Secure Test 2 Study Guide
As of 2013, Cisco estimated that there were more than________ devices connected to the Internet
7 billion
Which of the following is the definition of botnet?
A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.
What is meant by multi-tenancy?
A database feature that allows different groups of users to access the database without being able to access each other's data.
What is meant by standard?
A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization
Which of the following is the definition of network address translation (NAT)?
A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.
What is meant by authorizing official (AO)?
A senior manager who reviews a certification report and makes the decision to approve the system for implementation.
How is decentralized access control defined?
A system that puts access control into the hands of people, such as department managers, who are closest to system users; there is no one centralized entity to process access requests in this system.
What is meant by multipartite virus?
A type of virus that infects other files and spreads in multiple ways.
What is meant by physically constrained user interface?
A user interface that does not provide a physical means of entering unauthorized information.
Which of the following adequately defines continuous authentication?
An authentication method in which a user is authenticated at multiple times or event intervals.
Which of the following describes an asynchronous token?
An authentication token used to process challenge-response authentication with a server. It takes the server's challenge value and calculates a response. The user enters the response to authenticate a connection.
Which of the following is the definition of Vigenèrecipher?
An encryption cipher that uses multiple encryption schemes in succession.
Which of the following is the definition of anomaly-based IDS?
An intrusion detection system that compares current activity with stored profilesof normal (expected) activity.
A ___ determines the extent of the impact that a particular incident would have on business operations over time
BIA (Business Impact Analysis)
_______________ is another symmetric algorithm that organizations currently use. It is a 64-bit block cipher that has a variable key length from 32 to 448 bits. It is much faster than DES or IDEA and is a strong algorithm that has been included in more than 150 products, as well as v2.5.47 of the Linux kernel. Its author, Bruce Schneier, placed it in the public domain.
Blowfish
Organizations currently use several symmetric algorithms, including ________, which is a substitution-permutation algorithm similar to DES. Unlike DES, its authors made its design criteria public. This 64-bit symmetric block cipher can use keys from 40 to 256 bits. Although it is patented (U.S. patent 5,511,123), its inventors, C.M. Adams and S.E. Tavares, made it available for free use.
CAST
A ________ is one of the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A.
Caesar cipher
_________ ensures that any changes to a production system are tested, documented, and approved
Change control
In a ________, the cryptanalyst can encrypt any information and observe the output. This is best for the cryptanalyst.
Chosen-plaintext attack
________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.
Clean desk/clear screen policy
Which of the following is known as stateful matching
Correct A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets
What name is given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation?
Data Encryption Standard (DES)
which OSI model layer uses Media Access Control (MAC) addresses? device manufacturers assign each hardware device a unique MAC address
Data link layer
_______ is the act of unscrambling ciphertext into plaintext
Decryption
____________ is exercised by frequently evaluating whether countermeasures are performing as expected
Due diligence
________ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job.
Dynamic Host Configuration Protocol (DHCP)
________represents the percentage of the asset value that will be lost if an incident were to occur
Exposure factor (EF)
___________ refers to the amount of harm a threat can cause by exploiting a vulnerability
Impact
Which of the following is the definition of false negative?
Incorrectly identifying abnormal activity as normal
________ is a suite of protocols designed to connect sites securely using IP networks
Internet Protocol Security (IPSec)
A ___ is an encryption key used to encrypt other keys before transmitting them.
Key-encrypting key
In a ________, the cryptanalyst possesses certain pieces of information before and after encryption
Known-plaintext attack (KPA)
________ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object's classification.
Need to know
_______________ enables you to prevent a party from denying a previous statement or action.
Nonrepudiation
What name is given to a protocol to implement a VPN connection between two computers
Point-to-Point Tunneling Protocol (PPTP)
________include a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus.
Polymorphic viruses
Which OSI Reference Model layer is responsible for the coding of data?
Presentation Layer
________ attempts to describe risk in financial terms and put a dollar value on all the elements of a risk
Quantitative risk analysis
________ provides information on what is happening as it happens.
Real-time monitoring
___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization.
Risk
________ is a risk management phase that includes assessment of various types of controls to mitigate the identified risks, selection of a control strategy, and justification of choice of controls
Risk assessment
________ uses various controls to reduce identified risks. These controls might be administrative, technical, or physical.
Risk mitigation
A process that creates the first secure communications session between a client and a server is the definition of ________.
SSL handshake
In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.
SYN flood attack
Which of the following is the definition of white-box testing?
Security testing that is based on knowledge of the application's design and source code.
The ___________ framework defines the scope and contents of three levels of audit reports
Service Organization Control (SOC)
________counter the ability of antivirus programs to detect changes in infected files
Slow viruses
What is a Security Information and Event Management (SIEM) system?
Software and devices that assist in collecting, storing, and analyzing the contents of log files
What is meant by constrained user interface?
Software that allows users to enter only specific information
________are viruses that target computer hardware and software startup functions
System infectors
What is meant by checksum?
The output of a one-way algorithm; a mathematically derived numerical representation of some input.
Unrecognized new processes running, startup messages indicating that new software has been (or is being) installed (registry updating), unresponsiveness of applications to normal commands, and unusual redirection of normal Web requests to unknown sites are all telltale symptoms of a ________.
Trojan
This device uses public key infrastructure (PKI) technology—for example, a certificate signed by a trusted certification authority—and doesn't provide one-time passwords.
USB token
Which of the following defines network mapping?
Using tools to determine the layout and services running on an organization's systems and networks.
What term is used to describe the current encryption standard for wireless networks?
Wi-Fi Protected Access (WPA)
which of the following is the definition of hub?
a network device that connects network segments, echoing all traffic to all other ports
which of the following is the definition of logic bomb?
a program that executes a malicious function of some kind when it detects certain conditions
A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ___
administrative control
A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ________.
administrative control
What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules?
agile development
audits are necessary because of ___.
all of the above (potential liability, negligence, and mandatory regulatory compliance)
a security awareness program includes
all of the above (teaching employees about security objectives, motivating users to comply with security policies, and informing users about trends and threats in society)
________gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced (or otherwise addressed) the risks to your organization
an audit
which of the following is the definition of pattern-based IDS?
an intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders
which OSI reference model layer includes all programs on a computer that interacts with the network?
application layer
Malware developers often use _____________ to write boot record infectors.
assembly language
How your organization responds to risk reflects the value it puts on its ___________.
assets
what term is used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that correspondents do not first have to exchange secret information to communicate securely?
asymmetric key cryptography
One of the ways that malicious code can threaten businesses is by causing economic damage or loss due to the theft, destruction, or unauthorized manipulation of sensitive data. These are known as ________.
attacks against data integrity
Another way that malicious code can threaten businesses is by using mass bulk e-mail (spam), spyware, persistence cookies, and the like, consuming computing resources and reducing user productivity. These are known as ________.
attacks against productivity and performance
Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.
availability
what term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products?
baseline
A method of security testing that isn't based directly on knowledge of a program'sarchitecture is the definition of ________.
black box testing
___ are the main source of distributed denial of service (DDoS) attacks and spam
botnets
What or who is the individual or team responsible for performing the security test and evaluation for the system and for preparing the report for the AO on the risk of operating the system?
certifier
the ___ is a simple review of a plan by managers and the business continuity team to make sure that contact numbers are current and that the plan reflects the company's priorities and structure.
checklist test
___ is a one-way calculation of information that yields a result usually much smaller than the original message.
checksum
There are four basic forms of a cryptographic attack. In a ________, the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data might be.
ciphertext-only attack
Cryptography accomplishes four security goals: nonrepudiation, integrity, authentication, and ___?
confidentiality
The process of managing the baseline settings of a system device is called ________.
configuration control
Security audits help ensure that your rules and ___ are up to date, documented, and subject to change control procedures.
configurations
As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today.
controls
Forensics and incident response are examples of ___________ controls.
corrective
a measure installed to counter or address a specific threat is the definition of ___
countermeasure
What term is used to describe a type of virus that attacks document files containing embedded macro programming capabilities?
data infector
Which osi reference model layer is responsible for transmitting information on computers connected to the same local area network (LAN)?
data link layer
An intrusion detection system (IDS) is an example of ___ controls
detective
An intrusion detection system (IDS) is an example of ___________ controls.
detective
what name is given to an object that uses asymmetric encryption to bind a message or data to a specific entity?
digital signature
the name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ___
emergency operations group
A(n) ________ is a measurable occurrence that has an impact on the business.
event
A ________ is a type of virus that primarily infects executable programs.
file infector
A ___________ controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network.
firewall
A _____________ contains rules that define the types of traffic that can come and go through a network
firewall
Among common recovery location options, this is one that can take over operations quickly. It has all the equipment and data already staged at the location, though you may need to refresh or update the data
hot site
For all the technical solutions you can devise to secure your systems, the __________remains your greatest challenge.
human element
Notification, response, recovery and follow-up, and documentation are all components of what process?
incident handling
Malicious code attacks all three information security properties. Malware can modify database records either immediately or over a period of time. This property is ___
integrity
The number of possible keys to a cipher is a ___________.
keyspace
Whether software or hardware based, a ____________ captures keystrokes, or user entries, and then forwards that information to the attacker
keystroke logger
What term is used to describe the probability that a potential vulnerability might be exercised within the construct of an associated threat environment?
likelihood
A ___________ is a program that executes a malicious function of some kind when it detects certain conditions.
logic bomb
A method to restrict access to a network based on identity or other rules is the definition of ________
network access control (NAC)
What term is used to describe a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address?
network address translation (NAT)
If knowing about an audit changes user behavior, an audit will ____________.
not be accurate
What term is used to describe an encryption algorithm that has no corresponding decryption algorithm?
one-way algorithm
What term is used to describe a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version are running on a computer?
operating system fingerprinting
A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator is the definition of _______
packet-filtering firewall
It's essential to match your organization's required __________ with its security structure
permission level
A ____________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.
phishing attack
An organization's facilities manager is often responsible for ____________.
physical access control
What term is used to describe a type of virus that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus?
polymorphic virus
What term is used to describe a set of step-by-step actions to be performed to accomplish a security requirement, process, or objective?
procedure
You must consider many factors when evaluating countermeasures. Countermeasures might generate more calls to the help desk, slower response times for users, and so on. This is referred to as ________.
productivity impact
enacting changes to respond to reported problems is called
reactive change management
Network ________ is gathering information about a network for use in a future attack
reconnaissance
attack countermeasures such as antivirus signature files or integrity databases.
retro viruses
A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost.
risk
An organization knows that a risk exists and has decided that the cost of reducing it is higher than the loss would be. This can include self-insuring or using a deductible. This is categorized as ________.
risk acceptance
___ allows an organization to transfer risk to another entity. Insurance is a common way to reduce risk
risk assignment
A company can discontinue or decide not to enter a line of business if the risk level is too high. This is categorized as ________.
risk avoidance
What name is given to an access control method that bases access control approvals on the jobs the user is assigned?
role-based access control (RBAC)
what term is used to describe something built in or used in a system to address gaps or weaknesses in the controls that could otherwise lead to an exploit?
safeguard
What name is given to random characters that you can combine with an actual input key to create the encryption key?
salt value
From the perspective of a _________ professional, configuration management evaluates the impact a modification might have on security
security
One of the best ways to avoid wasting your organization's resources is to ensure that you follow the ________ review cycle.
security
The ___________ team's responsibilities include handling events that affect your computers and networks and ultimately can respond rapidly and effectively to any event.
security administration
the primary tasks of an organization's ___ team is to control access to systems or resources.
security administration
when an information security breach occurs in your organization, a ___ helps determine what happened to the system and when
security event log
The ____________ is the central part of a computing environment's hardware, software, and firmware that enforces access control for computer systems.
security kernel
your organization's ___ sets the tone for how you approach related activities.
security policy
what is meant by gray-box testing?
security testing that is based on limited knowledge of an application's design
___ is the process of dividing a task into a series of unique activities performed by different people, whom is allowed to execute only one part of the overall task
separation of duties
which OSI reference model layer creates, maintains, and disconnects communications that take place between processes over the network?
session layer
The ________ identifies staff reaction and response times as well as inefficiencies or previously unidentified vulnerabilities. All members of the staff involved in operations or procedures participate in the test.
simulation test
An organization's facilities manager might give you a security card programmed with your employee ID number, also known as a ________.
smart card
In a _________, attackers direct forged Internet Control Message Protocol (ICMP) echo-request packets to IP broadcast addresses from remote locations to generate denial of service attacks.
smurf attack
One of the most popular types of attacks on computer systems involves ___________. These attacks deceive or use people to get around security controls. The best way to avoid this risk is to ensure that employees know how to handle such attacks.
social engineering
Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ________.
standards
What name is given to a type of virus that uses a number of techniques to conceal itself from the user or detection software?
stealth virus
What term is used to describe a device used as a logon authenticator for remote users of a network?
synchronous token
A ___ enables the virus to take control and execute before the computer can load most protective measures.
system infector
what is meant by key distribution?
the process of issuing keys to valid users of a cryptosystem so they can communicate
which of the following is the definition of hardened configuration?
the state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.
what is meant by certification?
the technical evaluation of a system to provide assurance that you have implemented the system correctly
The primary difference between SOC 2 and SOC 3 reports is ________.
their audience
A(n) ________ is an intent and method to exploit a vulnerability
threat source
An attacker or event that might exploit a vulnerability is a(n) ____________.
threat source
when you apply an account-lockout policy, set the ___ to a high enough number that authorized users aren't locked out due to mistyped passwords
threshold
Temporal isolation restricts access to specific _________ and is often used in combination with role-based access control.
times
Certain security objectives add value to information systems. ___ provides an exact time when producer creates or sends information.
timestamping
Because personnel are so important to solid security, one of the best security controls you can develop is a strong security ___________ and awareness program.
training
What name is given to an encryption cipher that rearranges characters or bits of data
transposition cipher
Which of these biometric authentication methods is not as accurate as the rest?
voice pattern
a ___ is a flaw or weakness in a system's security procedures, design, implementation, or internal controls
vulnerability
Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarm thresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________.
worm
