Final Exam Review
True
A Chinese wall security policy defines a barrier and develops a set of rules that makes sure no subject gets to objects on the other side.
True
A keyword mixed alphabet cipher uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet.
logical access control
A mechanism that limits access to computer systems and network resources is __________
Zone Transfer
A__________ is a unique query of a DNS server that asks for the contents of it's zone
Acceptability
Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering?
False
An SOC 1 report primarily focuses on security and privacy controls.
$40,000
Assume that there are 100 users in an organization who use desktop PC's. The value of each PC is $1,000, which has an exposure factor or 2. Now, if the new ARO is, what will be the value of ALE for this organization
Decryption
Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?
vulnerabilities
Black-hat hackers generally poke holes in systems, but do not attempt to disclose __________ they find to the administrators of those systems.
80
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?
Health Insurance Portability and Accountability Act (HIPAA)
Bob recently accepted a position as the information security and compliance manager for a medicalpractice. Which regulation is likely to most directly apply to Bob's employer?
Prudent
Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities but does not allow other activities. Which permission level is he planning to use?
False
Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management.
Internet
Connecting your computers or devices to the ________ immediately exposes them to attack.
True
Content dependent access control requires the access control mechanism to look at the data to decide who should get to see it.
True
Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized users from sharing it.
True
Digital signatures require asymmetric key cryptography.
Accountability
Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?
False
Encrypting data on storage devices or hard drives is a main strategy to ensure data integrity.
False
FAR (False Acceptance Rate) is the rate at which valid subjects are rejected.
Black-box test
Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?
Wi-Fi
Gary is configuring a Smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity?
Integrity
Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?
443
Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?
True
In security testing, reconnaissanceinvolves reviewing a systemto learn as much as possible about the organization, its systems, and its networks.
Is the security control likely to become obsolete in the near future?
Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?
URL links and ZIP files
Malicious software can be hidden in a _____.
True
Many jurisdictions require audits by law.
True
Message authentication confirms the identity of the person who started a correspondence.
SaaS (Software as a Service)
Microsoft Office 365 is a popular example of__________
security audit
One crucial type of evaluation to avoid a data breach is a
False
Passphrases are less secure than passwords.
True
Performing security testing includes vulnerability testing and penetration testing.
True
Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than justin individual packets.
Audit
Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?
False
Role-based access control (RBAC) means limiting users' access to database views, as opposed to allowing users to access data in database tables directly.
promiscuous
Sniffers operate in ______ mode
False
Temporal isolation is commonly used in combination with rule-based access control.
False
The Delphi method is the estimated loss due to a specific realized threat. The formula to calculate this loss is = SLE × ARO.
True
The Diffie-Hellman (DHE) algorithm is the basis for several common key exchange protocols, including Diffie-Hellman in Ephemeral mode (DHE) and Elliptic Curve DHE (ECDHE).
True
The OSI Reference Model is a theoretical model of networking with interchangeable layers.
Network interface card (NIC)
The Physical part of the LAN Domain Includes a __ , which is an interface between the computer and the LAN physical media.
Remote Access
The _________ Domain connects remote users to the organization's IT infrastructure.
LAN-to-WAN Domain
The ____________ represents the fourth layer of defense for a typical IT infrastructure.
False
The difference between black-hat hackers and white-hat hackers is that black-hat hackers are mainly concerned with finding weaknesses for the purpose of fixing them, and white-hat hackers want to find weaknesses just for the fun of it or to exploit them.
False
The four main types of logs that you need to keep to support security auditing include event, access, user, and security.
security kernel
The_________ is the central part of a computing environment's hardware, software, and firmware that enforces access control for computer systems.
Intrusion Detection System (IDS)
This security appliance examines IP data streams for common attack and malicious intent patterns.
True
True downtime cost is the amount of money a company loses due to downtime, either intentional or unintentional. It is also called opportunity cost.
False
User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity.
False
Wardialers are becoming more frequently used given the rise of digital telephony and now IP telephony or Voice over IP (VoIP).
Rivest-Shamir-Adelman (RSA)
What is NOT a symmetric encryption algorithm?
512 bits
What is NOT a valid encryption key length for use with the Blowfish algorithm?
Unencrypted email
What is NOT an effective key distribution method for plaintext encryption keys?
System configurations
What is NOT generally a section in an audit report?
A list of identified risks that results from the risk-identification process
What is meant by risk register?
DRP diects the actions necessary to recover after a disaster, DRP is a part of a BCP, and BCP does not specify how to recover from disasters just interuptions.
What is the difference between BCP and a DRP
synchronous token
What term is used to describe a device used as a logo authenticator for remote users of a network?
downtime
What term is used to describe the amount of time that an IT system, application, or data is not available to users?
Switch
What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?
System integrity monitoring
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
Wired Equivalent Privacy (WEP)
What wireless security technology contains significant flaws and should never be used?
Non Repudiation
When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve?
threshold
When you apply an account-lockout policy, set the ___________ to a high enough number that authorized users aren't locked out due to mistyped passwords.
False
You must always use the same algorithm to encrypt information and decrypt the same information.
False
You should use easy-to-remember personal information to create secure passwords.
Authority-level policy
_______ is an authorization method in which access to resources is decided by the user's formal status .
Recovery Time Objective (RTO)
____________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage.
Cryptography
____________ is the practice of hiding data and keeping it away from unauthorized users.
logic attacks
use software flaws to crash or seriously hinder the performance of remote servers; can prevent by keeping software up to date
Threat
which term describes an action that can damage or compromise an asset?
True
A DoS attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task
True
A HIDS can detect inappropriate traffic that originates inside the network.
Hot site
Among common recovery location options, this is one that can take over operation quickly. It has all the equipment and data already staged at the location, though you may need to refresh or update the data.
Discretionary access control (DAC)
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?
True
Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext.
SYNflood
In a ________, the attacker sends a large number of packets requesting connections to the victim computer
True
In a chosen-ciphertext attack, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system.
True
SOC 2 reports are created for internal and other authorized stakeholders and are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.
True
SSO (Single Sign-On) reduces human error, which is a major part of system failures.
True
Today's LAN is governed by the institute of Electrical and Electronics Engineers (IEEE) 802.3 standards
Quantum cryptography
Which approach to cryptography provides the strongest theoretical protection?
Smart card and personal identification number(PIN)
Which one of the following is an example of two-factor authentication?
Honeypots
________ are traps which are set to capture information about improper activity on a network.
Relationships
__________ are permissions granted to an authorized user, such as read, write, and execute.
True
A Wireless Access Point (WAP) is the connection between a wired and wireless network
Behavior Detection
Which intrusion detection system strategy relies upon pattern matching?
voice pattern
Which of these biometric authentication methods is not as accurate as the rest?
Password
Which one of the following is an example of a logical access control'?
Subjects cannot change objects that have a lower integrity level.
Which one of the following principles is NOT a component of the Biba integrity model?
packet sniffer
A protocol analyzer or ______ is a software program that enables a computer to monitor and capture network traffic.
True
A substitution cipher replaces bits, characters, or blocks of information with other bits, characters, or blocks.
False
Voice pattern biometrics are accurate for authentication because voices can't easily be replicated by computer software.
Crossover error rate (CER)
Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?
An authentication method in which a user is authenticated at multiple times or event intervals.
Which of the following adequately defines continuous authentication?
True
An algorithm is a repeatable process that produces the same result when it receives the same input.
False
In a known-plaintext attack (KPA), the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data might be.
True
A trusted operating system (TOS) provides features that satisfy specific government requirements for security.
risk management
Any organization that is serious about security will view ___________ as an ongoing process.
True
In non-discretionary access control, access rules are closely managed by the security administrators.
True
In security testing data collection, observation is the input used to differentiate between paper procedures and the way the job is really done.
True
Internet Small Computer System Interface (iSCSI) is a storage networking standard used to link data storage devices to networks using IP for its transport layer.
True
The hash message authentication code (HMAC) is a hash function that uses a key to create a hash, or message digest.
Confidentiality
The requirement to keep information private or secret is the definition of __________.
False
The weakest link in the security of an IT infrastructure is the server.
Need-to-know
_________ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to processing the proper clearance for the object's classification.
Alice's private key
Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?
True
An SOC 1 report is commonly implemented for organizations that must comply with Sarbanes -Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA)
Attack
An attempt to exploit a vulnerability of a computer or network component.
SOC 3
Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?
True
In an incremental backup process, as the week progresses the nightly (incremental) backup takes about the same amount of time
hacker
In popular usage and in the media, the term ______ often describes someone who breaks into a computer system with authorization.
True
Integrity-checking tools use cryptographic methods to make sure nothing and no one has modified the software.
Captive portal
Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?
confidentiality of data and control of access to classified information.
The Bell-La Padula access control model focuses primarily on______________
True
The cost of the countermeasure should be less than the ALE.
Accountability
The process of associating actions with users for later reporting and research is known as
Separation of duties
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?
Virtual LAN (VLAN)
Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?
Kerberos
What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?
Role-Based Access Control (RBAC)
What name is give to an access control method that bases access control approvals on the jobs the user is assigned?
Qualitative Risk Analysis
What name is given to a risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them?
demilitarized zone (DMZ)
What name is given to an exterior network that acts as a buffer zone between the publicInternet and an organizations IT infrastructure (i.e., LAN-to-WAN Domain)?
Report writing
Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?
Checklist
Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?
Keystroke Dynamics
Which of the following biometric trait is very accurate?
Community cloud
___________cloud is a type of infrastructure, which provides services for several organizations
Brewer & Nash
_________model makes sure conflicts of interest are recognized and that people are prevented from taking advantage of data to which they should not have access.
Passphrase
_______is an authentication credential that is generally longer and more complex than a password.
Router
A _____________ examines the network layer address and routes packets based on routing protocol path determination decisions
Business continuity plan (BCP)
A _________________ gives priorities to the functions an organization needs to keep going.
BIA
A ________determines the extent of the impact that a particular incident would have on business operation over time.
Risk avoidance
A company can discontinue or decide not to enter a line of business if the risk level is too high. This is categorized as _____________.
False
A digitized signature is a combination of a strong hash of a message and a secret key.
True
A firewall is a basic network security defense tool.
False
A SOC 1 report primarily focuses on security.
disaster recovery plan (DRP)
A ___________ defines how a business gets back on its feet after a major disaster like a fire or hurricane.
Password Cracker
A ___________ is a software program that performs one of two functions: brute-force password attack to gain unauthorized access to a system, or recovery of passwords stored in a computer system.
True
A degausser creates a magnetic field that erases data from magnetic storage media.
port scanner
A_______is a tool used to scan IP host devices for open ports that have been enabled.
Diffie-Hellman
Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?
Bobs public key
Alice would like to send a message to Bob securely and wishes to encrypt the contents of the message. What key does she use to encrypt this message?
True
An example of a threat to access control is in a peer-to-peer (P2P) arrangement in which users share their My Documents folder with each other by accident.
Symmetric, stream, substitution
Which set of characteristics describes the Caesar cipher accurately?
True
A network protocol governs how networking equipment interacts to deliver data across the network.
True
A person demonstrates anonymity when posting information to a web discussion site without authorities knowing who he or she is.
True
A physical courier delivering an asymmetric key is an example of in-band key exchange.
False positive error
Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?
$200
Assume that there are 100 users in an organization who use desktop PC's. The value of each PC is $1,000, which has an exposure factor or 2. If you expect an event to occur only once every 10 years, what will be the value of ALE for this organization.
SLE is $500: ALE is $10,000
Assume that there are 250 users in an organization who use mobile phones.The value of each phone is $500. In the past 2 years the organization has lost an average of 20 phones a year. Which of the following is correct
Smurf
Barbara is investigating an attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place?
Online Certificate Status Protocol (OCSP)
Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time?
An authentication token used to process challenge-response authentication with a server. It takes the server's challenge value and calculates a response. The user enters the response to authenticate a connection.
Which of the following describes an asynchronous token?
The practice of using computing services that are delivered over a network.
Which of the following is an accurate description of cloud computing?
identification
Which of the following is not a type of authentication?
Ownership
Which type e of authentication includes smart cards?
Transposition
Which type of cipher works by rearranging the characters in a message?
Exposure Factor (EF)
_______ is the proportion of value of a particular asset likely to be destroyed by a given risk,expressed as a percentage.
Stateful matching
__________ looks for specific sequences appearing across several packets in a traffic stream rather than just in individual packets.