Chapter 2 Flashcards

1
Q
  1. List three elements to identify when evaluating access control attacks.
A

Assets, threats, and vulnerabilities should be identified through asset valuation, threat modeling, and vulnerability analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Name at least three types of attacks used to discover passwords.
A

Brute-force attacks, dictionary attacks, sniffer attacks, rainbow table attacks, and social engineering attacks are all methods used to discover passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Describe the relationship between auditing and audit trails.
A

Auditing is a methodical examination or review of an environment and encompasses a wide variety of different activities to ensure compliance with regulations and to detect abnormalities, unauthorized occurrences, or outright crimes.

Audit trails provide the data that supports such examination or review and essentially are what make auditing and subsequent detection of attacks and misbehavior possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. What should an organization do to verify that accounts are managed properly?
A

Organizations should regularly perform access reviews and audits. These can detect when an organization is not following its own policies and procedures related to account management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
1. When an organization is attempting to identify risks, what should they identify first?
A. Assets
B. Threats
C. Vulnerabilities
D. Public attacks
A

A. An organization must first identify the value of assets when identifying risks so that they can focus on risks to their most valuable assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
2. What would an organization do to identify weaknesses?
A. Asset valuation
B. Threat modeling
C. Vulnerability analysis
D. Access review
A

C. A vulnerability analysis identifies weaknesses and can include periodic vulnerability scans and penetration tests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Which of the following is not a valid measure to take to improve protection against brute-force and dictionary attacks?
    A. Enforce strong passwords through a security policy.
    B. Maintain strict control over physical access.
    C. Require all users to log in remotely.
    D. Use two-factor authentication.
A

C. Requiring users to log in remotely does not protect against password attacks such as brute-force or dictionary attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
4. What type of attack can detect passwords sent across a network in cleartext?
A. Spoofing attack
B. Spamming attack
C. Sniffing attack
D. Side-channel attack
A

C. A sniffing attack uses a sniffer (also called a packet analyzer or protocol analyzer) to capture data and can be used to read passwords sent across a network in cleartext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
5. Which of the following can help mitigate the success of an online brute-force attack?
A. Rainbow table
B. Account lockout
C. Salting passwords
D. Encryption of password
A

B. An account lockout policy will prevent someone from logging into an account after they have entered an incorrect password too many times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
6. What is an attack that attempts to detect flaws in smart cards?
A. Whaling
B. Side-channel attack
C. Brute-force
D. Rainbow table attack
A

B. A side-channel attack is a passive, noninvasive attack to observe the operation of a device. Methods include power monitoring, timing, and fault analysis attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
7. What type of attack uses email and attempts to trick high-level executives?
A. Phishing
B. Spear phishing
C. Whaling
D. Vishing
A

C. Whaling is a form of phishing that targets high-level executives. Spear phishing targets a specific group of people but not necessarily high-level executives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
8. What provides data for recreating the history of an event, intrusion, or system failure?
A. Security policies
B. Log files
C. Audit reports
D. Business continuity planning
A

B. Log files provide an audit trail for recreating the history of an event, intrusion, or system failure. An audit trail includes log files and can reconstruct an event, extract information about an incident, and prove or disprove culpability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
9. What can be used to reduce the amount of logged or audited data using nonstatistical methods?
A. Clipping levels
B. Sampling
C. Log analysis
D. Alarm triggers
A

A. Clipping is a form of nonstatistical sampling that reduces the amount of logged data based on a clipping-level threshold.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
10. Which of the following focuses more on the patterns and trends of data than on the actual content?
A. Keystroke monitoring
B. Traffic analysis
C. Event logging
D. Security auditing
A

B. Traffic analysis focuses more on the patterns and trends of data rather than the actual content. Keystroke monitoring records specific keystrokes to capture data. Event logging logs specific events to record data. Security auditing records security events and/or reviews logs to detect security incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
11. What is used to keep subjects accountable for their actions while they are authenticated to a system?
A. Authentication
B. Monitoring
C. Account lockout
D. User entitlement reviews
A

B. Accountability is maintained by monitoring the activities of subjects and objects as well as core system functions that maintain the operating environment and the security mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
12. Audit trails are considered to be what type of security control?
A. Administrative
B. Passive detective
C. Corrective
D. Physical
A

B. Audit trails are a passive form of detective security control.

17
Q
13. The absence of which of the following can result in the perception that due care is not being maintained?
A. Periodic security audits
B. Deployment of all available controls
C. Performance reviews
D. Audit reports for shareholders
A

A. Failing to perform periodic security audits can result in the perception that due care is not being maintained. Such audits alert personnel that senior management is practicing due diligence in maintaining system security.

18
Q
14. Which of the following options is a methodical examination or review of an environment to ensure compliance with regulations and to detect abnormalities, unauthorized occurrences, or outright crimes?
A. Penetration testing
B. Auditing
C. Risk analysis
D. Entrapment
A

B. Auditing is a methodical examination or review of an environment to ensure compliance with regulations and to detect abnormalities, unauthorized occurrences, or outright crimes.

19
Q
  1. When performing access review audits, which type of account is the most important to audit?
    A. None is more important. They are all equal.
    B. Regular user accounts
    C. Auditor accounts
    D. Privileged accounts
A

D. Privileged accounts (such as administrator accounts) are granted the most access and should be a primary focus in an access review audit

20
Q
16. What would detect when a user has more privileges than necessary?
A. Account management
B. User entitlement audit
C. Logging
D. Reporting
A

B. A user entitlement audit can detect when users have more privileges than necessary.

21
Q
  1. Why should access to audit reports be controlled and restricted?
    A. They contain copies of confidential data stored on the network.
    B. They contain information about the vulnerabilities of the system.
    C. They are useful only to upper management.
    D. They include the details about the configuration of security controls.
A

B. Audit reports should be secured because they contain information about the vulnerabilities of the system and disclosure of such vulnerabilities to the wrong person could lead to security breaches.

22
Q

An organization has recently suffered a series of security breaches that have significantly damaged its reputation. Several successful attacks have stolen customer database files accessible via one of the company’s web servers. Additionally, an employee had access to secret data from previous job assignments. This employee made copies of the data and sold it to competitors. The organization has hired a security consultant to help them reduce their risk from future attacks.
18. What would the consultant use to identify potential attackers?
A. Asset valuation
B. Threat modeling
C. Vulnerability analysis
D. Access review and audit

19. What would need to be completed to ensure that the consultant has the correct focus?
A. Asset valuation
B. Threat modeling
C. Vulnerability analysis
D. Creation of audit trails
20. What could have prevented the employee from stealing and selling the secret data?
A. Asset valuation
B. Threat modeling
C. Vulnerability analysis
D. User entitlement review
A

B. Threat modeling helps identify, understand, and categorize potential threats.

A. Asset valuation identifies the actual value of assets so that they can be prioritized. This will ensure that the consultant focuses on high-value assets.

D. A user entitlement review can detect when employees have excessive privileges.