Chapter 13 Flashcards
The second step in a vulnerability assessment is to determine the assets that need to be protected.
(T/F)
False
Which item below is the standard security checklist against which systems are evaluated for a security posture?
a) control
b) baseline
c) profile
d) threat
b) baseline
What security goal do the following common controls address: hashing, digital signatures, certificates, nonrepudiation tools?
a) safey
b) availability
c) confidentiality
d) integrity
d) integrity
What is the name of the process that basically takes a snapshot of the current security of an organization?
a) risk assessment
b) threat analysis
c) threat assessment
d) vulnerability appraisal
d) vulnerability appraisal
If a user uses the operating system’s “delete” command to erase data, what type of data removal procedure was used?
a) degaussing
b) purging
c) data sanitation
d) wiping
b) purging
Which of the following is used to replicate attacks during a vulnerability assessment by providing a structure of exploits and monitoring tools?
a) replication image
b) penetration framework
c) assessment image
d) exploitation framework
d) exploitation framework
List at least four things that a vulnerability scanner can do.
four things:
1) alernt when new systems are added to the network
2) detect when an application is compromised or subverted
3) detect when an internal system begins to port scan other systems
4) maintain log of all interactive network sessions
A risk management assessment is a systematic and methodical evaluation of the security posture of the enterprise.
(T/F)
False
An administrator needs to view packets and decode and analyze their contents. What type of application should the adminstrator use?
a) protocol analyzer
b) threat profiler
c) application analyzer
d) system analyzer
a) protocol analyzer
A port in what state below implies that an applicatio or service assigned to that port is listening for any instructions?
a) open port
b) close port
c) interruptible system
d) empty port
a) open port
At what point in a vulnerability assessment would an attack tree be utilized?
a. Vulnerability appraisal
b. Risk assessment
c. Risk mitigation
d. Threat evaluation
d. Threat evaluation
Which of the following is NOT true about privacy?
a. Today, individuals can achieve any level of privacy that is desired.
b. Privacy is difficult due to the volume of data silently accumulated by technology.
c. Privacy is freedom from attention, observation, or interference based on your decision.
d. Privacy is the right to be left alone to the degree that you choose.
a. Today, individuals can achieve any level of privacy that is desired.
Which of the following is NOT a risk associated with the use of private data?
a. Individual inconveniences and identity theft
b. Associations with groups
c. Statistical inferences
d. Devices being infected with malware
d. Devices being infected with malware
Which of the following is NOT an issue raised regarding how private data is gathered and used?
a. The data is gathered and kept in secret.
b. By law, all encrypted data must contain a “backdoor” entry point.
c. Informed consent is usually missing or is misunderstood.
d. The accuracy of the data cannot be verified.
b. By law, all encrypted data must contain a “backdoor” entry point.
Which of the following is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm?
a. Vulnerability assessment
b. Penetration test
c. Vulnerability scan
d. Risk appraisal
a. Vulnerability assessment