Quiz Pool Chapters 7-12 Flashcards by Chris Valesey

Because even the implementation of new technologies does not necessarily guarantee an organization can gain or maintain a competitive lead, the concept of __________ has emerged as organizations strive not to fall behind technologically.

competitive disadvantage

How well did you know this?

Not at all

Perfectly

Treating risk begins with what?

an understanding of risk treatment strategies

How well did you know this?

Not at all

Perfectly

Application of training and education among other approach elements is a common method of which risk treatment strategy?

defense

How well did you know this?

Not at all

Perfectly

Each of the following is a recommendation from the FDIC when creating a successful SLA EXCEPT:

-determining objectives
-forecasting costs
-defining requirements
-setting measurements

forecasting costs

How well did you know this?

Not at all

Perfectly

What risk treatment strategies describes an organization’s attempt to shift risk to other assets, other processes, or other organizations?

transference

How well did you know this?

Not at all

Perfectly

What risk treatment strategies describes an organization’s efforts to reduce damage caused by a realized incident or disaster?

mitigation

How well did you know this?

Not at all

Perfectly

Strategies to reestablish operations at the primary site after an adverse event threatens continuity of business operations are covered by which of the following plans in the mitigation control approach?

disaster recovery plan

How well did you know this?

Not at all

Perfectly

The only use of the acceptance strategy that is recognized as valid by industry practices occurs when the organization has done all but which of the following?

-determined the level of risk posed to the information asset

-performed a thorough cost-benefit analysis

-determined that the costs to control the risk to an information asset are much lower than the benefit gained from the information asset

-assessed the probability of attack and the likelihood of a successful exploitation of a vulnerability

determined that the costs to control the risk to an information asset are much lower than the benefit gained from the information asset

How well did you know this?

Not at all

Perfectly

What can be described as the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility?

risk appetite

How well did you know this?

Not at all

Perfectly

The goal of InfoSec is not to bring residual risk to __________; rather, it is to bring residual risk in line with an organization’s risk appetite.

zero

How well did you know this?

Not at all

Perfectly

All of the following are rules of thumb for selecting a risk treatment strategy EXCEPT:

-When a vulnerability exists in an important asset, implement security controls to reduce the likelihood of a vulnerability being exploited.

-When the likelihood of an attack is high and the impact is great, outsource security efforts so that any resulting loss is fiscally someone else’s responsibility.

-When a vulnerability can be exploited, apply layered protections, architectural designs, and administrative controls to minimize the risk or prevent the occurrence of an attack.

-When the potential loss is substantial, apply design principles, architectural designs, and technical and nontechnical protections to limit the extent of the attack, thereby reducing the potential for loss.

When the likelihood of an attack is high and the impact is great, outsource security efforts so that any resulting loss is fiscally someone else’s responsibility.

How well did you know this?

Not at all

Perfectly

Which of the following is NOT a valid rule of thumb on risk treatment strategy selection?

-When a vulnerability exists: Implement security controls to reduce the likelihood of a vulnerability being exploited.

-When a vulnerability can be exploited: Apply layered protections, architectural designs, and administrative controls to minimize the risk or prevent the occurrence of an attack.

-When the attacker’s potential gain is less than the costs of attack: Apply protections to decrease the attacker’s cost or reduce the attacker’s gain by using technical or operational controls.

-When the potential loss is substantial: Apply design principles, architectural designs, and technical and non-technical protections to limit the extent of the attack, thereby reducing the potential for loss.

When the attacker’s potential gain is less than the costs of attack: Apply protections to decrease the attacker’s cost or reduce the attacker’s gain by using technical or operational controls.

How well did you know this?

Not at all

Perfectly

Once a control strategy has been selected and implemented, what should be done on an ongoing basis to determine its effectiveness and to estimate the remaining risk?

monitoring and measurement

How well did you know this?

Not at all

Perfectly

When vulnerabilities have been controlled to the degree possible, what is the remaining risk that has not been completely removed, shifted, or planned for?

residual risk

How well did you know this?

Not at all

Perfectly

The financial savings from using the defense risk treatment strategy to implement a control and eliminate the financial ramifications of an incident is known as __________.

cost avoidance

How well did you know this?

Not at all

Perfectly

Also known as an economic feasibility study, the formal assessment and presentation of the economic expenditures needed for a particular security control, contrasted with its projected value to the organization, is known as __________.

cost-benefit analysis (CBA)

How well did you know this?

Not at all

Perfectly

The process of assigning financial value or worth to each information asset is known as __________.

asset valuation

How well did you know this?

Not at all

Perfectly

Which of the following affects the cost of a control?

-liability insurance

-CBA report

-asset resale

-maintenance

maintenance

How well did you know this?

Not at all

Perfectly

Each of the following is an item that affects the cost of a particular risk treatment strategy EXCEPT:

-cost of maintenance (labor expense to verify and continually test, maintain, train, and update)

-cost of development or acquisition (hardware, software, and services)

-cost of implementation (installing, configuring, and testing hardware, software, and services)

-cost of IT operations (keeping systems operational during the period of treatment strategy development)

cost of IT operations (keeping systems operational during the period of treatment strategy development)

How well did you know this?

Not at all

Perfectly

By multiplying the asset value by the exposure factor, you can calculate what?

single loss expectancy

How well did you know this?

Not at all

Perfectly

Each of the following is a commonly used quantitative approach for asset valuation EXCEPT:

-value to owners

-value to competitors

-value retained from past maintenance

-value to adversaries

value to competitors

How well did you know this?

Not at all

Perfectly

What is the result of subtracting the postcontrol annualized loss expectancy and the annualized cost of the safeguard from the precontrol annualized loss expectancy?

cost-benefit analysis

How well did you know this?

Not at all

Perfectly

What determines how well a proposed treatment will address user acceptance and support, management acceptance and support, and the system’s compatibility with the requirements of the organization’s stakeholders?

operational feasibility

How well did you know this?

Not at all

Perfectly

What determines acceptable practices based on consensus and relationships among the communities of interest?

political feasibility

How well did you know this?

Not at all

Perfectly

What determines whether the organization already has or can acquire the technology necessary to implement and support the proposed treatment?

technical feasibility

What determines how well the proposed InfoSec treatment alternatives will contribute to the efficiency, effectiveness, and overall operation of an organization?

organizational feasibility

Which of the following is NOT an alternative to using CBA to justify risk controls? -benchmarking -due care and due diligence -selective risk avoidance -the gold standard

selective risk avoidance

In which technique does a group rate or rank a set of information, compile the results, and repeat until everyone is satisfied with the result?

Delphi

Which alternative risk management methodology is a process promoted by the Computer Emergency Response Team (CERT) Coordination Center (www.cert.org) that has three variations for different organizational needs, including one known as ALLEGRO?

OCTAVE

The Microsoft Risk Management Approach includes four phases; which of the following is NOT one of them? -conducting decision support -implementing controls -evaluating alternative strategies -measuring program effectiveness

evaluating alternative strategies

Which of the following is not a step in the FAIR risk management framework? -identify scenario components -evaluate loss event frequency -assess control impact -derive and articulate risk

assess control impact

What does FAIR rely on to build the risk management framework that is unlike many other risk management frameworks?

qualitative assessment of many risk components

The ISO 27005 Standard for Information Security Risk Management includes all but which of the following stages?

risk determination

Which international standard provides a structured methodology for evaluating threats to economic performance in an organization and was developed using the Australian/New Zealand standard AS/NZS 4360:2004 as a foundation?

ISO 31000

The NIST risk management approach includes all but which of the following elements? -inform -assess -frame -respond

inform

NIST’s Risk Management Framework follows a three-tiered approach, with most organizations working from the top down, focusing first on aspects that affect the entire organization, such as __________.

governance

Which of the following is NOT one of the methods noted for selecting the best risk management model? -Use the methodology most similar to what is currently in use. -Study known approaches and adapt one to the specifics of the organization. -Hire a consulting firm to provide a proprietary model. -Hire a consulting firm to develop a proprietary model.

Use the methodology most similar to what is currently in use.

In information security, a framework or security model customized to an organization, including implementation details, is a _________.

blueprint

Which of the following is a generic model for a security program?

framework

In information security, a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls is known as a __________.

framework

Which of the following is the original purpose of ISO/IEC 17799?

To offer guidance for the management of InfoSec to individuals responsible for their organization’s security programs

When the ISO 27002 standard was first proposed, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems; which of the following is NOT one of them? -It was not as complete as other frameworks. -The standard lacked the measurement precision associated with a technical standard. -The standard was hurriedly prepared. -It was feared it would lead to government intrusion into business matters.

It was feared it would lead to government intrusion into business matters.

One of the most widely referenced InfoSec management models, known as Information Technology—Code of Practice for Information Security Management, is also known as __________.

ISO 27002

The managerial tutorial equivalent of NIST SP 800-12, providing overviews of the roles and responsibilities of a security manager in the development, administration, and improvement of a security program, is NIST __________.

SP 800-100: Information Security Handbook: A Guide for Managers (2007)

Which NIST publication describes the philosophical guidelines that the security team should integrate into the entire InfoSec process, beginning with “Security supports the mission of the organization”?

SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems (1996)

This NIST publication provides information on the elements of InfoSec, key roles and responsibilities, an overview of threats and vulnerabilities, a description of the three NIST security policy categories, and an overview of the NIST RM Framework and its use, among other topics needed for a foundation in InfoSec.

SP 800-12, Rev. 1: An Introduction to Information Security (2017)

Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec, and was created by ISACA and the IT Governance Institute?

COBIT

Although COBIT was designed to be an IT __________ and management structure, it includes a framework to support InfoSec requirements and assessment needs.

The COSO framework is built on five interrelated components. Which of the following is NOT one of them? -control environment -risk assessment -control activities -InfoSec governance

InfoSec governance

The Information Technology Infrastructure Library (ITIL) is a collection of methods and practices primarily for __________.

managing the development and operation of IT infrastructures

The Information Security __________ is a managerial model provided by an industry working group, National Cyber Security Partnership, which provides guidance in the development and implementation of organizational InfoSec structures and recommends the responsibilities that various members should have in an organization.

Governance Framework

Which piece of the Trusted Computing Base's security system manages access controls?

reference monitor

Which security architecture model is part of a larger series of standards collectively referred to as the “Rainbow Series”?

TCSEC

Under the Common Criteria, which term describes the user-generated specifications for security requirements?

Protection Profile (PP)

Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?

least privilege

What is the information security principle that requires significant tasks to be split up so that more than one individual is required to complete them?

separation of duties

Which access control principle limits a user’s access to the specific information required to perform the currently assigned task?

need-to-know

Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following?

corrective

Which of the following is NOT a category of access control? preventative mitigating deterrent compensating

mitigating

Which control category discourages an incipient incident—e.g., video monitoring?

deterrent

An information attack that involves searching through a target organization’s trash and recycling bins for sensitive information is known as __________.

dumpster diving

Which of the following is NOT one of the three levels in the U.S. military data classification scheme for National Security Information? confidential secret top secret for official use only

for official use only

Which of the following specifies the authorization level that each user of an information asset is permitted to access, subject to the need-to-know principle?

security clearances

Under lattice-based access controls, the column of attributes associated with a particular object (such as a printer) is referred to as which of the following?

access control list

Which type of access controls can be role-based or task-based?

nondiscretionary

In which form of access control is access to a specific set of information contingent on its subject matter?

content-dependent access controls

An ATM that limits what kinds of transactions a user can perform is an example of which type of access control?

constrained user interface

A time-release safe is an example of which type of access control?

temporal isolation

Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones?

Biba

Which of the following is NOT a change control principle of the Clark-Wilson model? -no changes by unauthorized subjects -no unauthorized changes by authorized subjects -no changes by authorized subjects without external validation -the maintenance of internal and external consistency

no changes by authorized subjects without external validation

Which of the following is NOT a common type of background check that may be performed on a potential employee? -identity -political activism -motor vehicle records -drug history

political activism

Employees pay close attention to job __________, and including InfoSec tasks in them will motivate employees to take more care when performing these tasks.

performance evaluations

Employees new to an organization should receive an extensive InfoSec briefing that includes all of the following EXCEPT: -signing the employment contract -security policies -security procedures -access levels

signing the employment contract

Incorporating InfoSec components into periodic employee performance evaluations can __________.

heighten InfoSec awareness

Which of the following is NOT a task that must be performed if an employee is terminated? -former employee must return all media -former employee’s home computer must be audited -former employee’s office computer must be secured -former employee should be escorted from the premises

former employee’s home computer must be audited

What policy requires that every employee be able to perform the work of at least one other staff member?

job rotation

What policy requires that two individuals review and approve each other’s work before the task is considered complete?

two-person control

What policy makes it difficult for an individual to violate InfoSec and is quite useful in monitoring financial affairs?

separation of duties

Organizations are required by privacy laws to protect sensitive or personal employee information, including __________.

personally identifiable information (PII)

Contract employees—or simply contractors—should not be allowed to do what?

Wander freely in and out of facilities.

Workers typically hired to perform specific services for the organization and hired via a third-party organization are known as __________.

contract employees

If a temporary worker (temp) violates a policy or causes a problem, what is the strongest action that the host organization can usually take, depending on the SLA?

Terminate the relationship with the individual and request that he or she be censured.

What is described as the process of designing, implementing, and managing the use of the collected data elements to determine the effectiveness of the overall security program?

performance management

Organizations must consider all but which of the following during development and implementation of an InfoSec measurement program? -Measurements must yield quantifiable information. -Data that supports the measures needs to be readily obtainable. -Only repeatable InfoSec processes should be considered for measurement. -Measurements must be useful for tracking non-compliance by internal personnel.

Measurements must be useful for tracking non-compliance by internal personnel.

Which of the following is NOT a factor critical to the success of an information security performance program? -strong upper-level management support -high level of employee buy-in -quantifiable performance measurements -results-oriented measurement analysis

high level of employee buy-in

Which of the following is NOT one of the types of InfoSec performance measures used by organizations? -those that determine the effectiveness of the execution of InfoSec policy -those that determine the effectiveness and/or efficiency of the delivery of InfoSec services -those that evaluate the frequency with which employees access internal security documents -those that assess the impact of an incident or other security event on the organization or its mission

those that evaluate the frequency with which employees access internal security documents

Which of the following is NOT a question a CISO should be prepared to answer before beginning the process of designing, collecting, and using performance measurements, according to Kovacich? -Why should these measurements be collected? -Where will these measurements be collected? -What affect will measurement collection have on efficiency? -Who will collect these measurements?

What affect will measurement collection have on efficiency?

The InfoSec measurement development process recommended by NIST is divided into two major activities. Which of the following is one of them? -development and selection of qualified personnel to gauge the implementation, effectiveness, efficiency, and impact of the security controls -identification and definition of the current InfoSec program -maintenance of the vulnerability management program -comparison of organizational practices against similar organizations

identification and definition of the current InfoSec program

InfoSec measurements collected from production statistics depend greatly on which of the following factors?

number of systems and users of those systems

Which of the following is NOT a phase in the NIST InfoSec performance measures development process? -Identify relevant stakeholders and their interests in InfoSec measurement. -Integrate the organization’s process improvement activities across all business areas. -Identify and document the InfoSec performance goals and objectives that would guide security control implementation for the InfoSec program. -Review any existing measurements and data repositories that can be used to derive measurement data.

Identify relevant stakeholders and their interests in InfoSec measurement.

One of the fundamental challenges in InfoSec performance measurement is defining what?

effective security

NIST recommends the documentation of performance measurements in a standardized format to ensure ____________.

the repeatability of measurement development, customization, collection, and reporting activities

What is a possible result of failure to establish and maintain standards of due care and due diligence?

legal liability

Which of the following is NOT a consideration when selecting recommended best practices? -threat environment is similar -resource expenditures are practical -organization structure is similar -same certification and accreditation agency or standard

same certification and accreditation agency or standard

Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing is known as which of the following?

benchmarking

What do you call the legal requirements that an organization must adopt a standard based on what a prudent organization should do, and then maintain that standard?

due care and due diligence

Problems with benchmarking include all but which of the following? -Organizations don’t often share information on successful attacks. -Organizations being benchmarked are seldom identical. -Recommended practices change and evolve, so past performance is no indicator of future success. -Benchmarking doesn’t help in determining the desired outcome of the security process.

Benchmarking doesn’t help in determining the desired outcome of the security process

Which of the following is NOT a question to be used as a self-assessment for recommended security practices in the category of people? -Do you perform background checks on all employees with access to sensitive data, areas, or access points? -Are the user accounts of former employees immediately removed on termination? -Would the typical employee recognize a security issue? -Would the typical employee know how to report a security issue to the right people?

Are the user accounts of former employees immediately removed on termination?

The ISO certification process takes approximately six to eight weeks and involves all of the following steps EXCEPT: -rejection of the certification application based on lack of compliance or failure to remediate shortfalls -initial assessment of the candidate organization’s InfoSec management systems, procedures, policies, and plans -writing of a manual documenting all procedural compliance presentation of certification by the certification organization

rejection of the certification application based on lack of compliance or failure to remediate shortfalls

The benefits of ISO certification to organizations include all of the following EXCEPT: -increased opportunities for government contracts -reduced costs associated with incidents -smoother operations resulting from more clearly defined processes and responsibilities -improved public image of the organization, as certification implies increased trustworthiness

increased opportunities for government contracts

The benefits of ISO certification to an organization's employees include all of the following EXCEPT: -reduced employee turnover due to misinterpreted security policies and practices -lower risk of accidents and incidents associated with critical or sensitive information -employee confidence in organizational security practices -improved productivity and job satisfaction from more clearly defined InfoSec roles and responsibilities

reduced employee turnover due to misinterpreted security policies and practices

The organization of a task or process so it requires at least two individuals to work together to complete is known as __________ control.

two-person

A conspiracy or cooperation between two or more individuals or groups to commit illegal or unethical actions is known as __________.

collusion

The requirement that all critical tasks can be performed by multiple individuals is known as __________.

task rotation

The requirement that every employee be able to perform the work of at least one other employee is known as __________.

job rotation

A requirement that all employees take time off from work, which allows the organization to audit the individual’s areas of responsibility, is known as __________ vacation policy.

mandatory

Best security practices balance the need for user __________ to information with the need for adequate protection while simultaneously demonstrating fiscal responsibility.

access

A practice related to benchmarking is __________, which is a measurement against a prior assessment or an internal goal.

baselining

__________ encompasses a requirement that the implemented standards continue to provide the required level of protection.

Due diligence

A goal of 100 percent employee InfoSec training as an objective for the training program is an example of a performance __________.

target

The Hartford insurance company estimates that, on average, __________ businesses that don’t have a disaster plan go out of business after a major loss like a fire, a break-in, or a storm.

over 40 percent of

Contingency planning is primarily focused on developing __________.

plans for unexpected adverse events

The actions taken by senior management to specify the organization’s efforts and actions if an adverse event becomes an incident or disaster are known as __________.

contingency planning

Which of the following is the first component in the contingency planning process?

business impact analysis

The team responsible for designing and managing the IR plan by specifying the organization’s preparation, reaction, and recovery from incidents is known as the __________.

computer security incident response team (CSIRT)

The group of senior managers and project members organized to conduct and lead all CP efforts is known as the __________.

crisis management planning team (CMPT)

What is the final stage of the business impact analysis when using the NIST SP 800-34 approach?

Identify recovery priorities for system resources.

What is a mathematical tool that is useful in assessing the relative importance of business functions based on criteria selected by the organization?

weighted table analysis

At what point in the incident life cycle is the IR plan initiated?

when an incident is detected that affects the organization

Which of the following is NOT a major component of contingency planning?

threat assessment

According to NIST’s SP 800-34, Rev. 1, which of the following is NOT one of the stages of the business impact assessment? -Calculate asset valuation and combine with the likelihood and impact of potential attacks in a TVA worksheet. -Determine mission/business processes and recovery criticality. -Identify resource requirements. -Identify recovery priorities for system resources.

Calculate asset valuation and combine with the likelihood and impact of potential attacks in a TVA worksheet.

The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption, including all impact considerations, is known as __________.

maximum tolerable downtime (MTD)

The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources and supported business processes is known as __________.

recovery time objective (RTO)

A useful tool for resolving the issue of what business function is the most critical, based on criteria selected by the organization, is the __________.

weighted table analysis or weighted factor analysis

Which of the following is the first major task in the BIA, according to NIST SP 800-34, Rev. 1? -Calculate asset valuation and combine with the likelihood and impact of potential attacks in a TVA worksheet. -Determine mission/business processes and recovery criticality. -Identify resource requirements. -Identify recovery priorities for system resources.

Determine mission/business processes and recovery criticality.

The amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered is known as __________.

work recovery time (WRT)

Which of the following NIST Cybersecurity Framework (CSF) stages relates to reacting to an incident?

Respond

Which of the following NIST Cybersecurity Framework (CSF) stages relates to implementation of effective security controls (policy, education, training and awareness, and technology)?

Protect

Which of the following is NOT a stage in the NIST Cybersecurity Framework (CSF)? -Identify -Detect -Recover -React

React

What is a backup method that uses bulk batch transfer of data to an off-site facility and is usually conducted via leased lines or secure Internet connections?

electronic vaulting

What refers to the backup of data to an off-site facility in close to real time based on transactions as they occur?

remote journaling

What is the process of examining a possible incident and determining whether it constitutes an actual incident?

incident classification

Which of the following is a "possible" indicator of an actual incident, according to Donald Pipkin? -unusual consumption of computing resources -activities at unexpected times -presence of hacker tools -reported attacks

unusual consumption of computing resources

Which of the following is a definite indicator of an actual incident, according to Donald Pipkin? -unusual system crashes -reported attack -presence of new accounts -use of dormant accounts

use of dormant accounts

The steps in IR are designed to:

stop the incident, mitigate incident effects, provide information for recovery from the incident

What determines the scope of the breach of confidentiality, integrity, and availability of information and information assets?

incident damage assessment

What is an organizational CP philosophy for overall approach to contingency planning reactions?

protect and forget

Which of the following is a part of the incident recovery process? -identifying the vulnerabilities that allowed the incident to occur and spread -determining the event’s impact on normal business operations and, if necessary, making a disaster declaration -supporting personnel and their loved ones during the crisis -keeping the public informed about the event and the actions being taken to ensure the recovery of personnel and the enterprise

identifying the vulnerabilities that allowed the incident to occur and spread

After an incident, but before returning to its normal duties, the CSIRT must do which of the following?

Conduct an after-action review.

Which of the following is the best example of a rapid-onset disaster? -flood -hurricane -famine -environmental degradation

flood

When a disaster renders the current business location unusable, which plan is put into action?

business continuity

In the event of an incident or disaster, which planning element is used to guide off-site operations?

business continuity

Which of the following is true about a hot site? -It is an empty room with standard heating, air conditioning, and electrical service. -It includes computing equipment and peripherals with servers but not client workstations. -It duplicates computing resources, peripherals, phone systems, applications, and workstations. -All communications services must be installed after the site is occupied.

It duplicates computing resources, peripherals, phone systems, applications, and workstations.

In which type of site are no computer hardware or peripherals provided?

cold site

Which of the following is a responsibility of the crisis management team? -restoring the data from backups -evaluating monitoring capabilities -keeping the public informed about the event and the actions being taken -restoring the services and processes in use

keeping the public informed about the event and the actions being taken

In which contingency plan testing strategy do individuals follow each and every IR/DR/BC procedure, including the disruption of service, restoration of data from backups, and notification of appropriate individuals?

full-interruption

In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?

simulation

__________ are a component of the "security triple."

Threats, Assets, Vulnerabilities

A(n) __________ item is a hardware or software item that is to be modified and revised throughout its life cycle.

configuration

A __________ is the recorded condition of a particular revision of a software or hardware configuration item.

version

To maintain optimal performance, one typical recommendation suggests that when the memory usage associated with a particular CPU-based system averages __________% or more over prolonged periods, you should consider adding more memory.

To evaluate the performance of a security system, administrators must establish system performance __________.

baselines

Control __________ baselines are established for network traffic and for firewall performance and IDPS performance.

performance

A primary mailing list for new vulnerabilities, called simply __________, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists.

Bugtraq

The __________ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.

CERT/CC

The __________ Web site is home to the leading free network exploration tool, Nmap.

insecure.org

The __________ commercial site focuses on current security tool resources.

Packet Storm

The __________ mailing list includes announcements and discussion of a leading open-source IDPS.

Snort

The optimum approach for escalation is based on a thorough integration of the monitoring process into the __________.

IRP

Detailed __________ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported.

intelligence

A process called __________ examines the traffic that flows through a system and its associated devices to identify the most frequently used devices.

traffic analysis

One approach that can improve the situational awareness of the information security function is to use a process known as __________ to quickly identify changes to the internal environment.

difference analysis

__________ is used to respond to network change requests and network architectural design proposals.

Network connectivity RA

The __________ is a statement of the boundaries of the RA.

scope

The __________ process is designed to find and document vulnerabilities that may be present because there are misconfigured systems in use within the organization.

PSV

__________, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a malicious external source (hacker).

Penetration testing

Common vulnerability assessment processes include:

Internet VA, wireless VA, intranet VA

__________ penetration testing is usually used when a specific system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target.

White box

A step commonly used for Internet vulnerability assessment includes __________, which occurs when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection.

scanning

The __________ vulnerability assessment is a process designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network.

intranet

The __________ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization’s wireless local area networks.

wireless

What access control processes confirms the identity of the entity seeking access to a logical or physical area?

authentication

Which of the following is NOT among the three types of authentication mechanisms? -something a person knows -something a person has -something a person says -something a person can produce

something a person says

Which of the following characteristics currently used for authentication purposes is the LEAST unique? -fingerprints -iris -retina -face geometry

face geometry

The rate at which authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device is known as the __________.

false reject rate

What is a commonly used criterion for comparing and evaluating biometric technologies?

crossover error rate

What biometric authentication systems is considered to be truly unique, suitable for use, and currently cost-effective?

fingerprint recognition

What biometric authentication systems is the most accepted by users?

signature recognition

Which type of firewall keeps track of each network connection established between internal and external systems?

stateful packet inspection

The combination of a system's TCP/IP address and a service port is known as a __________.

socket

Which type of device exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server?

proxy server

The intermediate area between trusted and untrusted networks is referred to as which of the following?

demilitarized zone

Which type of device can react to network traffic and create or modify configuration rules to adapt?

dynamic packet filtering firewall

Which technology employs sockets to map internal private network addresses to a public address using one-to-many mapping?

port-address translation

The bastion host is usually implemented as a __________, as it contains two network interfaces: one that is connected to the external network and one that is connected to the internal network, such that all traffic must go through the device to move between the internal and external networks.

dual-homed host

In the _________ firewall architecture, a single device configured to filter packets serves as the sole security point between the two networks.

single bastion host

Which of the following is true about firewalls and their ability to adapt in a network? -Firewalls can interpret human actions and make decisions outside their programming. -Because firewalls are not programmed like a computer, they are less error prone. -Firewalls are flexible and can adapt to new threats. -Firewalls deal strictly with defined patterns of measured observation.

Firewalls deal strictly with defined patterns of measured observation.

Which of the following is NOT one of the administrative challenges to the operation of firewalls? -training -uniqueness -replacement -responsibility

replacement

Which of the following is NOT a method employed by IDPSs to prevent an attack from succeeding? -sending DoS packets to the source -terminating the network connection -reconfiguring network devices -changing the attack’s content

sending DoS packets to the source

Which type of IDPS is also known as a behavior-based intrusion detection system?

anomaly-based

In an IDPS, a piece of software that resides on a system and reports back to a management server is known as a(n) __________.

Both of these are correct.

Which type of IDPS works like antivirus software?

signature-based

Which tool can best identify active computers on a network?

port scanner

What is the next phase of the pre-attack data gathering process after an attacker has collected all of an organization’s Internet addresses?

fingerprinting

What tool would you use if you want to collect information as it is being transmitted on the network and analyze the contents for the purpose of solving network problems?

packet sniffer

What is an application that entices individuals who are illegally perusing the internal areas of a network by providing simulated rich content areas while the software notifies the administrator of the intrusion?

honey pot

What is the organized research and investigation of Internet addresses owned or controlled by a target organization?

footprinting

When an information security team is faced with a new technology, which of the following is NOT a recommended approach? -Determine if the benefits of the proposed technology justify the expected costs. -Include costs for any additional risk control requirements that are mandated by the new technology. -Consider how the proposed solution will affect the organization’s risk exposure. -Evaluate how the new technology will enhance employee skills.

Evaluate how the new technology will enhance employee skills.

What is used in conjunction with an algorithm to make computer data secure from anybody except the intended recipient of the data?

key

In which cipher method are values rearranged within a block to create the ciphertext?

permutation

Which of the following is true about symmetric encryption? -It uses a secret key to encrypt and decrypt. -It uses a private and public key. -It is also known as public key encryption. -It requires four keys to hold a conversation.

It uses a secret key to encrypt and decrypt.

Which technology has two modes of operation: transport and tunnel?

IP Security Protocol

What provides an identification card of sorts to clients who request services in a Kerberos system?

ticket granting service

What is a Kerberos service that initially exchanges information with the client and server by using secret keys?

key distribution center

What is most commonly used for the goal of nonrepudiation in cryptography?

digital signature

The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption is known as __________.

cryptanalysis

Quiz Pool Chapters 7-12 Flashcards

(206 cards)