Secure Test 2 Study Guide

Ace your homework & exams now with Quizwiz!

As of 2013, Cisco estimated that there were more than________ devices connected to the Internet

7 billion

Which of the following is the definition of botnet?

A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.

What is meant by multi-tenancy?

A database feature that allows different groups of users to access the database without being able to access each other's data.

What is meant by standard?

A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization

Which of the following is the definition of network address translation (NAT)?

A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.

What is meant by authorizing official (AO)?

A senior manager who reviews a certification report and makes the decision to approve the system for implementation.

How is decentralized access control defined?

A system that puts access control into the hands of people, such as department managers, who are closest to system users; there is no one centralized entity to process access requests in this system.

What is meant by multipartite virus?

A type of virus that infects other files and spreads in multiple ways.

What is meant by physically constrained user interface?

A user interface that does not provide a physical means of entering unauthorized information.

Which of the following adequately defines continuous authentication?

An authentication method in which a user is authenticated at multiple times or event intervals.

Which of the following describes an asynchronous token?

An authentication token used to process challenge-response authentication with a server. It takes the server's challenge value and calculates a response. The user enters the response to authenticate a connection.

Which of the following is the definition of Vigenèrecipher?

An encryption cipher that uses multiple encryption schemes in succession.

Which of the following is the definition of anomaly-based IDS?

An intrusion detection system that compares current activity with stored profilesof normal (expected) activity.

A ___ determines the extent of the impact that a particular incident would have on business operations over time

BIA (Business Impact Analysis)

_______________ is another symmetric algorithm that organizations currently use. It is a 64-bit block cipher that has a variable key length from 32 to 448 bits. It is much faster than DES or IDEA and is a strong algorithm that has been included in more than 150 products, as well as v2.5.47 of the Linux kernel. Its author, Bruce Schneier, placed it in the public domain.

Blowfish

Organizations currently use several symmetric algorithms, including ________, which is a substitution-permutation algorithm similar to DES. Unlike DES, its authors made its design criteria public. This 64-bit symmetric block cipher can use keys from 40 to 256 bits. Although it is patented (U.S. patent 5,511,123), its inventors, C.M. Adams and S.E. Tavares, made it available for free use.

CAST

A ________ is one of the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A.

Caesar cipher

_________ ensures that any changes to a production system are tested, documented, and approved

Change control

In a ________, the cryptanalyst can encrypt any information and observe the output. This is best for the cryptanalyst.

Chosen-plaintext attack

________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.

Clean desk/clear screen policy

Which of the following is known as stateful matching

Correct A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets

What name is given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation?

Data Encryption Standard (DES)

which OSI model layer uses Media Access Control (MAC) addresses? device manufacturers assign each hardware device a unique MAC address

Data link layer

_______ is the act of unscrambling ciphertext into plaintext

Decryption

____________ is exercised by frequently evaluating whether countermeasures are performing as expected

Due diligence

________ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job.

Dynamic Host Configuration Protocol (DHCP)

________represents the percentage of the asset value that will be lost if an incident were to occur

Exposure factor (EF)

___________ refers to the amount of harm a threat can cause by exploiting a vulnerability

Impact

Which of the following is the definition of false negative?

Incorrectly identifying abnormal activity as normal

________ is a suite of protocols designed to connect sites securely using IP networks

Internet Protocol Security (IPSec)

A ___ is an encryption key used to encrypt other keys before transmitting them.

Key-encrypting key

In a ________, the cryptanalyst possesses certain pieces of information before and after encryption

Known-plaintext attack (KPA)

________ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object's classification.

Need to know

_______________ enables you to prevent a party from denying a previous statement or action.

Nonrepudiation

What name is given to a protocol to implement a VPN connection between two computers

Point-to-Point Tunneling Protocol (PPTP)

________include a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus.

Polymorphic viruses

Which OSI Reference Model layer is responsible for the coding of data?

Presentation Layer

________ attempts to describe risk in financial terms and put a dollar value on all the elements of a risk

Quantitative risk analysis

________ provides information on what is happening as it happens.

Real-time monitoring

___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization.

Risk

________ is a risk management phase that includes assessment of various types of controls to mitigate the identified risks, selection of a control strategy, and justification of choice of controls

Risk assessment

________ uses various controls to reduce identified risks. These controls might be administrative, technical, or physical.

Risk mitigation

A process that creates the first secure communications session between a client and a server is the definition of ________.

SSL handshake

In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.

SYN flood attack

Which of the following is the definition of white-box testing?

Security testing that is based on knowledge of the application's design and source code.

The ___________ framework defines the scope and contents of three levels of audit reports

Service Organization Control (SOC)

________counter the ability of antivirus programs to detect changes in infected files

Slow viruses

What is a Security Information and Event Management (SIEM) system?

Software and devices that assist in collecting, storing, and analyzing the contents of log files

What is meant by constrained user interface?

Software that allows users to enter only specific information

________are viruses that target computer hardware and software startup functions

System infectors

What is meant by checksum?

The output of a one-way algorithm; a mathematically derived numerical representation of some input.

Unrecognized new processes running, startup messages indicating that new software has been (or is being) installed (registry updating), unresponsiveness of applications to normal commands, and unusual redirection of normal Web requests to unknown sites are all telltale symptoms of a ________.

Trojan

This device uses public key infrastructure (PKI) technology—for example, a certificate signed by a trusted certification authority—and doesn't provide one-time passwords.

USB token

Which of the following defines network mapping?

Using tools to determine the layout and services running on an organization's systems and networks.

What term is used to describe the current encryption standard for wireless networks?

Wi-Fi Protected Access (WPA)

which of the following is the definition of hub?

a network device that connects network segments, echoing all traffic to all other ports

which of the following is the definition of logic bomb?

a program that executes a malicious function of some kind when it detects certain conditions

A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ___

administrative control

A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ________.

administrative control

What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules?

agile development

audits are necessary because of ___.

all of the above (potential liability, negligence, and mandatory regulatory compliance)

a security awareness program includes

all of the above (teaching employees about security objectives, motivating users to comply with security policies, and informing users about trends and threats in society)

________gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced (or otherwise addressed) the risks to your organization

an audit

which of the following is the definition of pattern-based IDS?

an intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders

which OSI reference model layer includes all programs on a computer that interacts with the network?

application layer

Malware developers often use _____________ to write boot record infectors.

assembly language

How your organization responds to risk reflects the value it puts on its ___________.

assets

what term is used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that correspondents do not first have to exchange secret information to communicate securely?

asymmetric key cryptography

One of the ways that malicious code can threaten businesses is by causing economic damage or loss due to the theft, destruction, or unauthorized manipulation of sensitive data. These are known as ________.

attacks against data integrity

Another way that malicious code can threaten businesses is by using mass bulk e-mail (spam), spyware, persistence cookies, and the like, consuming computing resources and reducing user productivity. These are known as ________.

attacks against productivity and performance

Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.

availability

what term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products?

baseline

A method of security testing that isn't based directly on knowledge of a program'sarchitecture is the definition of ________.

black box testing

___ are the main source of distributed denial of service (DDoS) attacks and spam

botnets

What or who is the individual or team responsible for performing the security test and evaluation for the system and for preparing the report for the AO on the risk of operating the system?

certifier

the ___ is a simple review of a plan by managers and the business continuity team to make sure that contact numbers are current and that the plan reflects the company's priorities and structure.

checklist test

___ is a one-way calculation of information that yields a result usually much smaller than the original message.

checksum

There are four basic forms of a cryptographic attack. In a ________, the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data might be.

ciphertext-only attack

Cryptography accomplishes four security goals: nonrepudiation, integrity, authentication, and ___?

confidentiality

The process of managing the baseline settings of a system device is called ________.

configuration control

Security audits help ensure that your rules and ___ are up to date, documented, and subject to change control procedures.

configurations

As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today.

controls

Forensics and incident response are examples of ___________ controls.

corrective

a measure installed to counter or address a specific threat is the definition of ___

countermeasure

What term is used to describe a type of virus that attacks document files containing embedded macro programming capabilities?

data infector

Which osi reference model layer is responsible for transmitting information on computers connected to the same local area network (LAN)?

data link layer

An intrusion detection system (IDS) is an example of ___ controls

detective

An intrusion detection system (IDS) is an example of ___________ controls.

detective

what name is given to an object that uses asymmetric encryption to bind a message or data to a specific entity?

digital signature

the name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ___

emergency operations group

A(n) ________ is a measurable occurrence that has an impact on the business.

event

A ________ is a type of virus that primarily infects executable programs.

file infector

A ___________ controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network.

firewall

A _____________ contains rules that define the types of traffic that can come and go through a network

firewall

Among common recovery location options, this is one that can take over operations quickly. It has all the equipment and data already staged at the location, though you may need to refresh or update the data

hot site

For all the technical solutions you can devise to secure your systems, the __________remains your greatest challenge.

human element

Notification, response, recovery and follow-up, and documentation are all components of what process?

incident handling

Malicious code attacks all three information security properties. Malware can modify database records either immediately or over a period of time. This property is ___

integrity

The number of possible keys to a cipher is a ___________.

keyspace

Whether software or hardware based, a ____________ captures keystrokes, or user entries, and then forwards that information to the attacker

keystroke logger

What term is used to describe the probability that a potential vulnerability might be exercised within the construct of an associated threat environment?

likelihood

A ___________ is a program that executes a malicious function of some kind when it detects certain conditions.

logic bomb

A method to restrict access to a network based on identity or other rules is the definition of ________

network access control (NAC)

What term is used to describe a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address?

network address translation (NAT)

If knowing about an audit changes user behavior, an audit will ____________.

not be accurate

What term is used to describe an encryption algorithm that has no corresponding decryption algorithm?

one-way algorithm

What term is used to describe a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version are running on a computer?

operating system fingerprinting

A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator is the definition of _______

packet-filtering firewall

It's essential to match your organization's required __________ with its security structure

permission level

A ____________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.

phishing attack

An organization's facilities manager is often responsible for ____________.

physical access control

What term is used to describe a type of virus that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus?

polymorphic virus

What term is used to describe a set of step-by-step actions to be performed to accomplish a security requirement, process, or objective?

procedure

You must consider many factors when evaluating countermeasures. Countermeasures might generate more calls to the help desk, slower response times for users, and so on. This is referred to as ________.

productivity impact

enacting changes to respond to reported problems is called

reactive change management

Network ________ is gathering information about a network for use in a future attack

reconnaissance

attack countermeasures such as antivirus signature files or integrity databases.

retro viruses

A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost.

risk

An organization knows that a risk exists and has decided that the cost of reducing it is higher than the loss would be. This can include self-insuring or using a deductible. This is categorized as ________.

risk acceptance

___ allows an organization to transfer risk to another entity. Insurance is a common way to reduce risk

risk assignment

A company can discontinue or decide not to enter a line of business if the risk level is too high. This is categorized as ________.

risk avoidance

What name is given to an access control method that bases access control approvals on the jobs the user is assigned?

role-based access control (RBAC)

what term is used to describe something built in or used in a system to address gaps or weaknesses in the controls that could otherwise lead to an exploit?

safeguard

What name is given to random characters that you can combine with an actual input key to create the encryption key?

salt value

From the perspective of a _________ professional, configuration management evaluates the impact a modification might have on security

security

One of the best ways to avoid wasting your organization's resources is to ensure that you follow the ________ review cycle.

security

The ___________ team's responsibilities include handling events that affect your computers and networks and ultimately can respond rapidly and effectively to any event.

security administration

the primary tasks of an organization's ___ team is to control access to systems or resources.

security administration

when an information security breach occurs in your organization, a ___ helps determine what happened to the system and when

security event log

The ____________ is the central part of a computing environment's hardware, software, and firmware that enforces access control for computer systems.

security kernel

your organization's ___ sets the tone for how you approach related activities.

security policy

what is meant by gray-box testing?

security testing that is based on limited knowledge of an application's design

___ is the process of dividing a task into a series of unique activities performed by different people, whom is allowed to execute only one part of the overall task

separation of duties

which OSI reference model layer creates, maintains, and disconnects communications that take place between processes over the network?

session layer

The ________ identifies staff reaction and response times as well as inefficiencies or previously unidentified vulnerabilities. All members of the staff involved in operations or procedures participate in the test.

simulation test

An organization's facilities manager might give you a security card programmed with your employee ID number, also known as a ________.

smart card

In a _________, attackers direct forged Internet Control Message Protocol (ICMP) echo-request packets to IP broadcast addresses from remote locations to generate denial of service attacks.

smurf attack

One of the most popular types of attacks on computer systems involves ___________. These attacks deceive or use people to get around security controls. The best way to avoid this risk is to ensure that employees know how to handle such attacks.

social engineering

Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ________.

standards

What name is given to a type of virus that uses a number of techniques to conceal itself from the user or detection software?

stealth virus

What term is used to describe a device used as a logon authenticator for remote users of a network?

synchronous token

A ___ enables the virus to take control and execute before the computer can load most protective measures.

system infector

what is meant by key distribution?

the process of issuing keys to valid users of a cryptosystem so they can communicate

which of the following is the definition of hardened configuration?

the state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.

what is meant by certification?

the technical evaluation of a system to provide assurance that you have implemented the system correctly

The primary difference between SOC 2 and SOC 3 reports is ________.

their audience

A(n) ________ is an intent and method to exploit a vulnerability

threat source

An attacker or event that might exploit a vulnerability is a(n) ____________.

threat source

when you apply an account-lockout policy, set the ___ to a high enough number that authorized users aren't locked out due to mistyped passwords

threshold

Temporal isolation restricts access to specific _________ and is often used in combination with role-based access control.

times

Certain security objectives add value to information systems. ___ provides an exact time when producer creates or sends information.

timestamping

Because personnel are so important to solid security, one of the best security controls you can develop is a strong security ___________ and awareness program.

training

What name is given to an encryption cipher that rearranges characters or bits of data

transposition cipher

Which of these biometric authentication methods is not as accurate as the rest?

voice pattern

a ___ is a flaw or weakness in a system's security procedures, design, implementation, or internal controls

vulnerability

Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarm thresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________.

worm


Related study sets

Implementing a Public Key Infrastructure

View Set

Basics of Credit, Credit Cards, and Credit scores & Reports

View Set

Management Exam 3 Ch. 15, 16, 17, 18

View Set

MGMT 1 Chapter 8 - Structuring Organizations for Today's Challenges

View Set