Chapter 11 - Controls For Information Security

Question 1

What is the time-based model of information security?

Answer 1

P > D + R, where P = the time it takes an attacker to break through the various controls that protect the organization’s information assets, D = the time it takes for the organization to detect that an attack is in progress, and R = the time it takes to respond to and stop the attack.

Question 2

What is defense-in-depth?

Answer 2

Employing multiple layers of control to avoid a single point-of-failure.

Question 3

What is multifactor authentication?

Answer 3

The use of two or more types of authentication credentials in conjunction.

Question 4

What is multimodal authentication?

Answer 4

The use of multiple authentication credentials of the same type.

Question 5

What is the access control matrix?

Answer 5

A table used to implement authorization controls.

Question 6

What is a compatibility test?

Answer 6

Matching the user’s authentication credentials against the access control matrix to determine whether that employee should be allowed to access that resource and perform the requested action.

Question 7

What is a border router?

Answer 7

A device that connects an organization’s information system to the Internet.

Question 8

What is a firewall?

Answer 8

A special-purpose hardware device or software running on a general-purpose computer that controls both inbound and outbound communication between the system behind the firewall and other networks.

Question 9

What is the demilitarized zone?

Answer 9

A separate network located outside the organization’s internal information system that permits controlled access from the internet.

Question 10

What is a router?

Answer 10

A special purpose device designed to read the source and destination address fields in IP packet headers to decide where to send the packet next.

Question 11

What are action control lists?

Answer 11

Sets of if-then rules used to determine what to do with arriving packets.

Question 12

What is packet filtering?

Answer 12

A process that uses various fields in a packet’s IP and TCP headers to decide what to do with the packet.

Question 13

What is deep packet inspection?

Answer 13

A process that examines the data in the body of a TCP packet to control traffic, rather than looking only at the information in the IP and TCP headers.

Question 14

What are intrusion prevention systems?

Answer 14

Software or hardware that monitors patterns in the traffic flow to identify and automatically block attacks.

Question 15

What are endpoints?

Answer 15

Collective term for the workstations, servers, printers, and other devices that comprise and organization’s network.

Question 16

What are vulnerability scanners?

Answer 16

Automated tools designed to identify whether a given system possesses any unused and unnecessary programs that represent potential security threats.

Question 17

What is an exploit?

Answer 17

A program designed to take advantage of a known vulnerability.

Question 18

What is patch management?

Answer 18

The process of regularly applying patches and updates to software.

Question 19

What is hardening?

Answer 19

The process of modifying the default configuration of endpoints to eliminate unnecessary settings and services.

Question 20

What is log analysis?

Answer 20

The process of examining logs to identify evidence of possible attacks.

Question 21

What are intrusion detection systems (IDSs)?

Answer 21

Systems that create logs of all network traffic that was permitted to pass the firewall and then analyze those logs for signs of attempted or successful intrusions.

Question 22

What is a honeypot?

Answer 22

A decoy system used to provide early warning that an insider is attempting to search for confidential information.

Question 23

What is a computer incident response team (CIRT)?

Answer 23

A team responsible for dealing with major security incidents.

Question 24

What are the four steps the CIRT is responsible for?

Answer 24

Recognition, containment, recovery, and follow-up.

Question 25

What is a penetration test?

Answer 25

An authorized attempt to break into the organization’s information system.