TCMG 308 Exam 1

Ace your homework & exams now with Quizwiz!

A key is:

A code used with ciphers to transform plaintext into ciphertext

Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management.

False

80

HTTP

System/Application Domain

Holds all of the mission-critical systems, applications, and data

Formal security models define:

How privileges are allocated and to who

PGP is a:

Hybrid private/public key scheme

Internet

Links communication networks to one another

Reconnaissance

The act of gathering information about a network for use in a future attack

Keyspace

The set of all possible keys

Which term describes an action that can damage or compromise an asset?

Threat

True or False: Devices that combine the capabilities of mobile phones and personal digital assistants (PDAs) are commonly called smartphones

True

Types of Attacks

Unstructured attacks Structured attacks Direct attacks

Which of the following does NOT offer authentication, authorization, and accounting (AAA) services? Select one: a. Remote Authentication Dial-In User Service (RADIUS) b. Terminal Access Controller Access Control System Plus (TACACS+) c. Redundant Array of Independent Disks (RAID) d. DIAMETER

c. Redundant Array of Independent Disks (RAID)

disclosure threats

sabotage or espionage

Data infectors

(Also called macro infectors) Attack document files containing embedded macro programming capabilities

IP mobile communications graph

1.Mobile node (MN) connects to foreign agent (FA). 2.FA assigns care of address (COA) to MN. 3.FA sends COA to home agent (HA). 4.Correspondent node (CN) sends message to MN. 4a.CN's message for MN goes first to HA. 4b.HA forwards message to COA. 4c.FA forwards message to MN.

The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?

13

U.S. Office of Personal Management 2015

22 million people affected, stolen SSNs, names, places of birth, addresses, millions must be monitored for identity theft for years

? Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?

443

Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support the service?

80

RACE Integrity Primitives Evaluation Message Digest (RIPEMD)

A collection of functions that provide hash values for a wide range of applications

denial of service attack

A coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks -Logic attacks -Flooding attacks Protect using -Intrusion prevention system (IPS) -Intrusion detection system (IDS) Attacks launched using -SYN flood -Smurfing

The exclusive right of a creator to reproduce, prepare derivative works, distribute, perform, display, sell, lend or rent (with the exclusion of fair-use) is:

A copyright

what may a risk register contain

A description of the risk The expected impact if the associated event occurs The probability of the event occurring Steps to mitigate the risk Steps to take should the event occur Rank of the risk

gray hat hacker

A hacker who will identify but not exploit discovered vulnerabilities, yet may still expect a reward for not disclosing the vulnerability openly.

Hash message authentication code (HMAC)

A hash function that uses a key to create the hash, or message digest

Employee agreements may include all Except the following:

A notice that an employee must comply with the 10 Commandments.

The process of getting a security clearance is called:

A personnel security investigation

Algorithm

A repeatable process that produces the same result when it receives the same input

worm definition

A self-contained program that replicates and sends copies of itself to other computers without user input or action Does not need a host program to infect Is a standalone program

Malware Inspection

A specialized form of content inspection, the device looks at packet content for signs of malware

World Wide Web

A system that defines how documents and resources are related across a network machines

A formula, pattern, device or compilation of information used in one's business that creates a competitive advantage is:

A trade secret

Key

A value that is an input to a cryptosystem

Business Continuity Plan definition

A written plan for a structured response to any events that result in an interruption to critical business activities or functions

foundational IT security policies

Acceptable use policy (AUP): The AUP defines the actions that are and are not allowed with respect to the use of organization-owned IT assets. This policy is specific to the User Domain and mitigates risk between an organization and its employees. • Security awareness policy: This policy defines how to ensure that all personnel are aware of the importance of security and behavioral expectations under the organization's security policy. This policy is specific to the User Domain and is relevant when you need to change organizational security awareness behavior. • Asset classification policy: This policy defines an organization's data classification standard. It tells what IT assets are critical to the organization's mission. It usually defines the organization's systems, uses, and data priorities and identifies assets within the seven domains of a typical IT infrastructure. • Asset protection policy: This policy helps organizations define a priority for mission-critical IT systems and data. This policy is aligned with an organization's business impact analysis (BIA) and is used to address risks that could threaten the organization's ability to continue operations after a disaster. • Asset management policy: This policy includes the security operations and management of all IT assets within the seven domains of a typical IT infrastructure. • Vulnerability assessment and management: This policy defines an organization-wide vulnerability window for production operating system and application software. You develop organization-wide vulnerability assessment and management standards, procedures, and guidelines from this policy. • Threat assessment and monitoring: This policy defines an organization-wide threat assessment and monitoring authority. You should also include specific details regarding the LAN-to-WAN Domain and AUP compliance in this policy.

Active Content Vulnerabilities

Active content threats are considered mobile code because these programs run on a wide variety of computer platforms

A potentially dangerous feature in Microsoft Windows that allows interactive objects in a Web page is:

ActiveX

Malicious Add-Ons

Add-ons are companion programs that extend the web browser; can decrease security Malicious add-ons are browser add-ons that contain some type of malware that, once installed, perform malicious actions

Diffie-Hellman is used to:

Allow parties to share private keys over an insecure channel

Simple substitution cipher

Allows any letter to uniquely map to any other letter

white hack hacker

Also called an ethical hacker, is an information systems security professional who has authorization to identify vulnerabilities and perform penetration testing. Difference between white-hat hackers and black-hat hackers is that white-hat hackers will identify weaknesses for the purpose of fixing them, and black-hat hackers find weaknesses just for the fun of it or to exploit them.

ISO/IEC 27005 "Information Security Risk Management"

An ISO standard that describes information security risk management in a generic manner. The documents include examples of approaches to information security risk assessment and lists of possible threats, vulnerabilities, and security controls.

Cipher

An algorithm to encrypt or decrypt information

Business Impact Analysis (BIA)

An analysis of an organization's functions and activities that classifies them as critical or noncritical Identifies the impact to the business if one or more IT functions fails Identifies the priority of different critical systems

what is a security breach

Any event that results in a violation of any of the C-I-A security tenets Some security breaches disrupt system services on purpose Some are accidental and may result from hardware or software failures

Spyware

Any unsolicited background process that installs itself on a user's computer and collects information about the user's browsing habits and website activities

what are the type of web application attacks

Arbitrary/remote code execution: Having gained privileged access or sys admin rights access, the attacker can run commands or execute a command at will on the remote system. Buffer overflow: Attempting to push more data than the buffer can handle, thus creating a condition where further compromise might be possible. Client-side attack: Using malware on a user's workstation or laptop, within an internal network, acting in tandem with a malicious server or application on the Internet (outside the protected network). Cookies and attachments: Using cookies or other attachments (or the information they contain) to compromise security. Cross-site scripting (XSS): Injecting scripts into a web application server to redirect attacks back to the client. This is not an attack on the web application but rather on users of the server to launch attacks on other computers that access it. Directory traversal /command injection: Exploiting a web application server, gaining root file directory access from outside the protected network, and executing commands, including data dumps. Header manipulation: Stealing cookies and browser URL information and manipulating the header with invalid or false commands to create an insecure communication or action. Integer overflow: Creating a mathematical overflow which exceeds the maximum size allowed. This can cause a financial or mathematical application to freeze or create a vulnerability and opening. Lightweight Directory Access Protocol (LDAP) injection: Creating fake or bogus ID and authentication LDAP commands and packets to falsely ID and authenticate to a web application. Local shared objects (LSO): Using Flash cookies (named after the Adobe Flash player), which cannot be deleted through the browser's normal configuration settings. Flash cookies can also be used to reinstate regular cookies that a user has deleted or blocked. • Malicious add-ons: Using software plug-ins or add-ons that run additional malicious software on legitimate programs or applications. • SQL injection: Injecting Structured Query Language (SQL) commands to obtain information and data in the back-end SQL database. • Watering-hole attack: Luring a targeted user to a commonly visited website on which has been planted the malicious code or malware, in hopes that the user will trigger the attack with a unknowing click. • XML injection: Injecting XML tags and data into a database in an attempt to retrieve data. • Zero-day: Exploiting a new vulnerability or software bug for which no specific defenses yet exist.

Public keys are:

Asymmetric

virus defintion

Attaches itself to or copies itself into another program on a computer Tricks the computer into following instructions not intended by the original program developer Infects a host program and may cause that host program to replicate itself to other computers User who runs infected program authenticates the virus

File infectors

Attack and modify executable programs (COM, EXE, SYS, and DLL files in Microsoft Windows)

SYN Flood

Attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer

Smurf Attack

Attackers direct forged Internet Control Message Protocol (ICMP) echo request packets to IP broadcast addresses from remote locations to generate DoS attacks

what are common types of attacks

Attacks on availability: These attacks impact access or uptime to a critical system, application, or data. Attacks on people: These attacks involve using coercion or deception to get another human to divulge information or to perform an action (e.g., clicking on a suspicious URL link or opening an email attachment from an unknown email address). Attacks on IT assets: These attacks include penetration testing, unauthorized access, privileged escalation, stolen passwords, deletion of data, or performing a data breach.

Ransomware

Attempts to generate funds directly from a computer user, Attacks a computer and limits the user's ability to access the computer's data

Telephony denial of service (TDoS)

Attempts to prevent telephone calls from being successfully initiated or received by some person or organization

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?

Audit

A masquerade is a threat to:

Authenticity

what are the type of social engineering attacks

Authority: Using a position of authority to coerce or persuade an individual to divulge information. Consensus/social proof: Using a position that "everyone else has been doing it" as proof that it is okay or acceptable to do. Dumpster diving: Finding unshredded pieces of paper that may contain sensitive data or private data for identity theft. Familiarity/liking: Interacting with the victim in a frequent way that creates a comfort and familiarity and liking for an individual (e.g., a delivery person may become familiar to office workers over time) that might encourage the victim to want to help the familiar person. Hoax: Creating a con or a false perception in order to get an individual to do something or divulge information. Impersonation: Pretending to be someone else (e.g., an IT help desk support person, a delivery person, a bank representative). Intimidation: Using force to extort or pressure an individual into doing something or divulging information. Trust: Building a human trust bond over time and then using that trust to get the individual to do something or divulge information. Scarcity: Pressuring another individual into doing something or divulging information for fear of not having something or losing access to something. Shoulder surfing: Looking over the shoulder of a person typing into a computer screen. Tailgating: Following an individual closely enough to sneak past a secure door or access area. Urgency: Using urgency or an emergency stress situation to get someone to do something or divulge information (e.g., claiming that there's a fire in the hallway might get the front desk security guard to leave their her desk). Vishing: Performing a phishing attack by telephone in order to elicit personal information; using verbal coercion and persuasion ("sweet talking") the individual under attack. Whaling: Targeting the executive user or most valuable employees, otherwise considered the "whale" or "big fish" (often called spear phishing).

ISO 27002

Best-practices document that gives good guidelines for information security management. Part of growing suite of standards.

Which password attack is typically used specifically against password files that contain cryptographic hashes?

Birthday attacks

what are types of active threats

Birthday attacks Brute-force password attacks Dictionary password attacks IP address spoofing Hijacking Replay attacks Man-in-the-middle attacks Masquerading Social engineering Phishing Phreaking Pharming

The most common cipher today is:

Block

what are some type of networking attacks

Bluejacking: Hacking and gaining control of the Bluetooth wireless communication link between a user's earphone and smartphone device. Bluesnarfing: Packet sniffing communications traffic between Bluetooth devices. Evil twin: Faking an open or public wireless network to use a packet sniffer on any user who connects to it. IV attack: Modifying the initialization vector of an encrypted IP packet in transmission in hopes of decrypting a common encryption key over time. Jamming/Interference: Sending radio frequencies in the same frequency as wireless network access points to jam and interfere with wireless communications and disrupting availability for legitimate users. Near field communication attack: Intercepting, at close range (a few inches), communications between two mobile operating system devices. Packet sniffing: Capturing IP packets off a wireless network and analyzing the TCP/IP packet data using a tool such as Wireshark. Replay attacks: Replaying an IP packet stream to fool a server into thinking you are authenticating to it. Rogue access points: Using an unauthorized network device to offer wireless availability to unsuspecting users. War chalking: Creating a map of the physical or geographic location of any wireless access points and networks. War driving: Physically driving around neighborhoods or business complexes looking for wireless access points and networks that broadcast an open or public network connection.

common threats in the remote access domain

Brute force user ID and password attacks: Define user ID and password policy definitions. Use of passwords must be strictly more than eight characters and alphanumeric. Multiple logon retries and access control attacks: Set automatic blocking for attempted for logon retries. Unauthorized remote access to IT systems, applications, and data: Apply first-level and second-level security for remote access to sensitive systems and data. Confidential data compromised remotely: Encrypt all confidential data in the database or hard drive. If the data is stolen, it's encrypted and can't be used. Data leakage in violation of data classification standards: Apply security countermeasures in the LAN-to-WAN domain.

Business-to-business (B2B)

Businesses that sell primarily to other businesses

Keystroke Loggers

Capture keystrokes or user entries and forwards information to attacker

Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?

Checklist

Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs?

Collaboration

Jody would like to find a solution that allows realtime document sharing and editing between teams. Which technology would best suit her needs?

Collaboration

common threats to WAN domain (connectivity)

Commingling of WAN IP traffic on the same service provider router and infrastructure: Encrypt confidential data transmissions through service provider WAN using VPN tunnels. Maintaining high WAN service availability: Obtain WAN service availability SLAs. Deploy redundant Internet and WAN connections when 100 percent availability is required. Maximizing WAN performance and throughput: Apply WAN optimization and data compression solutions when accessing remote systems, applications, and data. Enable access control lists (ACLs) on outbound router WAN interfaces, in keeping with policy. Using SNMP network management applications and protocols maliciously (ICMP, Telnet, SNMP, DNS, etc.): Create separate WAN network management VLANs. Use strict firewall ACLs allowing SNMP manager and router IP addresses through the LAN- to-WAN Domain. SNMP alarms and security monitoring 24 X 7 X 365: Outsource security operations and monitoring. Expand services to include managed security.

gap analysis

Comparison of the security controls in place and the controls you need to address all identified threats

what are three tenets of information security

Confidentiality, Integrity, Availability

Wide Area Networks

Connect systems over a large geographic area

Spam

Consumes computing resources bandwidth and CPU time Diverts IT personnel from activities more critical to network security

In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?

Correspondent node

In Mobile IP, what term describes a device that would like to communicate with a mobile node(MN)?

Correspondent node (CN)

how to counter malware

Create a user education program Post regular bulletins about malware problems Never transfer files from an unknown or untrusted source (unless anti-malware is installed) Test new programs or open suspect files on a quarantine computer Install anti-malware software, make sure it remains current, and schedule regular malware scans Use a secure logon and authentication process

Which term describes any action that could damage an asset? a. Likelihood b. Countermeasure c. Vulnerability d. Threat

D. Threat

User Domain

Defines the people who access an organization's information system

? Which network device is capable of blocking network connections that are identified as potentially malicious?

Demilitarized Zone (DMZ)

security challenges of IT devices

Deployed in large quantities (such as sensors or consumer items) Ubiquitous and can have wide reach into the user or household population Not maintained or updated devices allow vulnerabilities Upgrades can be difficult to distribute and deploy No owner visibility of how the device connects to the Internet Not physically secure Capture readings and measurements in the open

Worms

Designed to propagate from one host machine to another using the host's own network communications protocols

What information should an auditor share with the client during an exit interview?

Details on major issues

security gap

Difference between the security controls in place and controls you need to address vulnerabilities

Which risk is most effectively mitigated by an upstream Internet Service Provider (ISP)?

Distributed Denial of Service (DDoS)

denial or destruction threats

DoS attack

Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?

Does the firewall properly block unsolicited network connection attempts?

53

Domain Name System (DNS)

Caesar cipher

Each letter in the English alphabet a fixed number of positions, with Z wrapping back to A

The most basic countermeasure of network security is:

Encryption

public (asymmetric) key ciphers

Encryption ciphers that use different keys to encrypt and decrypt

Private (symmetric) key ciphers

Encryption ciphers that use the same key to encrypt and decrypt

Vigenère (vee-zhen-AIR) cipher

Encrypts every letter with its own substitution scheme

What is the first step in a disaster recovery effort?

Ensure that everyone is safe

Homepage Hijacking

Exploiting a browser vulnerability to reset the homepage Covertly installing a browser helper object (BHO) Trojan program

21

FTP Control

20

FTP Data Transfer

Which type of attack involves the creation of some deception in order to trick unsuspecting users?

Fabrication

?True or False: A VPN router is a security appliance that is used to filter IP packets

False

A bricks-and-mortar strategy includes marketing and selling goods and services on the Internet.

False

A report indicating that a system's disk is 80 percent full is a good indication that something is wrong with that system.

False

An SOC 1 report primarily focuses on security.

False

DIAMETER is a research and development project funded by the European Commission.

False

Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks.

False

During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system.

False

Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages.

False

IoT devices cannot share and communicate your IoT device data to other systems and applications without your authorization or knowledge.

False

Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.

False

Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device.

False

The auto industry has not yet implemented the Internet of Things (IoT).

False

The four main types of logs that you need to keep to support security auditing include event, access, user, and security.

False

The main difference between a virus and a worm is that a virus does not need a host program to infect.

False

True or False: A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.

False

True or False: Denial of service (DoS) attacks are larger in scope than Distributed Denial of Service (DDoS) attacks

False

True or False: Store-and-Forward communications should be used when you need to talk to someone immediately.

False

True or False: You should use easy-to-remember personal information to create secure passwords

False

True or False? In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.

False

True or False? The asset protection policy defines an organization's data classification standard.

False

True or False? The weakest link in the security of an IT infrastructure is the server.

False

True or False: Cryptography is the process of transforming data from cleartext to ciphertext.

False (Encryption not Cryptography)

Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?

False positive error

True or False: In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.

False: Apply first level and second level tokens and biometrics

True or False: Cryptography is the process of transforming data from cleartext into ciphertext

False: Encryption

True or False: A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.

False: Gap analysis

True or False: The anti-malware utility is one of the most popular backdoor tools in use today

False: Netcat

True or False: A phishing attack "poisons" a domain name on a domain name server.

False: Pharming

True or False: Vishing is a type of wireless network attack

False: Social Engineering attacks

True or False: User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity

False: Task-based

True or False: Bricks-and-mortar stores are completely obsolete now.

False: They have global reach

True or False: Voice patter biometrics are accurate for authentication because voices can't easily be replicated by computer software

False: easy to replicate

What compliance regulation applies specifically to the educational records maintained by schools about students?

Family Education Rights and Privacy Act (FERPA)

Network separation

Filtering rules enforce divisions between networks, keeping traffic from moving from one network to another

URL Filter

Filters web traffic by examining the URL as opposed to the IP address

Loop protection

Firewalls can look at message addresses to determine whether a message is being sent around an unending loop (for example, from another form of flooding)

Denial of service (DoS)

Flooding a network with traffic and shutting down a single point of failure

The objectives of network security are to verify and maintain all Except the following:

Fragmentation

Committee of sponsoring organizations COSCO

Gives guidance to executive management & governance entities in critical aspects of organizational governance, business ethics, internal control, enterprise risk management, fraud, & financial reporting.

Which element of the security policy framework offers suggestions rather than mandatory actions?

Guideline

Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer?

HIPPA

Which law governs the use of the IoT by healthcare providers, such as physicians and hospitals

HIPPA

443

HTTP over Secure Sockets Layer (SSL)

The fundamental security technique used for a bastion host is:

Hardening

cracker

Has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. Crackers represent the greatest threat to networks and information resources.

cold site

Has basic environmental utilities but no infrastructure components

Which act governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals?

Health Insurance Portability and Accountability Act (HIPAA)

what can a trojan do

Hide programs that collect sensitive information Open backdoors into computers Actively upload and download files

What do organizations expect to occur with the growth of the IoT?

Higher Risks

drivers for internet of things

IP-based networking, connectivity, smaller and faster computing, cloud computing, data analytics

LAN-to-WAN Domain

IT infrastructures links to wide area network and the internet

steps for conducting a gap analysis

Identify applicable elements of security policy and other standards Assemble policy, standard, procedure, and guideline documents Review and assess implementation of policies, standards, procedures, and guidelines Collect hardware and software inventory information Interview users to assess knowledge of and compliance with policies Compare current security environment with policies Prioritize identified gaps for resolution Document and implement remedies to conform to policies

Disaster Recovery Plan

Includes specific steps and procedures to recover from a disaster Is part of a BCP Extends and supports the BCP

Encrypted information

Information in scrambled form (ciphertext)

Unencrypted information

Information in understandable form (plaintext or cleartext)

internal use only

Information or data shared internally by an organization

public domain data

Information or data shared with the public such as web site content, white papers, etc.

Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?

Integrity

In addition to authorized use, the elements of information security are concerned with:

Integrity, Availability, Confidentiality

Interoperability and standards of IT devices

Internet Engineering Task Force (IETF) ensures interoperability and standards can be pursued for IoT solutions Interoperability has significant financial impacts if not properly addressed Goal is to bring the cost of IoT devices and supporting applications down so they are affordable Some manufacturers want to design and deploy proprietary IoT devices and solutions Cost factors to implement functional, operational, technical, and security capabilities into IoT devices and applications Time-to-market risk Technology outdated risk A void in interoperability and standards for IoT devices can create an environment of bad IoT devices

143

Internet Message Access Protocol (IMAP)

Which organization pursues standards for the IoT devices and is widely recognized as the authority for creating standards of the Internet?

Internet Society

Which IoT challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?

Interoperability

interceptions

Involves eavesdropping on transmissions and redirecting them for unauthorized use.

e-commerce and economic development issues

IoT technology has a significant impact on developing economies. Infrastructure resources: Foundational to the deployment of the IoT, a communication infrastructure and broadband Internet network are needed within that country. This is the foundation for IoT device connectivity and communications in a global marketplace. Foundational investments: Countries seeking to invest in critical infrastructures may be able to leapfrog past other countries that are struggling with regulatory and legal issues in regard to accelerating deployments. Technical and industry development: New skills are needed to bring new technologies and economic solutions to bear using the Internet and the IoT as a key economic driver. As IoT technology and industry interoperability and standards mature, so will IoT device deployment and user and business adoption. Policy and regulatory definitions: Countries and emerging economies are positioned to create and implement policies and regulations to help ensure that security and privacy become part of the deployment.

What is a disaster in DRP

Is an event that affects multiple business processes for an extended period Causes substantial resource damage you must address before you can resolve business process interruption

Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?

Is the security control likely to become obsolete in the near future?

Trojan Horses

Largest class of malware Any program that masquerades as a useful program while hiding its malicious intent

Which type of denial of service attack exploits the existence of software flaws to disrupt a service?

Logic attack

Open ciphers

Make it possible for experts around the world to examine the ciphers for weaknesses

The most frequent threats that are most likely to succeed come from:

Malicious insiders

Confidentiality

Malware can disclose your organization's private information

Availability

Malware can erase or overwrite files or inflict considerable damage to storage media

Integrity

Malware can modify database records, either immediately or over a period of time

trojan horse definition

Malware that masquerades as a useful program

When should an organization's managers have an opportunity to respond to the findings in an audit?

Managers should include their responses to the draft audit report in the final audit report.

When information (packets or datagrams) traverse the Internet, they:

May travel different routes.

IP Mobile Communications

Mobile IP provides connection transparency for several entities working together to ensure that mobile devices can move from one network to another without dropping connections: Mobile node (MN): The mobile device that moves from one network to another. The MN has a fixed IP address regardless of the current network. Home agent (HA): A router with additional capabilities over standard routers, the HA keeps track of the MNs it manages. When an MN leaves the local network, the HA forwards packets to the MN's current network. Foreign agent (FA): A router with additional capabilities connected to another network (not the HA network), the FA assigns the MN a local address. When the MN connects to another network that supports Mobile IP, it announces itself to the FA. Care of address (COA): The local address for the MN when it connects to another network, the FA assigns the COA to the MN and sends it to the HA when the MN connects. In many cases, the COA is actually the FA address. The HA forwards any packets for the MN to the COA. The FA receives the packets and forwards them to the MN. Correspondent node (CN): This is the node that wants to communicate with the MN.

what are some facts about rootkit

Modifies or replaces one or more existing programs to hide traces of attacks Many different types of rootkits Conceals its existence once installed Is difficult to detect and remove

how does a spyware threaten confidentiality

Monitors keystrokes Scans files on the hard drive Snoops other applications Installs other spyware programs Reads cookies Changes default homepage on the web browser

139

NetBIOS Session Service

issues with mobile computing

Network Usability Security

Key management

One of the most difficult and critical parts of a cryptosystem

Filtering routers using a white-list:

Only allow permitted connections

common threats to WAN domain (internet)

Open, public, and accessible data: Apply AUPs modeled after RFC 1087, Ethics and the Internet. Most traffic being sent as clear text: Stop the use of the Internet for private communications unless encryption and virtual private network (VPN) tunnels are used. Enforce the organization's data classification standard. Vulnerable to eavesdropping: Use encryption and VPN tunneling for secure IP communications. Vulnerable to malicious attacks: Deploy layered LAN-to-WAN security countermeasures. Vulnerable to DoS and DDoS attacks: Apply filters on exterior IP stateful firewalls and IP router WAN interfaces. Vulnerable to corruption of information and data: Encrypt IP data transmissions with VPNs. Back up and store data in offsite data vaults (online or physical data backup) with tested recovery procedures. Inherently insecure TCP/IP applications (HTTP, FTP, TFTP, etc.): Refer to your data classification standard for proper handling of data and use of TCP/IP applications. Never use TCP/IP applications for confidential data without proper encryption. Create a network management VLAN and isolate TFTP and SNMP traffic used for network management.

Denial of Service Attacks

Overwhelm a server or network segment to the point that the server or network becomes unusable Crash a server or network device or create so much network congestion that authorized users cannot access network resources

Risk Management Guide for Information Technology Systems (NIST SP800-30)

Part of the Special Publication 800 series reports, these products provide detailed guidance of what you should consider in risk management and risk assessment in computer security. The reports include checklists, graphics, formulas, and references to U.S. regulatory issues.

A kind of attack that is difficult to detect:

Passive

Which regulatory standard would NOT require audits of companies in the United States?

Personal Information Protection and Electronic Documents Act (PIPEDA)

Which element of the security policy framework requires approval from upper management and applies to the entire organization?

Policy

what are the elements of a complete BCP

Policy statement defining the policy, standards, procedures, and guidelines for deployment Project team members with defined roles, responsibilities, and accountabilities Emergency response procedures and protection of life, safety, and infrastructure Situation and damage assessment Resource salvage and recovery Alternate facilities or triage for short-term or long-term emergency mode of operations and business recovery

IT security policy framework

Policy: short written statement that defines a course of action that applies to entire org Standard: detailed written definition of how software and hardware are to be used Procedures: written instructions for how to use policies and standards Guidelines: suggested course of action for using policy, standards, or procedure

A background check typically involves all Except the following:

Polygraph tests.

110

Post Office Protocol v3 (POP3)

Cryptography

Practice of hiding data and keeping it away from unauthorized users

privacy challenges of IT devices

Privacy policy statement Definition of data, metadata, or analytical data use and rights Ability for a user to provide consent to a manufacturer's or application service provider's privacy policy statement Determine the domain of privacy

Secure Hash Algorithm (SHA-1)

Produces a 160-bit hash from a message of any arbitrary length

Logic Bombs

Programs that execute a malicious function of some kind when they detect certain conditions Typically originate with organization insiders because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders

legal and regulatory issues of IT devices

Proper handling and protection of sensitive data Privacy data subject to privacy laws of state you live in as well as state that the IoT hosting company resides in IoT vendor or solutions provider required to adhere to security control requirements and data protection laws

Which tool can capture the packets transmitted between systems over a network?

Protocol analyzer

Local Area Networks

Provide network connectivity for computers located in the same geographic area

Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities but does not allow other activities. Which permission level is he planning to use?

Prudent

Transposition Ciphers

Rearranges characters or bits of data

BIA Recovery Goals and Requirements

Recovery point objective (RPO) Recovery time objective (RTO) Business recovery requirements Technical recovery requirements

Change control is a process and technology that:

Regulates changes to information including the security policy.

NIST Cybersecurity framework CSF

Released 2014; focuses on critical infrastructure components but is applicable to many general systems. Help auditors align business drivers & security requirements.

Substitution ciphers

Replaces bits, characters, or blocks of information with other bits, characters, or blocks.

Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?

Report writing

Service Value System

Represents how the various components and activities of the organization work together to facilitate value creation through IT-enabled services.

A security policy covers all of the following Except:

Retaliation

Which formula is typically used to describe the components of information security?

Risk = Threat X Vulnerabilities

Earl is preparing a risk register for his organization's risk management program. Which data is LEAST likely to be included in a risk register?

Risk Survey results

Botnets

Robotically controlled networks Attackers infect vulnerable machines with agents that perform various functions at the command of the bot-herder or controller Controllers communicate with other members of the botnet using Internet Relay Chat (IRC) channels Attackers can use botnets to distribute malware and spam and to launch DoS attacks against organizations or even countries

Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?

Rule-based access control

Flood guard

Rules can limit traffic bandwidth from hosts, reducing the ability for any one host to flood a network

Order of priorities for Business continuity plan

Safety and well-being of people Continuity of critical business functions and operations Continuity of IT infrastructure components within the seven domains of an IT infrastructure

22

Secure Shell (ssh)

Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?

Secure Sockets Layer (SSL)

Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?

Security information and event management (SIEM)

new challenges created by IoT

Security: How do you keep the bad guys out if you enable the IoT for your personal and professional life? Privacy: How do you protect your family's identity and privacy data from theft or unauthorized access that can lead to identity theft? Interoperability and standards: How well do IoT manufacturers and ASP developers ensure that devices communicate securely? Legal and regulatory compliance: What role do the international, federal, and state levels contribute toward legal, tax, and regulatory requirements regarding IoT-related business transactions that involve payment for goods and services? E-commerce and economic development issues: What are the economic rules of engagement for conducting business on the World Wide Web? How is IoT connectivity and information sharing to be deployed globally?

Control objectives for information and related technology COBIT

Set of best practices for IT management in 1996. Gives managers, auditors, & IT users a set of generally accepted measures, indicators, processors, & best practices.

Information technology infrastructure library ITIL

Set of concepts & policies for managing IT infrastructure, development, & operations. Published in a series of books, covering a separate IT management topic.

A potentially dangerous privilege on Unix machines is to allow files with:

Setuid

Which intrusion detection system strategy relies upon pattern matching?

Signature detection

25

Simple Mail Transfer Protocol (SMTP)

Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?

Simulation Test

Webpage Defacements

Someone gaining unauthorized access to a web server and altering the index page of a site on the server The attacker replaces the original pages on the site with altered versions

Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place?

Spim

An example of a passive attack against a host is:

Spyware

Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?

Standard

Adobe Systems Inc, 2013

Stole credit card data, compromised login credentials, published data for 150 million accounts

What is NOT generally a section in an audit report?

System configurations

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?

System integrity monitoring

MD5 message digest algorithm

Takes an input of any arbitrary length and generates a 128-bit message digest that is computationally infeasible to match by finding another input

System infectors

Target computer hardware and software startup functions

Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)

The OCTAVE approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach. There are two versions of OCTAVE: OCTAVE and OCTAVE-S. OCTAVE is best suited for large organizations, whereas OCTAVE-S works well for organizations consisting of fewer than 100 people.

IT Service

The activities directed by policies, organized and structured processes and supporting procedures that are performed by an organization to design, plan, deliver, operate and control information technology (IT) services offered to customers.

modifications

The alteration of data contained in transmissions or files.

Mean time to failure (MTTF)

The average amount of time between failures for a particular system.

Content Inspection

The device looks at some or all network packet content to determine if the packet should be allowed to pass

risk management definition

The identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

Operations management is:

The management resources according to the security policy

Data Encryption Standard (DES)

The most scrutinized cipher in history

Keyspace

The number of possible keys to a cipher

Encryption

The process of scrambling plaintext into ciphertext

Decryption

The process of unscrambling ciphertext into plaintext

Information classification schemes define:

The sensitivity of information

how has the internet changed our lives

The transition to a Transmission Control Protocol/Internet Protocol (TCP/IP) world changed our way of life. People, families, businesses, educators, and government all communicate differently than they did before. Nearly everyone has easy access to the Internet.

Between-the-lines wiretapping

This type of wiretapping does not alter the messages sent by the legitimate user but inserts additional messages into the communication line when the legitimate user pauses.

piggyback-entry wiretapping

This type of wiretapping does not alter the messages sent by the legitimate user but inserts additional messages into the communication line when the legitimate user pauses.

Availability equation

TotalUptime / TotalUptime+TotalDowntime

mobile site

Trailer with necessary environmental utilities, can operate as warm or cold site

At what layer begins end-to-end security

Transport

Phishing

Tricks users into providing logon information on what appears to be a legitimate website but is actually a website set up by an attacker to obtain this information

black hat hacker

Tries to break IT security and gain access to systems with no authorization in order to prove technical prowess. Black-hat hackers generally develop and use special software tools to exploit vulnerabilities. May exploit holes in systems but generally do not attempt to disclose vulnerabilities they find to the administrators of those systems.

Adware

Triggers nuisances such as popup ads and banners when user visits certain websites

What type of malicious software masquerades as legitimate software to entice the user to run it?

Trojan Horse

? True or False: IoT devices cannot share and communicate you IoT device data to other systems and applications without your authorization or knowledge

True

?True or False: Networks, routers, and equipment require continuous monitoring and management to keep WAN service available

True

A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match.

True

A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.

True

Access control lists (ACLs) are used to permit and deny traffic in an IP router.

True

An alteration threat violates information integrity.

True

An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.

True

Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet.

True

Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.

True

Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it.

True

Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.

True

During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences.

True

Encrypting the data within databases and storage devices gives an added layer of security.

True

In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data.

True

In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks.

True

Many jurisdictions require audits by law.

True

Metadata of Internet of Things (IoT) devices can be sold to companies seeking demographic marketing data about users and their spending habits.

True

Performing security testing includes vulnerability testing and penetration testing.

True

Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than justin individual packets.

True

SOC 2 reports are created for internal and other authorized stakeholders and are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.

True

Screen locks are a form of endpoint device security control.

True

The Gramm-Leach-Bliley Act (GLBA) addresses information security concerns in the financial industry.

True

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.

True

True or False: A Chinese wall security policy defines a barrier and develops a set of rules that makes sure no subject gets to objects on the other side of the wall

True

True or False: A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.

True

True or False: A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.

True

True or False: A trusted operating system (TOS) provides features that satisfy specific government requirements for security.

True

True or False: An IT security policy framework is like an outline that identifies where security controls should be used

True

True or False: Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.

True

True or False: Authorization is the process of granting rights to use an organizations IT assets, systems, applications, and data to a specific user.

True

True or False: Bring your own device (BYOD) opens the door to considerable security risks

True

True or False: Cars that have Wi-Fi access and onboard computers require software patches and upgrades from the manufacturer.

True

True or False: Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it

True

True or False: E-commerce systems and applications demand strict confidentiality, integrity, and availability (CIA) security controls.

True

True or False: Each 4g device has a unique Internet Protocol (IP) address and appears just like any other wired device on a network.

True

True or False: Encrypting the data within databases and storage devices gives an added layer of security

True

True or False: Failing to prevent an attack all but invites an attack

True

True or False: Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext.

True

True or False: IoT technology has a significant impact on developing economies, given that it can transform countries into e-commerce-ready nations

True

True or False: Metadata of IoT devices can be sold to companies seeking demographic marketing data about users and their spending habits

True

True or False: One of the first industries to adopt and widely use mobile applications was the healthcare industry

True

True or False: Organizations should start defining their IT security policy framework by defining as asset classification policy

True

True or False: Rootkits are malicious software programs designed to be hidden from normal methods of detection

True

True or False: The Director of IT security is generally in charge of ensuring that the Workstation Domain conforms to Policy

True

True or False: The Government Information Security Reform Act of 2000 focuses on management and evaluation of the security of unclassified and national security systems.

True

True or False: The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services

True

True or False: The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.

True

True or False: The system/application domain holds all the mission critical systems, applications, and data.

True

True or False: The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.

True

True or False: The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.

True

True or False: Using a secure logon and authentication process is one of the six steps to prevent malware.

True

True or False: When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks

True

True or False? For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public domain categories.

True

True or False? Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available.

True

True or False? The System/Application Domain holds all the mission-critical systems, applications, and data.

True

True or False? The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy.

True

True or False? The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services.

True

When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks.

True

Rootkits

Type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised, Modify parts of the operating system to conceal traces of their presence, Provide attackers with access to compromised computers and easy access to launching additional attacks, Difficult to detect and remove

Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?

Typosquatting

common threats in the system application domain

Unauthorized access to data centers, computer rooms, and wiring closets: Apply policies, standards, procedures, and guidelines for staff and visitors to secure facilities. Downtime of servers to perform maintenance: Create a system that brings together servers, storage, and networking. Server operating systems software vulnerability: Define vulnerability window for server operating system environments. Maintain hardened production server operating systems. Insecure cloud computing virtual environments by default: Implement virtual firewalls and server segmentation on separate VLANs. A virtual firewall is a software based firewall used in virtual environments. Corrupt or lost data: Implement daily data backups and off-site data storage for monthly data archiving. Define data recovery procedures based on defined Recovery Time Objectives (RTOs). Loss of backed-up data as backup media are reused: Convert all data into digital data for long-term storage. Retain backups from offsite data vaults based on defined RTOs.

common threats in the LAN Domain

Unauthorized physical access to LAN: Make sure wiring closets, data centers, and computer rooms are secure. No access is there without proper credentials. Unauthorized access to systems, applications, and data: Strict access control policies, standards, procedures, and guidelines should be implemented. Second-level identity required to access sensitive systems, applications, and data. LAN server operating system vulnerabilities: Define vulnerability window policies, standards, procedures, and guidelines. Conduct LAN domain vulnerability assessments. LAN server application software vulnerabilities and software patch updates: Define a strict software vulnerability window policy requiring quick software patching. Rogue users on WLANs: Eliminate rogue users from unauthorized access. Use WLAN network keys that require a password for wireless access. Turn off broadcasting on wireless access points (WAPs). Enable second-level authentication prior to granting WLAN access. Confidentiality of data on WLANs: Maintain confidentiality of data transmissions. Implement encryption between workstation and WAP to maintain confidentiality. LAN server configuration guidelines and standards: LAN servers have different hardware, operating systems, and software, making it difficult to manage and troubleshoot consistently.

common threats to WAN-to-LAN domain

Unauthorized probing and port scanning: Disable ping, probing, and port scanning on all exterior IP devices within the LAN-to-WAN domain. Ping uses the Internet Control Message Protocol (ICMP) echo-request and echo-reply protocol. Disallow IP port numbers used for probing and scanning and monitor with intrusion detection system/intrusion prevention system (IDS/IPS). Unauthorized access: Apply strict security monitoring controls for intrusion detection and prevention. Monitor traffic and block it right away if malicious. IP router, firewall, and network appliance operating system vulnerability: Define a strict zero-day vulnerability window definition. Update devices with security fixes and software patches right away. Local users downloading unknown file types from unknown sources: Apply file transfer monitoring, scanning, and alarming for unknown file types/sources. Unknown email attachments and embedded URL links received by local users: Apply email server and attachment antivirus and email quarantining for unknown file types. Stop domain-name website access based on content filtering policies.

Common Threats in the Workstation Domain

Unauthorized workstation access: Enable password protection on workstations for access. Unauthorized access to systems, applications, and data: Define strict access control policies, standards, procedures, and guidelines. Implement a second-level test to verify a user's right to gain access. Desktop or laptop operating system vulnerabilities: Define workstation operating system vulnerability window policy. A vulnerability window is the gap in time that you leave a computer unpatched with a security update. Start periodic workstation domain vulnerability tests to find gaps. Desktop or laptop application software vulnerabilities or patches: Define a workstation application software vulnerability window policy. Update application software and security patches according to defined policies, standards, procedures, and guidelines. Viruses, malicious code, and other malware: Use workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. User inserting CD/DVD/USB with personal files: Deactivate all CD-ROM, DVD, and USB ports. Enable automatic virus scans for all installed media containing files. User downloading photos, music, or videos: Enable user content filtering and antivirus scanning at Internet entry and exit points. Enable workstation auto-scans and auto-quarantine for unknown file types.

Keyword mixed alphabet cipher

Uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet

Distributed DoS (DDoS)

Uses multiple compromised systems to flood the network from many different directions

Eavesdropping

When an attacker an attacker taps the data cable to see all data passing through it

An operations center is:

Where the information infrastructure is located

Mandatory access controls define:

Who can see what on the basis of "need to know."

LAN Domain

a collection of computers connected to one another or to a common connection medium

Blockchain

a database encompassing a physical chain of fixed-length blocks that include 1 to N transactions, where each transaction added to a new block is validated and then [appended to the end of the existing chain of] blocks.

risk methodology definition

a description of how you will manage risk

risk register definition

a list of identified risks

CCTA Risk Analysis and Management Method (CRAMM)

a risk analysis method developed by the UK government. Best suited for large organizations

Juan's web server was down for an entire day last September. It experienced no other downtime during that month. Which one of the following represents the web server uptime for that month? a)96.67% b)3.33% c)99.96% d)0.04%

a) 96.67%

Which risk is most effectively mitigated by an upstream Internet service provider (ISP)? a) Distributed denial of service (DDoS) b) Lost productivity c) Firewall configuration error d) Unauthorized remote access

a) Distributed denial of service (DDoS)

Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations? a) Correct Password protection b) Antivirus software c) Deactivating USB ports d) Vulnerability scanning

a) Password protection

Which element of the security policy framework requires approval from upper management and applies to the entire organization? a) Policy b) Standard c) Guideline d) Procedure

a) Policy

Which one of the following is typically used during the identification phase of a remote access connection? a) Username b) Password c) Token d) Fingerprint

a) Username

Lidia would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario? Select one: a. Discretionary access control (DAC) b. Mandatory access control (MAC) c. Rule-based access control d. Role-based access control (RBAC)

a. Discretionary access control (DAC)

Which one of the following is an example of a disclosure threat? Select one: a. Espionage b. Alteration c. Denial d. Destruction

a. Espionage

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? Select one: a. Evil twin b. Wardriving c. Bluesnarfing d. Replay attack

a. Evil twin

With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network? Select one: a. Home agent (HA) b. Foreign agent (FA) c. Care of address (COA) d. Correspondent node (CN)

a. Home agent (HA)

Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that will have the shortest switchover time even though it may be costly. What would be the best option in this situation? Select one: a. Hot site b. Warm site c. Cold site d. Primary site

a. Hot site

Which element of the security policy framework requires approval from upper management and applies to the entire organization? Select one: a. Policy b. Standard c. Guideline d. Procedure

a. Policy

Which group is the most likely target of a social engineering attack? Select one: a. Receptionists and administrative assistants b. Information security response team c. Internal auditors d. Independent contractors

a. Receptionists and administrative assistants

Fernando is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use? Select one: a. Risk Management Guide for Information Technology Systems (NIST SP 800-30) b. CCTA Risk Analysis and Management Method (CRAMM) c. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) d. ISO/IEC 27005, "Information Security Risk Management"

a. Risk Management Guide for Information Technology Systems (NIST SP 800-30)

What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications? Select one: a. Security Assertion Markup Language (SAML) b. Secure European System for Applications in a Multi-Vendor Environment (SESAME) c. User Datagram Protocol (UDP) d. Password Authentication Protocol (PAP)

a. Security Assertion Markup Language (SAML)

From a security perspective, what should organizations expect will occur as they become more dependent upon the Internet of Things (IoT)? Select one: a. Security risks will increase. b. Security risks will decrease. c. Security risks will stay the same. d. Security risks will be eliminated.

a. Security risks will increase.

Which one of the following is an example of two-factor authentication? Select one: a. Smart card and personal identification number (PIN) b. Personal identification number (PIN) and password c. Password and security questions d. Token and smart card

a. Smart card and personal identification number (PIN)

Which classification level is the highest level used by the U.S. federal government? Select one: a. Top Secret b. Secret c. Confidential d. Private

a. Top Secret

Which one of the following is typically used during the identification phase of a remote access connection? Select one: a. Username b. Password c. Token d. Fingerprint

a. Username

The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control. Select one: a. security kernel b. CPU c. memory d. co-processor

a. security kernel

store-and-forward communication

acceptable delay in transmitting communication

wiretapping

active: between the lines wire tapping, piggyback entry wiretapping passive: also called sniffing

Assumption of standard economics - Unbounded self-interest

always aim to maximize their own payoffs / minimize their own costs

Recovery Time Objective (RTO)

amount of time it takes to recover and make a system, application, and data available for use after an outage

Availability in context of information security

amount of time users can use a system, application, and data

Threat

any action that could damage an asset

Matthew captures traffic on his network and notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted connections? a) 20 b) 22 c) 23 d) 80

b) 22

Which network device is capable of blocking network connections that are identified as potentially malicious? a) Intrusion detection system (IDS) b) Correct Intrusion prevention system (IPS) c) Demilitarized zone (DMZ) d) Web server

b) Correct Intrusion prevention system (IPS)

Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement? Select one: a. Privacy b. Bring Your Own Device (BYOD) c. Acceptable use d. Data classification

b. Bring Your Own Device (BYOD)

Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer? a. Federal Information Security Management Act (FISMA) b. Health Insurance Portability and Accountability Act (HIPAA) c. Children's Internet Protection Act (CIPA) d. Gramm-Leach-Bliley Act (GLBA)

b. Health Insurance Portability and Accountability Act (HIPAA)

Which organization pursues standards for Internet of Things (IoT) devices and is widely recognized as the authority for creating standards on the Internet? Select one: a. Internet Society b. Internet Engineering Task Force c. Internet Association d. Internet Authority

b. Internet Engineering Task Force

Which network device is capable of blocking network connections that are identified as potentially malicious? Select one: a. Intrusion detection system (IDS) b. Intrusion prevention system (IPS) c. Demilitarized zone (DMZ) d. Web server

b. Intrusion prevention system (IPS)

Which type of authentication includes smart cards? Select one: a. Knowledge b. Ownership c. Location d. Action

b. Ownership

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals? Select one: a. Health Insurance Portability and Accountability Act (HIPAA) b. Payment Card Industry Data Security Standard (PCI DSS) c. Federal Information Security Management Act (FISMA) d. Federal Financial Institutions Examination Council (FFIEC)

b. Payment Card Industry Data Security Standard (PCI DSS)

Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri? Select one: a. Cracker b. White-hat hacker c. Black-hat hacker d. Grey-hat hacker

b. White-hat hacker

Which element of the security policy framework offers suggestions rather than mandatory actions? a) Policy b) Standard c) Guideline d) Procedure

c) Guideline

Which one of the following is NOT a good technique for performing authentication of an end user? a) Password b) Biometric scan c) Identification number d) Token

c) Identification number

Which one of the following measures the average amount of time that it takes to repair a system, application, or component? a) Uptime b) Mean time to failure (MTTF) c) Mean time to repair (MTTR) d) Recovery time objective (RTO)

c) Mean time to repair (MTTR)

During which phase of the access control process does the system answer the question,"What can the requestor access?" Select one: a. Identification b. Authentication c. Authorization d. Accountability

c. Authorization

Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate? Select one: a. Encryption b. Decryption c. Deidentification d. Aggregation

c. Deidentification

Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers? Select one: a. FFIEC b. FISMA c. HIPAA d. PCI DSS

c. HIPAA

Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)? Select one: a. Virtual workplace b. Infrastructure monitoring c. Health monitoring d. Supply chain management

c. Health monitoring

Which one of the following is NOT a good technique for performing authentication of an end user? Select one: a. Password b. Biometric scan c. Identification number d. Token

c. Identification number

Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion? Select one: a. Security b. Privacy c. Interoperability d. Compliance

c. Interoperability

Which one of the following measures the average amount of time that it takes to repair a system, application, or component? Select one: a. Uptime b. Mean time to failure (MTTF) c. Mean time to repair (MTTR) d. Recovery time objective (RTO)

c. Mean time to repair (MTTR)

Ernie is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register? Select one: a. Description of the risk b. Expected impact c. Risk survey results d. Mitigation steps

c. Risk survey results

What is NOT one of the three tenets of information security? Select one: a. Confidentiality b. Integrity c. Safety d. Availability

c. Safety

n which type of attack does the attacker attempt to take over an existing connection between two systems? Select one: a. Man-in-the-middle attack b. URL hijacking c. Session hijacking d. Typosquatting

c. Session hijacking

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct? Select one: a. Checklist test b. Parallel test c. Simulation test d. Structured walk-through

c. Simulation test

What type of malicious software masquerades as legitimate software to entice the user to run it? Select one: a. Virus b. Worm c. Trojan horse d. Rootkit

c. Trojan horse

interruptions

causes a break in a communication channel, which blocks the transmission of data

what is malicious software

causes damage, escalates security privileges, divulges private data, modifies or deletes data

strategies for reducing risk (weakest link in the security of an IT infrastructure)

check background of job candidates carefully, evaluate staff regularly, rotate access to sensitive systems, apps, and data among staff positions, test apps and software and review for quality, regularly review security plans, perform annual security control audits

top country of origin for cyberattacks at 41 percent

china in 2013, US was at 10 percent

Internet of Things

connects personal devices, home devices, and vehicles to the internet

WAN Domain

connects remote locations

Remote Access DOmains

connects remote users to an organizations IT infrastructure

Business-to-consumer (B2C)

customer purchases good and services directly from their website

Which of the following is an example of a hardware security control? a) Security Policy b) NTFS permission c) MAC filtering d) ID badge

d

Which of the following is an example of two-factor authentication? a) personal identification number (PIN) and password b) token and smart card c) password and security questions d) smart card and personal identification number (PIN)

d

Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality? a) Securing wiring closets b) Applying patches promptly c) Implementing LAN configuration standards d) Applying strong encryption

d) Applying strong encryption

Which term describes any action that could damage an asset? a) Risk b) Countermeasure c) Vulnerability d) Threat

d) Threat

Which of the following is NOT an area of critical infrastructure where the Internet of Things (IOT) is likely to spur economic development in less developed countries? a) Water Supply management b) Agriculture c) Wastewater Treatment d) E-commerce

d) e-commerce

Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering? Select one: a. Accuracy b. Reaction time c. Dynamism d. Acceptability

d. Acceptability

Malek wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Malek concerned about? Select one: a. Identification b. Authentication c. Authorization d. Accountability

d. Accountability

Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality? Select one: a. Securing wiring closets b. Applying patches promptly c. Implementing LAN configuration standards d. Applying strong encryption

d. Applying strong encryption

Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value? Select one: a. Dictionary attack b. Rainbow table attack c. Social engineering attack d. Brute-force attack

d. Brute-force attack

Aaliyah would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs? Select one: a. Voice over IP (VoIP) b. Audio conferencing c. Video conferencing d. Collaboration

d. Collaboration

Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices? Select one: a. Support ownership b. Onboarding/offboarding c. Forensics d. Data ownership

d. Data ownership

Which one of the following is an example of a direct cost that might result from a business disruption? Select one: a. Damaged reputation b. Lost market share c. Lost customers d. Facility repair

d. Facility repair

Which compliance obligation includes security requirements that apply specifically to federal government agencies in the United States? Select one: a. Gramm-Leach-Bliley Act (GLBA) b. Health Insurance Portability and Accountability Act (HIPAA) c. Family Educational Rights and Privacy Act (FERPA) d. Federal Information Security Management Act (FISMA)

d. Federal Information Security Management Act (FISMA)

What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)? Select one: a. Secure European System for Applications in a Multi-Vendor Environment (SESAME) b. Lightweight Directory Access Protocol (LDAP) c. Security Assertion Markup Language (SAML) d. Kerberos

d. Kerberos

What level of technology infrastructure should you expect to find in a cold site alternative data center facility? Select one: a. Hardware and data that mirror the primary site b. Hardware that mirrors the primary site, but no data c. Basic computer hardware d. No technology infrastructure

d. No technology infrastructure

Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing? Select one: a. Active wiretap b. Between-the-lines wiretap c. Piggyback-entry wiretap d. Passive wiretap

d. Passive wiretap

Faisal's company is planning to accept credit cards over the Internet. Which one of the following governs this type of activity and includes provisions that Faisal should implement before accepting credit card transactions? Select one: a. Health Insurance Portability and Accountability Act (HIPAA) b. Family Educational Rights and Privacy Act (FERPA) c. Communications Assistance for Law Enforcement Act (CALEA) d. Payment Card Industry Data Security Standard (PCI DSS)

d. Payment Card Industry Data Security Standard (PCI DSS)

Which one of the following is NOT an advantage of biometric systems? Select one: a. Biometrics require physical presence. b. Biometrics are hard to fake. c. Users do not need to remember anything. d. Physical characteristics may change.

d. Physical characteristics may change.

Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing? Select one: a. Policy b. Standard c. Guideline d. Procedure

d. Procedure

Which tool can capture the packets transmitted between systems over a network? Select one: a. Wardialer b. OS fingerprinter c. Port scanner d. Protocol analyzer

d. Protocol analyzer

Which term describes an action that can damage or compromise an asset? Select one: a. Likelihood b. Vulnerability c. Countermeasure d. Threat

d. Threat

Which type of attack against a web application uses a newly discovered vulnerability that is not patchable? Select one: a. SQL injection b. Cross-site scripting c. Cross-site request forgery d. Zero-day attack

d. Zero-day attack

private data

data about people that must be kept private

Cryptocurrencies

decentralized digital currency

ITIL framework

designed to standardize the selection, planning, delivery and support of IT services to a business.

what is a countermeasure

detect vulnerabilities, prevent attacks, respond to the effects of successful attacks. get help from law enforcement agencies, forensic experts, security consultants, incident response teams

Smart contracts

digital contracts that run exactly as programmed without any possibility of downtime, censorship, fraud, or third-party interference

what are the three types of threats

disclosure threats, alteration threats, denial or destruction threats

public blockchain

distributed and maintained by multiple computers or nodes that compete to validate the newest block entries before the other nodes to gain a reward for doing so.

Cybersecurity

duty of govt that wants to ensure its national security

business drivers definition

elements in an organization that support business objectives such as people, information, and conditions

what are the four categories of attacks

fabrications, interceptions, interruptions, modifications

True or False: A bricks-and-mortar strategy includes marketing and selling goods and services on the Internet

false: e-commerce

internet business challenges

growing the business through the internet, changing existing conventional business to an e-business, building secure and highly available websites and e-commerce portals, building a web-enabled customer-service strategy, finding new customers with internet marketing

Information System

hardware, OS, and application software that work together to collect, process, and store data for individuals and organizations

warm site

has environmental utilities and basic and computer hardware

hot site

has environmental utilities, hardware, software, and data like original data center

Assumption of standard economics - Unbounded rationality

have unlimited access to perfect information, capable of deriving optimal strategy

backdoors

hidden access included by developers, attackers can use them to gain access

Workstation Domain

includes desktop computers, laptops, special-purpose terminals, other devices that connects to the network

Availability

information is accessible by authorized users whenever they request the information

confidential

information or data owned by the org

fabrications

involve the creation of some deception in order to trick unsuspecting users

When does data have integrity

it is not altered, is valid, is accurate

Common Threats in the User Domain

lack of user awareness: conduct security awareness training, display awareness posters, insert reminders in banner greetings, and send email reminders to employees user apathy towards policies: conduct annual security awareness training, implement AUP, update staff manual and handbook, and discuss status during performance reviews user violating security policy: place employee on probation, review AUP and employee manual, and discuss status during performance reviews user inserting CD/DVD/USB with personal files: Enable automatic antivirus scans for inserted media drives, files, and e-mail attachments. An antivirus scanning system examines all new files on your computer's hard drive for viruses. Enable e-mail antivirus scanning for e-mails with attachments. User downloading photos, music, or videos: Enable content filtering and antivirus scanning on e-mail attachments. Content filtering security appliances configured to permit or deny specific domain names in accordance with AUP definition. User destructing systems, applications, and data: Restrict access for users to only those systems, applications, and data needed to perform their job. Minimize write or delete permissions to the data owner only. Disgruntled employee attacking organization or committing sabotage: Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance. Employee blackmail or extortion: Track and monitor abnormal employee behavior and use of IT infrastructure during off-hours. Enable intrusion detection system/intrusion prevention system (IDS/IPS) monitoring for sensitive employee positions and access. IDS/IPS security appliances examine the Internet Protocol (IP) data streams for inbound and outbound traffic. Alarms and alerts programmed within an IDS/IPS help identify abnormal traffic and can block IP traffic per policy definition.

Risk

likelihood that something bad will happen to an asset

why business must have an internet and IOT marketing strategy

must remain competitive, bricks-and-mortar business model out of data in global market, customers require continuous access to information, products, and services. this means they expose themselves to online risk

Real-time communication

occurs instantaneously

Integrity

only authorized users can change information

Confidentiality

only authorized users can view info

Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through it's online site. Which type of loss did the company experience as a result of lost sales?

opportunity cost

why is distributed denial of service attack more difficult to stop than just regular denial of service

overloads computers and prevents legitimate users from gaining access, more difficult to stop because they originate from different sources

Prospect Theory

people make decisions based on the potential value of losses and gains rather than the final outcome, and evaluate these losses and gains subjectively

what does a firewall do

program or dedicated hardware device, inspects network traffic passing through it, denies or permits traffic based on a set of rules

Payment Card Industry Data Security Standard (PCI DSS)

protects private customer data

data modifications

purposely or accidentally modified, incomplete, truncated

Data Security

responsibility of every org that needs to protect its information assets and sensitive data

WAN domain

roles and tasks: allow users the most access possible while making sure what goes in and out is safe responsibilities: physical components and logical elements accountability: maintain, update, and provide technical support and ensure that the company meets security policies, standards, procedures, and guidelines

Workstation Domain (3)

roles and tasks: configure hardware, harden systems, and verify antivirus files responsibilities: ensure the integrity of user workstations and data accountability: director of IT security is generally in charge of ensuring that the workstation domain conforms to policy

remote access domain (3)

roles and tasks: connect mobile users to their IT systems through the public internet responsibilities: maintain, update, and troubleshoot the hardware and logical remote access connection accountability: ensure that the remote access domain security plans, standards, methods, and guidelines are used

LAN Domain

roles and tasks: includes both physical network components and logical configuration of services for users responsibilities: lan support group is in charge of physical components and logical elements accountability: lan manager's duty to maximize use and integrity of data within the LAN domain

LAN-to-WAN domain

roles and tasks: includes both the physical pieces and logical design of security appliances. physical parts need to be managed to give easy access to the services responsibilities: physical components, logical elements, and applying the defined security controls accountability: ensure the security policies, standards, procedures, and guidelines are used

system application domain

roles and tasks: includes hardware and logical design, secure mission-critical applications and intellectual property assets both physically and logically responsibilities: server systems admin, database design, and management, designing access rights to systems and apps and more accountability: ensure that security policies, standards, procedures, and guidelines are in compliance

User Domain (3)

roles and tasks: users can access systems, apps, data depending upon their access rights responsibilities: employees are responsible for their use of IT assets accountability: HR department is accountable for implementing proper employee background checks

Ciphertext

scrambled data that are the results of encrypting cleartext

Mean time repair (MTTR)

the average amount of time it takes to repair a system, application, or component. the goal is to bring the system back up quickly

Information System Security

the collection of activities that protect the information system and the data stored in it

Encryption

the process of transforming clear text into coded, unintelligible text for secure storage or communication

e-commerce

the sales of goods and services online

what is spyware

the type of malware that specifically threatens confidentiality of information such

Equation for risk

threat times vulnerability

Uptime

total amount of time that a system, app, or data are accessible. often expressed as a percentage of time available

Downtime

total amount of time that something is not accessible

alteration threats

unauthorized changes

examples of unacceptable web browsing

unauthorized users searching files or storage directories, users visiting prohibited websites

Vulnerability

weakness that allows a threat to be realized or to have an effect on an asset

Assumption of standard economics - Unbounded will power

will always follow the optimal strategy

what is it about risk, threats, and vulnerabilities that you can't do

you cannot eliminate risk, you can minimize the impact of threats, you can reduce the number of vulnerabilities, minimizing threats and reducing vulnerabilities lessens overall risk. threats, risk, and vulnerabilities


Related study sets

Foundations of employee motivation

View Set

Completing the Application, Underwriting, and Delivering the Policy

View Set

APES 8.3- Endocrine Disruptors WYRNTK

View Set

Illinois Life Insurance Key Points

View Set