Ch8: Using Risk Management Tools Flashcards

1
Q

Threat

A

a potential danger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Threat assessment

A

evaluates potential threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Environmental threats

A

include natural threats such as weather events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Manmade threats

A

any potential dangers from people and can be either malicious or accidental

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Internal threats

A

typically refers to employees within an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

External threats

A

any source outside an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Handling risk…

A

It is not possible to eliminate risk, but you can take steps to manage it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An organization can avoid risk by

A

not providing a service or not participating in a risky activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Insurance

A

transfers the risk to another entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You can mitigate risk by

A

implementing controls. But when the cost of implementing the controls exceeds the cost of the risk, an organization accepts the remaining (residual) risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Quantitative risk assessment

A

uses specific monetary amounts to identify cost and asset values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SLE

A

Single loss expectancy identifies the amount of each loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

ARO

A

Annual rate of occurence identifies the number of failures in a year

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

ALE

A

Annual loss expectancy identifies the expected annual loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ALE equation

A

ALE = SLE x ARO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Qualitative risk assessment

A

uses judgment to categorize risks based on likelihood of occurrence and impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Risk register

A

a comprehensize document listing known information about risks. Typically includes risk scores along with recommended security controls to reduce the risk scores

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Supply chain assessment

A

evaluates everything needed to produce and sell a product. It includes all the raw materials and processes required to create and distribute a finished product

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Password crackers

A

attempt to discover passwords and can identify weak passwords or poorly protected passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Network scanners

A

can detect all the hosts on a network, including the OS and services or protocols running on each host

21
Q

Wireless scanners

A

can detect rogue access points on a network and sometimes crack passwords used by access points

22
Q

Netcat

A

can be used for banner grabbing on remote systems or to remotely administer systems

23
Q

Vulnerability scanner

A

can identify vulnerabilities, misconfigured systems, and the lack of security controls such as up-to-date patches.

24
Q

Vulnerability scans vs penetration tests

A

Vulnerability scans are passive and have little impact on a system during a test. Penetration tests are intrusive and can potentially compromise a system

25
Q

False positive from a vulnerability scan

A

indicates the scan detected a vulnerability, but the vulnerability doesn’t exist

26
Q

Credentialed scans

A

run under the context of a valid account and are typically more accurate than non-credentialed scans

27
Q

Penetration test

A

is an active test that can assess deployed security controls and determine the impact of a threat. It starts with a vulnerability scan and then tries to exploit vulnerabilities by actually attacking or simulating an attack

28
Q

Pen tests usually include

A

both passive and active reconnaissance

29
Q

Passive reconnaissance

A

uses open-source intelligence such as social media and an organization’s web site

30
Q

Active reconnaissance

A

uses tools such as network scanners to gain information on the target

31
Q

After exploiting a system, pen testers..

A

use privilege escalation techniques to gain more access to target systems

32
Q

Pivoting

A

the process of using an exploited system to target other systems

33
Q

Black box testers

A

have zero prior knowledge of the system prior to a penetration test. Often use fuzzing

34
Q

White box testers

A

have full knowledge of a system

35
Q

Gray box testers

A

have some knowledge of a system

36
Q

Admins use a protocol analyzer to

A

capture, display, and analyze packets sent over a network

37
Q

Protocol analyzers are useful to

A

troubleshoot communications problems between systems and detect attacks that manipulate or fragment packets

38
Q

A network capture shows information including

A

type of traffic (protocol), flags, source and destination IP addresses, source and destination MACs

39
Q

To capture all traffic, configure..

A

the NIC to use promiscuous mode

40
Q

Tcpdump

A

a command-line protocol analyzer. It can create packet captures that can then be viewed in wireshark

41
Q

Nmap

A

a sophisticated network scanner that runs from the command line

42
Q

Logs record…

A

what happened, when it happened, where it happened, and who did it

43
Q

By monitoring logs, admins can detect…

A

event anomalies

44
Q

By reviewing logs, security personnel can create…

A

an audit trail

45
Q

SIEM system

A

A security information and event management system provides a centralized solution for collecting, analyzing, and managing data from multiple sources. Typically includes aggregation and correlation to collect and organize log data from multiple sources. Provides continuous monitoring with automated alerts and triggers

46
Q

Usage auditing

A

records user activity in logs

47
Q

Usage auditing review

A

looks at the logs to see what users are doing and can be used to re-create an audit trail

48
Q

Permission auditing reviews

A

help ensure that users have only the access they need and no more, and can detect privilege creep issues