Security Chapt 4 – Flashcards
Unlock all answers in this set
Unlock answersquestion
Which of the following is defined as a contract which prescribes the technical support or business parameters that a provider will bestow to its client?
answer
service level agreement
question
HIPPA is a set of regulation federal regulations that define security guidelines that enforce the protection of what?
answer
privacy
question
Which of the following policies specifically protects PII?
answer
Privacy
question
Which of the following defines an acceptable use agreement?
answer
An agreement which identifies the employees rights to use company property such as internet access an computer equipment for personal use
question
You have recently discovered that a network attack has compromised your database server. In the process customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occurring in the future. What else might you be legally required to do?
answer
contact your customers and let them know of the security breach
question
When informing an employee they are being terminated what is the most important activity?
answer
disabling their network access
question
What is the most effective means of improving or enforcing security in any environment?
answer
user awareness training
question
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent extracting data from the discs?
answer
shredding
question
Which of the following best describes the concept of due care or due diligence?
answer
reasonable precautions based on industry best practices are utilized and documented
question
Which of the following is a high-level general statement about the role of security in the organization?
answer
policy
question
Which of the following is a recommendation to use when a specific standard or procedure does not exist ?
answer
guideline
question
Which of the following is the best protection against security violations?
answer
defense in depth
question
Who has the responsibility for the development of security policy?
answer
senior management
question
What is the primary purpose of source code escrow?
answer
to obtain change rights over software after the vendor goes out of business
question
What is the primary purpose of change control?
answer
prevent unmanaged change
question
1. Make sure that remote access connections are secure 2. Create a list of all protocols being used on the network 3. Identify choke points on the network 4. Use timestamps on all documents 5. Create a list of all devices
answer
1. reach your network 2. map your network 3. protect your network 4. prepare to document 5. map your network
question
1. Remove insecure protocols 2. implement the principle of least privilege 3. segregate and isolate networks 4. establish an update management process 5. establish a baseline for all systems
answer
1.reach your network 2. control your network 3. protect your network 4. manage your network 5. manage your network
question
You have recently been hired as a new network administrator for a startup company. The company's network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a manageable network plan for the network. You've already completed the 1st and 2nd milestones where documentation procedures were identified and the network was mapped. You are now working on 3rd milestones where you must identify ways to protect the network. Which tasks should you complete as part of this milestone?
answer
physically secure high value systems identify and document each user on the network
question
When recovery is being performed due to a disaster, which services are to be stabilized first?
answer
mission critical
question
In business continuity planning what is the primary focus of the scope?
answer
business processes
question
What is the primary goal of business continuity planning?
answer
Maintaining business operations with reduced or restricted infrastructure capabilities or resources
question
The company is implementing a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP). It is time for the control tests and the company would like to perform compliance testing. Which of the following best describes compliance testing?
answer
The testing of control procedures to see if they are working as expected and are being implemented in accordance with management policies
question
When is the BCP design and development actually completed?
answer
never
question
As a BCP or DRP plan evolves over time what is the most important task to perform when rolling out a new version of the plan?
answer
collect and destroy all old plan copies
question
You are a database administrator and the first responder for database attacks. You have decided to test one of your current Business Continuity Plan (BCP) with two other database professionals. Which type of BCP test is this considered?
answer
Tabletop exercise
question
Which of the following is not a valid response to a risk discovered during a risk analysis?
answer
Denial
question
Which of the following best defines Single Loss Expectancy (SLE) ?
answer
The total monetary loss associated with a single occurrence of a threat.
question
What is the average number of times that a specific risk is likely to be realized?
answer
Annualized rate of occurrence
question
When analyzing assets which analysis method assigns financial values to assets?
answer
Quantitative
question
Which of the following statements is true in regards to risk analysis?
answer
Annualize Rate of Occurrence (ARO) identifies how often in a single year the successful threat attack will occur Don't implement a countermeasure if the cost is greater than loss
question
When would choosing to do nothing about an identified risk acceptable?
answer
When the cost of protecting the asset is greater than potential lost
question
If an organization shows sufficient due care, which burden is eliminated in the event of a security breach?
answer
Negligence
question
You have conducted a risk analysis to protect a key company asset. You identify the following areas: Asset value= 400 Exposure Factor=75 Annualized Rate of occurrences = .25 What is the Annualized Loss Expectancy? (ALE)
answer
75
question
When conducting a risk assessment how is the Annualized Rate of Occurrence (ARO) calculated?
answer
Through historical data provided by insurance companies and crime statistics
question
Purchasing insurance is what type of response to risk?
answer
Transference
question
To determine the value of the company assets an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used?
answer
Delphi method
question
You have conducted a risk analysis to protect a key company asset. You identify the following areas: Annual Value =400 Exposure Factor=75 Annualized Rate of Occurrence= .25 What is the single loss expectancy (SLE)?
answer
300
question
You have conducted a risk analysis to protect a key company asset. You identify the following areas: Annual Value =400 Exposure Factor=75 Annualized Rate of Occurrence= .25 Countermeasure A has a cost of 320 and will protect the asset for 4 years. Countermeasure B has an annual cost of 85. An insurance policy to protect the asset has an annual premium of 90. What should you do?
answer
Accept the risk or find another countermeasure
question
Which type of data loss prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies?
answer
Network DLP
question
You are the network admin over 2 Windows based sites. You have almost 2000 employees with workstations and 64 servers that need to be more secure. You have decided to implement a Data Loss Prevention (DLP) solution to detect and stop breaches of sensitive data. You decide to implement e-mail and instant messaging communication controls so that messages that violate your organizations security policy are blocked at the workstation before being transmitted on the network. Which DLP solution should you implement?
answer
Endpoint DLP
question
After an intrusion has occurred and the intruder has been removed from the system, which of the following is the next best step or action to take ?
answer
Back up all logs and audits regarding the incident
question
Which of the following is an important aspect of evidence gathering?
answer
backing up all logs and files and audit trails
question
Which method can be used to verify that a bit-level image copy of the hard drive is an exact clone of the original hard drive collected as evidence?
answer
Hashing
question
The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence?
answer
Rebooting the system
question
How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence?
answer
create a checksum using the hashing algorithm
question
You manage a network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of info it contains. What should you do first?
answer
make a bit level copy of the disk
question
During a recent site survey you find a rogue wireless access pt in your network. Which of the following actions should you take first to protect your network while still trying to preserve evidence ?
answer
Disconnect the access point from the network
question
You have discovered a computer that is connected to your network that was used for an attack. You have disconnected the computer from the network to isolate it from the network and stop the attack. What should you do next ?
answer
perform a memory dump
question
When conducting a forensic investigation and assuming that the attack has been stopped which of the following actions should you perform first?
answer
document whats on the screen
question
Arrange the computer components listed on the left in order decreasing volatility on the right
answer
CPU Registers & Caches System Ram Paging File hard disk File system backup on an external USB drive
question
What is the best definition of a security incident?
answer
Violation of security policy
question
When conducting a forensic investigation which of the following initial actions is appropriate for preserving evidence?
answer
Document whats on the screen
question
What is the most important element related to evidence in addition to evidence itself ?
answer
chain of custody document
question
The chain of custody is used for what purpose?
answer
Listing people coming into contact with evidence
question
You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discover up through the time of presentation in court. What type of document is this?
answer
Chain of custody
question
What is the primary countermeasure to social engineering ?
answer
awareness
question
How can an organization help prevent social engineering attacks?
answer
Publish and enforce clearly written security policies Educate employees on the risks and countermeasures
question
Which of the following is a form of attack that tricks victims into providing confidential info such as identity info or logon credentials through email or websites that impersonate an online entity that the victim trusts such as a financial institution or a well known ecommerce site?
answer
Phishing
question
1. Phishing 2. Whaling 3. Spear Phishing 4. Dumpster Diving 5. Piggybacking 6.Vishing
answer
1. an attacker sends an email pretending to be from a trusted organization asking users to access a website to verify personal info 2.An attacker gathers personal info about the target individual who is a CEO 3.An attacker gathers personal info about the target individual in an organization 4. An attacker searches through an organizations trash looking for sensitive info 5. An attacker enters a secured building by following an authorized employee through a secure door without providing identification 6. An attacker uses a telephone to convince target individuals to reveal their credit card info
question
Which of the following is a common form of social engineering attacks ?
answer
Hoax virus info emails
question
You have just received a generic looking email that is addressed as coming from an admin of your company. The email says that as part of a system upgrade you are to go to a web site and enter your username and password at a new website so you can manage your email and spam using the new service ? What should you do?
answer
verify the email was sent by the admin and that the new service is legit
question
Dumpster diving is a low tech means of gathering info that may be useful in gaining unauthorized access or as a starting pt for more advanced attacks. How can a company reduce the risk associated with dumpster diving?
answer
establish and enforce a document destruction policy
question
What is the primary difference between impersonation and masquerading?
answer
one is more active the other is more passive
question
Which of the following social engineering attacks uses Voice over IP (VOIP) to gain sensitive info?
answer
Vishing
question
A senior executive reports she received an email concerning a sensitive internal project that is behind production. The email is sent from someone she doesn't know and he is asking for immediate clarification on several of the projects details so the project can get back on schedule. Which type of attack best describes the scenario?
answer
Whaling
question
The receptionist received a phone call from an individual claiming to be a partner in a high level project and requesting sensitive info. The individual is engaging in which type of social engineering attack?
answer
Authority
question
By definition which type of social engineering attack uses of a fictions scenario to persuade someone to give info for which they are not authorized?
answer
Pretexting
question
Which type of social engineering attack uses peer pressure to persuade someone to help an attacker?
answer
social validation
question
You have just received an email message that indicates as new serious malicious code threat is ravaging the internet. The message contains detailed info about the threat its source code and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by prescence of three files in the windowssystems32 folder. As a countermeasure the message suggests that you delete these 3 files from your system to prevent further spread of the threat. What should your first action based on this message be?
answer
verify the info on well known malicious code threat management web sites
question
Dictionary attacks are often more successful when performed after what reconnaissance action?
answer
social engineering
question
What is the following term used to describe a level of confidence that the evaluation methods were thorough and complete so that security designation can be trusted?
answer
Assurance
question
Which of the following defines system high mode?
answer
all systems and peripherals within a system are classified and then protected according to the level of classification assigned to the most highly classified object which resides on the system
question
Which of the following is not used by the reference monitor to determine levels of access?
answer
ring architecture
question
Which of the following defines layering in regards to system access control ?
answer
various tasks are divided into hierarchal manner to provide security
question
Which of the following terms restricts the ability of a program to read and write to memory according to permissions or access level?
answer
confinement
question
Who is assigned the task of judging security of a system or a network and granting approval to operate ?
answer
designated approving authority
question
A process performed in a controlled environment by a third party which verifies that an IS meets a specific set of security standards before being granted approval to operate is known as ?
answer
accreditation
question
Which is the operating mode of a system that is deployed in such a way so that it operates at a single level of classification and all users who can access the system all have that same specific clearance level as well as all of the need to know over all the data on the system?
answer
dedicated
question
Which of the following components of the Common Criteria (CC) evaluation system is a document written by a user or community that identifies the security requirements for a specific purpose?
answer
protection profile
question
Which of the following terms describes the product that is evaluated against security requirements in the Common Criteria (CC) evaluation system?
answer
Target of evaluation (TOE)
question
Which of the following best describes the Security Target (ST) in the common criteria (CC) evaluation system?
answer
The ST is a document that describes the security properties of a security product
question
Which of the following is a representative example of an assigned level of a system that was judged through Common Criteria?
answer
EAL5
question
What is another name for a backdoor that was left in a product by the manufacturer by accident ?
answer
Maintenance Hook
question
Which of the following is an action which must take place during the release stage of the SLDC?
answer
vendors develop and release patches in response to exploited vulnerabilities that have not been discovered
question
Which of the following development modes is a method used by programmers while writing programs that allows for optimal control over coherence security accuracy and comprehensibility?
answer
structured programming
question
How often should change management be implemented?
answer
any time a production system is altered
question
In which phase of the system life cycle is security integrated into the product?
answer
project initiation
question
In which phase of the system life cycle is software testing performed?
answer
software development
question
What is the primary purpose of imposing software lifecycle management concepts?
answer
increase the quality of software
question
What is the primary purpose of forcing employees to take mandatory one week minimum vacations every year?
answer
to check for evidence of fraud
question
What is the primary means by which supervisors can determine whether or not employees are complying with the organizations security policy?
answer
auditing
question
A code of ethics provides for all but which of the following?
answer
clearly defines courses of action to take when a complex issue is encountered
question
Which of the following are typically associated with human resources security policies?
answer
background checks termination
question
Over the last month you have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response to take in order to improve or maintain the security level of the environment?
answer
Improve and hold new awareness sessions
question
What is the primary purpose of forcing employees to take mandatory one week minimum vacations every year?
answer
To check their evidence of fraud
question
What is the primary means by which supervisors can determine whether or not employees are complying with the organizations security policy?
answer
Auditing
question
As you are helping a user with a computer problem you notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently required: Minimum password length=10 Minimum password age=4 Maximum password age=30 Password History = 6 Require complex passwords that include numbers and symbols Account lockout clipping level=3 Which of the following is the best action to make remembering passwords easier so that she no longer has to write her password down?
answer
Implement end user training
question
You have installed anti-virus software on computers in your business. Within a few days however you notice one computer has a virus. When you questions the user she says she did install some software a few days ago but it was supposed to be a file compression utility. She admits she did not scan a file before running it. What should you add to your security measures to help prevent this from happening again?
answer
User awareness training
question
Which of the following defines two-man control?
answer
certain tasks should dual - custody in nature to prevent a security breach
question
Which of the following is a legal contract between the organization and the employee that specifies the employees is not to disclose the organizations confidential organization?
answer
non-disclosure agreement
question
Your company security policy requires separation of duties for all network security matters. Which of the following scenarios best describes this concept?
answer
The system admin configures the remote access privileges and the security officer reviews and activates each account.
question
Which of the following is not a protection against collision?
answer
cross training
question
Which of the following is not an element of termination process?
answer
Dissolution of the NDA
question
When informing an employee that they are being terminated, what is the most important activity?
answer
Disabling their network access
question
The best way to initiate solid administrative control over an organizations employees is to have what element in place?
answer
distinct job descriptions
question
1. Conduct role based training 2. Verify an individual's job history 3. Show individuals how to protect sensitive info 4. Disable a users account 5. Remind individuals of NDA agreements 6.Obtain an individuals credit history
answer
1. Employment 2. Pre-Employment 3. Employment 4. Termination 5. Termination 6. Pre-Employment
question
1. Specifies exactly which services will performed by each party 2. Creates an agreement with a vendor to provide services on an ongoing basis 3. Provides a summary of which party is responsible performing specific tasks 4. Documents how the networks will be connected 5. Specifies a preset discounted pricing structure
answer
1. SLA 2. BPO 3. MOU 4. ISA 5.SLA 6. BPO
question
Your organization entered into an Interoperability Agreement (IA) with another organization a year ago. As part of the agreement a federated trust was established between your domain and the partner domain. The partnership has been ongoing operations phase for almost nine months now. As a security administrator which tasks should you complete during this phase ?
answer
Conduct periodic vulnerability assessments Verify compliance with the IA accounts
question
Your organization is in the process of negotiating an Interoperability Agreement (IA) with another organization. As part of your agreement the partner organization purposes that a federated trust be established between your domain and their domain. This configuration will allow users in their domain to access resources in your domain and vice versa. As a security administrator which tasks should you complete during this phase?
answer
Identify how data ownership will be determined Identify how data will be shared
question
1. Communicate vulnerability assessment findings with the other party 2. Disable VPN configurations that allow partner access to your network 3. Compare your organizations security policies against other partner policies 4. Disable the domain trust relationship between networks 5. Identify how privacy will be protected 6. Draft an ISA 7. Conduct regular security audits
answer
1. Ongoing operations 2. off boarding 3. onboarding 4. off boarding 5. onboarding 6. onboarding 7. ongoing operations
