08072017_NewHorizons

Question 1

An ACL is based on an ________

Answer 1

OBJECT

Question 2

Which firewall operates at Layer 3 and 4?

Answer 2

Stateful Inspection Firewall

Question 3

Relationship between GOALS and DOCUMENTS

Answer 3

STRATEGIC = POLICIES
TACTICAL = STANDARDS and GUIDELINES
OPERATIONAL = PROCEDURES and BASELINES

Question 4

SLE Single Loss Expectancy formula

Answer 4

SLE =AV x EF

Question 5

Integrity and ______ depend on each other

Answer 5

CONFIDENTIALITY

Question 6

PPP replaced ____

Answer 6

SLIP

Question 7

ATM is _____ switching. ATM can use both SVC and PVC.

Answer 7

CELL, ATM IS CELL SWITCHING

Question 8

PRIVACY LAWS

Answer 8

ECPA, FERPA, GLBA, HIPAA, Privacy Act 1974

Question 9

A ________ can function or operate as subject or objectt

Answer 9

PROCESS

Question 10

Frame Relay is a packet switching technology that uses ______.

Answer 10

PVC

Question 11

3 Access Control functions that happen AFTER an incident

Answer 11

Recovery Controls -
Corrective Controls - Return to Normal, Restoration, Escort a threat out building.
Detective Controls - IDS, AV

Question 12

Spiral Mode is

Answer 12

Waterfall Model, considered meta-mode

Question 13

A ________list maintains a row of security attributes for each controlled object. This list is the row of an access control matrix

Answer 13

CAPABILITIES

Question 14

DRP is a component of BCP and focuses on _______ processes

Answer 14

Technical

Question 15

3D’s, 2C’s, PR

Answer 15

Deterrent
Directive
Detective
Compensating
Corrective
Preventive
Recovery

Question 16

STRIDE is used for

Answer 16

Threats

Question 17

The maximum allowed ping packet size is ______bytes… PING OF DEATH must be at least ..

Answer 17

65,536

Ping of death must be 65,537

Question 18

Name a few SQL aggregate functions

Answer 18

SUM, COUNT, MIN

Question 19

What is essential to determine weakness or effectiveness of CONTROLS

Answer 19

Monitoring and Measuring

Question 20

Documentation: Required implementation or use of tools

Answer 20

STANDARD

Question 21

The maximum tolerable downtime (MTD) is equivalent to the …

Answer 21

recovery time objective (RTO)

Question 22

DREAD is used to determine ________ of _______

Answer 22

Impact of threat

Question 23

High Level overarching statement of management intentions. Purpose, scope and expectations

Answer 23

POLICY

Question 24

ARP happens at Layer ___

Answer 24

3, Network Layer

Question 25

Offshoot of impersonation. Uses eavesdropping. This replays captured traffic.

Answer 25

REPLAY ATTACK

Question 26

BCP Project Management

Answer 26

Initiate BCP Project
Define Scope and Plan
Perform BIA
Test 
Maintain the plan
Implement Plan when DR strikes

Question 27

This virus modifies their own code as they travel from system to system

Answer 27

POLYMORPHIC

Question 28

Documentation: step by step to implement a system or process

Answer 28

PROCEDURES

Question 29

_________ access control type limits physical access

Answer 29

Physical

Question 30

Firewall that operates at Layer 3, examines data from message header.

Answer 30

Static Packet Filtering Firewall

Question 31

DREAD - D’s stand for

Answer 31

Damage and Discoverability

Question 32

Bimometric One to One

Answer 32

AUTHENTICATION

Question 33

Residual Risk

Answer 33

Risk that remains after controls are in place

Question 34

A RISK is..

Answer 34

A likelihood of a threat occurring as well potential to damage of assets.

Question 35

Attack that targets 2 ROUND ENCRYPTION SUCH AS DOUBLE DES.

Answer 35

Meet in the Middle

Question 36

Which layer do these occur in? PPTP, L2F, and L2TP

Answer 36

Layer 2

Question 37

STRIDE - E stands for

Answer 37

Elevation of Priv

Question 38

STRIDE - T stands for

Answer 38

Tampering with Data

Question 39

Access Control that permits an OWNER or CREATOR of an object to control and define accessibility

Answer 39

DISCRETIONARY Access Control

Question 40

ARO Annual Rate of Occurrence Formula

Answer 40

ARO = event number/year. If flood occurs 1 every 10yrs, 10%

Question 41

This methodology uses multiple iterations of the waterfall model, it is also considered a meta-mode..

Answer 41

Spiral model

Question 42

Goal that is 3-5 years. Establish Security Policies and Ensure ALL users understand responsibilities

Answer 42

STRATEGIC

Question 43

What Privacy Law protects employees without notifying them?

Answer 43

ECPA

Question 44

DREAD - E stands for

Answer 44

Exploitability

Question 45

Dynamic testing technique that provides many different types of input to software to stress test.

Answer 45

FUZZ TESTING

Question 46

Flight Time is

Answer 46

time between key presses.

Question 47

Keyword for DETECTIVE ACCESS CONTROL. Examples?

Answer 47

Detect or DISCOVER. CCTV, Security Cameras, Audit Trail,

Question 48

Formula for SLE and ALE

Answer 48

SLE = AFV x EF
ALE = SLE x ARO

Question 49

Frame Relay is ____ switching

Answer 49

PACKET SWITCHING

Question 50

In a ______ security mode system, there is no requirement that all users have appropriate clearances

Answer 50

MULTIMODE

Question 51

Goal that is 6-18 months. Example: Implement DR or CRM

Answer 51

TACTICAL

Question 52

A condition that leaves the system and assets open to harm

Answer 52

Vulnerability

Question 53

Examples of DUE CARE

Answer 53

TRAINING, PRUDENT PERSON rule

Question 54

How to prevent a REPLAY ATTACK

Answer 54

One-Time authentication and Sequencing Session Identification

Question 55

The Challenge Response Protocol is a _______ _______

Answer 55

AUTHENTICATION PROTOCOL

Question 56

Risk Management Frameworks

Answer 56

ISACA Risk IT
ISO 31000
COSO Enterprise Risk Management Framework
NIST Risk Management Framework

Question 57

__________access controls DISCOURAGES you from violating a security violation

Answer 57

Deterrent

Question 58

ALE Annual Loss Expectancy formula

Answer 58

ALE =SLE x ARO

Question 59

ISAKMP: Internet Security Association and Key Management Protocol (ISAKMP) provides background security support services for ____

Answer 59

IPSec

Question 60

This ACCESS CONTROL enforces SYSTEM WIDE restrictions

Answer 60

NONDISCRECTIONARY

Question 61

What Privacy Law protects individuals of Financial Institutions?

Answer 61

GLBA

Question 62

3DES effective key length ____ bit

Answer 62

168

Question 63

_______ is almost always the right answer on the exam

Answer 63

POLICY

Question 64

I R D MO - CMM. Which stage uses “FORMAL DOCUMENTED SW Development Processes”?

Answer 64

DEFINED D= DOCUMENT

Question 65

The primary purpose of change management is to _________ ______ ______ _______.
However, it is true that the overall goal of change management is to ____ _____ ______ _____..

Answer 65

PURPOSE: allow management to review all changes
GOAL: prevent unwanted reductions to security

Question 66

Examples of Resolution Attacks

Answer 66

DNS Poisoning and DNS Spoofing

Question 67

3 Policy Types

Answer 67

ADVISORY
INFORMATIVE
REGULATORY

Question 68

_______ removes virus but does NOT REPAIR

Answer 68

REMOVE

Question 69

Frame Relay operates at Layer __

Answer 69

2

Question 70

Information Flow Models are designed to

Answer 70

Prevent unauthorized, insecure or restricted information flow often between security levels

Question 71

In a ______ attack an attacker fragments traffic in a w ay that data packets cannot be put together

Answer 71

TEARDROP

Question 72

_________ access control type covers personnel security, risk management, training

Answer 72

Administrative

Question 73

_________ access control type in the form of SW or HW

Answer 73

Logical Technical

Question 74

An electronic access control (EAC) lock comprises three elements:

Answer 74

1) an electromagnet to keep the door closed,
2) a credential reader to authenticate subjects and to disable the electromagnet, and
3) a door-closed sensor to reenable the electromagnet.

Question 75

___________ access control to STOPS or THWARTS you from doing it

Answer 75

PREVENTIVE

Question 76

STRIDE was developed by ________ and is used to asses threats against __________ or ________.

Answer 76

Microsoft, Applications or OS’s.

Question 77

an Asset is anything of _____ that could be compromised

Answer 77

Value

Question 78

EF Exposure Factor.

Answer 78

% of value loss

Question 79

What Privacy Law protects students?

Answer 79

FERPA

Question 80

Biometric One to Many

Answer 80

IDENTIFICATION

Question 81

BCP focuses on the _______ processes

Answer 81

Business

Question 82

What is used to avoid, mitigate or counteract a security risk?

Answer 82

Controls

Question 83

STRIDE -

Answer 83

Spoofing
Tampering Data
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege

Question 84

_______ removes virus and repairs damage

Answer 84

CLEAN

Question 85

5 steps to RISK ANALYSIS PROCESS

Answer 85

1) Asset Identification - What are assets and what are they worth?
2) Vulnerability Assessment - Where are we lacking?
3) Threat Assessment -What threats will exploit the vulnerability?
4) Risk Assessment- Quantitative and Qualitative.
5) Financial Impact Evaluation

Question 86

ATM use fixed length cells and has the following benefits

Answer 86

HIGH THROUGPUT, EFFICIENT

Question 87

This ROLE backs up data and implements access control based on data owners specifications

Answer 87

DATA CUSTODIAN

Question 88

2 Peer Auditing techniques

Answer 88

Mandatory Vacations

Job Rotation

Question 89

Risk Responses (4). Example for driving a car Risk.

• Stay home
• Seat Belt, Airbag
• Get insurance
• Decide to start driving

Answer 89

Avoidance - Stay home
Mitigation - Seat Belt
Transfer - Insurance
Acceptance - Decide to start driving

Question 90

STRIDE - D stands for

Answer 90

Denial of Service

Question 91

Examples of DUE DILIGENCE

Answer 91

BACKGROUND CHECK, TEST BACKUPS, RISK ASSESSMENTS

Question 92

RISK FORMULA ______ X ______ X

Answer 92

THREATS x VULNERABILITIES or

LIKELINESS x IMPACT

Question 93

ATM is fragmented communication using ____ byte cells.

Answer 93

53 byte

Question 94

This ROLE will CLASSIFY THE DATA, DETERMINE LEVEL OF ACCESS

Answer 94

DATA OWNER

Question 95

ISC 2 Code of Ethics

Answer 95

PROTECT Society and Common Good, Public Trust.

ACT Honorably

PROVIDE dlligence to service.

IMPROVE and protect profession

Question 96

Cost / Benefit Formula

Answer 96

(ALE1 - ALE2) - CM

Question 97

Practicing activities in DUE CARE is..

Answer 97

DUE DILLGENCE

Question 98

STRIDE - S Stands for

Answer 98

Spoofing of user identity

Question 99

DREAD rate threat impact, goes beyond HIGH/MEDIUM LOW

Answer 99

Damage
Reproducibility
Exploitability
Affected Users
Discoverability

Question 100

Which ROLE protects information on the daily basis?

Answer 100

END USERS

Question 101

Documentation: ________ are recommendations and suggestions and are NOT required.

Answer 101

GUIDELINES