c. crossover error rate d. false accept rate

false reject rate

Inventory Characteristics

for hardware and software assets that record the manufacturer and versions are related to technical functionality, and should be highly accurate and updated each time there is a change.

US-Cert

generally viewed as the definitive authority for computer emergency response teams.

There are 6 steps in evaluating the performance of a security system

i. Prepare for data collection ii. Collect data and analyze results iii. Identify corrective actions iv. Develop business case v. Obtain resources vi. Apply corrective actions

Which of the following is a part of the incident recovery process? a. identifying the vulnerabilities that allowed the incident to occur and spread b. supporting personnel and their loved ones during the crisis c. determining the event's impact on normal business operations and, if necessary, making a disaster declaration d. keeping the public informed about the event and the actions being taken to ensure the recovery of personnel and the enterprise

identifying the vulnerabilities that allowed the incident to occur and spread

Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident? a. incident classification b. incident identification c. incident registration d. incident verification

incident classification

wireless access point

is a device used to connect wireless networking users and their devices to the rest of the organization's network(s). __________

Hot Site

is a fully configured computing facility that includes all services, communications links, and physical plant operations.

Packet Filtering Firewall

is a networking device that examines the header information of data packets that come into a network and determines whether to drop them (deny) or forward them to the next network connection (allow), based on its configuration rules. __________

Packet Storm Security

is a popular information security website offering current and historical computer security tools, exploits, and security advisories. It is operated by a group of security enthusiasts that publish new security information and offer tools for educational and testing purposes.

Firewall

is any device that prevents a specific type of information from moving between the untrusted network and the trusted network.

The optimum approach for escalation

is based on a thorough integration of the monitoring process into the Incident response plan (IRP)

False accept Rate

is the rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. __________

For Configuration Management and control

it is important to document the proposed or actual changes in the system security plan. __________

Which of the following is a responsibility of the crisis management team? a. restoring the data from backups b. evaluating monitoring capabilities c. restoring the services and processes in use d. keeping the public informed about the event and the actions being taken

keeping the public informed about the event and the actions being taken

Which of the following is a Kerberos service that initially exchanges information with the client and server by using secret keys? a. key distribution center b. ticket granting service c. authentication server d. authentication client

key distribution center

The vulnerability database,

like the risk, threat, and attack database, both stores and tracks information.

Version

management of changes to documents, computer programs, web sites, or other collections of information.

Revision

managing change in certain areas

Configuration

managing the entire process

The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption, including all impact considerations, is known as __________. a. maximum tolerable downtime (MTD) b. work recovery time (WRT) c. recovery point objective (RPO) d. recovery time objective (RTO)

maximum tolerable downtime (MTD)

Slow Onset Disaster

occurs over time and gradually degrades the capacity of an organization to withstand its effects. __________

What tool would you use if you want to collect information as it is being transmitted on the network and analyze the contents for the purpose of solving network problems? a. packet sniffer b. content filter c. port scanner d. vulnerability scanner

packet sniffer

In which cipher method are values rearranged within a block to create the ciphertext? a. Vernam b. substitution c. monoalphabetic d. permutation

permutation

Contingency planning is primarily focused on developing __________. a. plans for normal operations b. policies for breach notifications c. plans for unexpected adverse events d. policies for normal operation

plans for unexpected adverse events

Which tool can best identify active computers on a network? a. honey pot b. port scanner c. trap and trace d. packet sniffer

port scanner

Difference Analysis

procedure that compares current state of network segment against known previous state of same segment

Traffic Analysis

process of intercepting and examining messages in order to deduce information from patterns

Secure Shell SSH

provides security for remote access connections over public networks by creating a secure and persistent connection.

Which type of device exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server? a. dynamic packet filtering firewall b. intrusion detection system c. proxy server d. application layer firewall

proxy server

War Game

puts a subset of plans in place to create a realistic test environment. __________

The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources and supported business processes is known as __________. a. recovery point objective (RPO) b. maximum tolerable downtime (MTD) c. work recovery time (WRT) d. recovery time objective (RTO)

recovery time objective (RTO)

Which of the following refers to the backup of data to an off-site facility in close to real time based on transactions as they occur? a. timesharing b. electronic vaulting c. database shadowing d. remote journaling

remote journaling

Which of the following is NOT one of the administrative challenges to the operation of firewalls? a. training b. replacement c. responsibility d. uniqueness

replacement

Major planning components

should be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.

In the _________ firewall architecture, a single device configured to filter packets serves as the sole security point between the two networks. a. state-managed firewall b. single bastion host c. single-homed firewall d. screened-subnet firewall

single bastion host

The combination of a system's TCP/IP address and a service port is known as a __________. a. socket b. portlet c. NAT d. packet

socket

Which type of firewall keeps track of each network connection established between internal and external systems? a. stateful packet inspection b. packet filtering c. cache server d. application layer

stateful packet inspection

The steps in IR are designed to: a. stop the incident, mitigate incident effects, provide information for recovery from the incident b. control legal exposure, avoid unfavorable media attention, and minimize impact on stock prices c. delay the incident progress, backtrack the attack to its source IP, and apprehend the intruder d. stop the incident, inventory affected systems, and determine appropriate losses for insurance settlement

stop the incident, mitigate incident effects, provide information for recovery from the incident

White box penetration testing

the internal structure of the code or program is known

Black box penetration testing

the internal structure of the code or program is not known

Disaster Classification

the process of examining an adverse event or incident and determining whether it constitutes an actual disaster. __________

Trusted Network

the system of networks inside the organization that contains its information assets and is under the organization's control

Untrusted Network

the system of networks outside the organization over which it has no control. The internet is an example of an untrusted network.

Which of the following is NOT a major component of contingency planning? a. threat assessment b. disaster recovery c. incident response d. business continuity

threat assessment

Which of the following provides an identification card of sorts to clients who request services in a Kerberos system? a. key distribution center b. ticket granting service c. authentication server d. authentication client

ticket granting service

Program Review

to keep information security program functioning as designed, and continuously improving

Which of the following is a "possible" indicator of an actual incident, according to Donald Pipkin? a. reported attacks b. activities at unexpected times c. unusual consumption of computing resources d. presence of hacker tools

unusual consumption of computing resources

Which of the following is a definite indicator of an actual incident, according to Donald Pipkin? a. use of dormant accounts b. reported attack c. presence of new accounts d. unusual system crashes

use of dormant accounts

CISO

uses the results of maintenance activities and the review of the information security program to determine if the status quo can adequately meet the threats at hand. __________

Bugtraq

website dedicated to documenting up to the minute software bugs.

At what point in the incident life cycle is the IR plan initiated? a. after the BCP is activated b. before an incident takes place c. after the DRP is activated d. when an incident is detected that affects the organization

when an incident is detected that affects the organization

The amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered is known as __________. a. minimum tolerable downtime (MTD) b. recovery point objective (RPO) c. work recovery time (WRT) d. recovery time objective (RTO)

work recovery time (WRT)


Related study sets

Organizational Behavior - Chapter 3

View Set

POSITIONING questions (Hand, finger, thumb, wrist, forearm) EXAM 1

View Set

Series 66 - Insurance-Based Products

View Set