Chapter 11 - Controls For Information Security Flashcards

1
Q

What is the time-based model of information security?

A

P > D + R, where P = the time it takes an attacker to break through the various controls that protect the organization’s information assets, D = the time it takes for the organization to detect that an attack is in progress, and R = the time it takes to respond to and stop the attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is defense-in-depth?

A

Employing multiple layers of control to avoid a single point-of-failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is multifactor authentication?

A

The use of two or more types of authentication credentials in conjunction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is multimodal authentication?

A

The use of multiple authentication credentials of the same type.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the access control matrix?

A

A table used to implement authorization controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a compatibility test?

A

Matching the user’s authentication credentials against the access control matrix to determine whether that employee should be allowed to access that resource and perform the requested action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a border router?

A

A device that connects an organization’s information system to the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a firewall?

A

A special-purpose hardware device or software running on a general-purpose computer that controls both inbound and outbound communication between the system behind the firewall and other networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the demilitarized zone?

A

A separate network located outside the organization’s internal information system that permits controlled access from the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a router?

A

A special purpose device designed to read the source and destination address fields in IP packet headers to decide where to send the packet next.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are action control lists?

A

Sets of if-then rules used to determine what to do with arriving packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is packet filtering?

A

A process that uses various fields in a packet’s IP and TCP headers to decide what to do with the packet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is deep packet inspection?

A

A process that examines the data in the body of a TCP packet to control traffic, rather than looking only at the information in the IP and TCP headers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are intrusion prevention systems?

A

Software or hardware that monitors patterns in the traffic flow to identify and automatically block attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are endpoints?

A

Collective term for the workstations, servers, printers, and other devices that comprise and organization’s network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are vulnerability scanners?

A

Automated tools designed to identify whether a given system possesses any unused and unnecessary programs that represent potential security threats.

17
Q

What is an exploit?

A

A program designed to take advantage of a known vulnerability.

18
Q

What is patch management?

A

The process of regularly applying patches and updates to software.

19
Q

What is hardening?

A

The process of modifying the default configuration of endpoints to eliminate unnecessary settings and services.

20
Q

What is log analysis?

A

The process of examining logs to identify evidence of possible attacks.

21
Q

What are intrusion detection systems (IDSs)?

A

Systems that create logs of all network traffic that was permitted to pass the firewall and then analyze those logs for signs of attempted or successful intrusions.

22
Q

What is a honeypot?

A

A decoy system used to provide early warning that an insider is attempting to search for confidential information.

23
Q

What is a computer incident response team (CIRT)?

A

A team responsible for dealing with major security incidents.

24
Q

What are the four steps the CIRT is responsible for?

A

Recognition, containment, recovery, and follow-up.

25
Q

What is a penetration test?

A

An authorized attempt to break into the organization’s information system.