Domain 5

Question 1

First step to IT security

Answer 1

Baseline security plan

Question 2

4 types of power failure

Answer 2

1) blackout
2) brownout
3) sags, spikes, surges
4) EMI (electromagnetic interference)

Question 3

Fire suppression systems not safe for human life

Answer 3

-Halon systems
-Carbon dioxide

Can use:

-argonite
-FM-200 (preferred)

Question 4

Mandatory access controls (MACs)

Answer 4

Logical access control filters used to validate access credentials that can’t be controlled/modified by normal users or data owners

Question 5

Discretionary access controls (DACs)

Answer 5

Controls that may be configured or modified but the users or data owners

*DACs should be aligned with MACs to be effective

Question 6

Kerberos

Answer 6

An authentication service that validates services and users in a DCE (distributed computing environment)

Question 7

Denial of service (DoS)

Answer 7

Remote users may not be able to access data/apps vital to carry out day to day business

Question 8

1st step in implementing logical access controls

Answer 8

Prepare an inventory of IS resources

Question 9

Most effective control against identity theft

Answer 9

Two-factor authentication

Question 10

Authentication (3)

Answer 10

-something you know (password)
-something you have (token card)
-something you are/do (biometric)

Question 11

4 steps to implement logical access controls

Answer 11

1) inventory of IS resources
2) classify IS resources
3) perform grouping/labeling of IS resources
4) create access control list

Question 12

Default deny access

Answer 12

Allows approved traffic and rejects all other traffic

Question 13

Default allow access

Answer 13

Denies specific traffic and allows all other traffic

Question 14

False rejection rate
(FRR or type-1error rate)

Answer 14

of times an individual w/ authority to use the system is falsely rejected by the system

Question 15

Failure to enroll rate (FER)

Answer 15

Proportion of openly who fail to be enrolled successfully

Question 16

False acceptance rate
(FAR or type-2 error rate)

Answer 16

of times an individual NOT granted authority to use the system is falsely accepted by the system

• best performance indicator

Question 17

Cross error/equal error rate
(CER/EER)

Answer 17

Rate at which FAR and FRR are equal
-lowest is the most effective
-overall

Question 18

Biometric attacks

Answer 18

Replay
Brute force
Cryptographic
Mimic

Question 19

Replay (biometric attack)

Answer 19

Residual biometric characteristic is used by attacker to gain access (ex fingerprint left on device)

Question 20

Brute force (biometric attack)

Answer 20

Sending numerous different biometric samples to a biometric device

Question 21

Cryptographic (biometric attack)

Answer 21

Targets algorithm or encrypted data transmitted between biometric device and access control system

Question 22

Mimic (biometric attack)

Answer 22

Attacker attempts to fake the biometric characteristics similar to those of the enrolled user

Question 23

What has the highest reliability and lowest FAR

Answer 23

Retina/iris scan

Question 24

Biometric life cycle

Answer 24

1) enrollment
2) transmission & storage
3) verification
4) identification/termination

Question 25

Dedicated circuit

Answer 25

Symmetric telecommunication line connecting 2 locations

Question 26

Switched circuit

Answer 26

Does not permanently connect 2 locations, be set up on demand: Circuit switching (telephone network) Packet switching (lower cost)

Question 27

7 layers to OSI architecture

Answer 27

1. Physical (Please) 2. Data link layer (Do) 3. Network layer (Not) 4. Transport layer (Teach) 5. Session layer (Stupid) 6. Presentation layer (People) 7. Application layer (Anything)

Question 28

1. Physical layer

Answer 28

Relates to electrical signal or hardware devices

Question 29

2. Data link layer

Answer 29

Relates to MAC address or bit conversion

Question 30

3. Network layer

Answer 30

Relates to routing or IP address

Question 31

4. Transport layer

Answer 31

Related to -reliable delivery -connection oriented -delivery in proper order -congestion control

Question 32

5. Session layer

Answer 32

Relates to managing connection

Question 33

6. Presentation layer

Answer 33

Converts data into presentable format

Question 34

7. Application layer

Answer 34

Relates to end users

Question 35

LAN components

Answer 35

1. Hub & repeater (dumb device) 2. Switch & bridge (more capable) 3. Router (most capable - layer 3)

Question 36

Layer-2-switches

Answer 36

Devices that can divide and interconnect network segments & help to reduce collision in domains in Ethernet based networks

Question 37

Fiber optics

Answer 37

Most secure mode of data transmission

Question 38

Shielded twisted pair (STP)=

Answer 38

Less crosstalk

Question 39

Unshielded twisted pair (UTP)=

Answer 39

More crosstalk Higher attenuation

Question 40

Attenuation

Answer 40

Wired or wireless - the weakening of signals during transmission (Impacted by length of wire)

Question 41

Crosstalk

Answer 41

Electromagnet interference from one UTP to another twisted pair, normally running in parallel (only wired)

Question 42

EMI (electromagnetic interference)

Answer 42

Disturbance generated by an external source that affects an electrical circuit

Question 43

DHCP (dynamic host configuration protocol)

Answer 43

Protocol to manage network configuration by assigning an IP address & other parameters to every device on a network so they can communicate with other IP networks RISK- access to network port is not restricted

Question 44

Secure shell (SSH)

Answer 44

protocol that uses cryptography to secure encrypted communication, remote login/execution between 2 networked computers or data in transmission -cannot encrypt data at rest (like on USB drives)

Question 45

Latency

Answer 45

The delay that a message or packet will experience on its way from source to destination

Question 46

Middleware

Answer 46

Software employed by Client server applications

Question 47

Firewalls (3)

Answer 47

1. Packet filtering router 2. Stateful inspection 3. a.application level b.circuit level

Question 48

Bastion host

Answer 48

Only host computer that a company allows to be addressed directly from the public network and is designed to protect the rest of its network from exposure -heavily forfeited against attack

Question 49

Proxy server

Answer 49

Stands between internal and external network & will not allow direct communication between 2 networks (Circuit or application level firewall)

Question 50

Packet filtering - firewall

Answer 50

-simplest -network layer (3) -examines header or every packet of data traveling between internet and corporate network

Question 51

Stateful inspection - firewall

Answer 51

-keeps track of destination of each packet that leaves internal network & ensures incoming message matches IP address -complex -network layer

Question 52

A.Application/B.circuit layer- firewall

Answer 52

A. Application layer (7)/most secured -works on concept of bastion host & proxy servers separate for each application B. Session layer (5); works on bastion host and proxy server too but same proxy for all services

Question 53

Firewall implementations (3)

Answer 53

Dual homed Screened host DMZ / screened subset

Question 54

Screened host

Answer 54

-Uses packet filtering router firewall and bastion host -implements basic network layer security and application server security

Question 55

Dual homed

Answer 55

-uses packet filtering router firewall and bastion host but with 2 NIC (network interface cards) -more restrictive -acts to block or filter some or all traffic trying to pass between networks

Question 56

DMZ (demilitarized)/Screened subset

Answer 56

-Most secure -uses 2 packet filtering routers and 1 bastion host -limits supervised available to use -supports network&application level security while defining a separate DMZ network

Question 57

Shadow IT

Answer 57

IT app, took, service, or system used for various purposes but is NOT reviewed/tested/approved

Question 58

Symmetric encryption

Answer 58

-Single key is used to encrypt/decrypt -faster -inexpensive

Question 59

Asymmetric encryption

Answer 59

-2 keys: private & public -slower -expensive -more security tho for sharing

Question 60

Asymmetric encryption - ensure confidentiality

Answer 60

Encrypt using receivers Public key Decrypt using receivers private key

Question 61

Asymmetric encryption - ensure authenticity & integrity

Answer 61

Create a hash of the message and encrypt using senders private key

Question 62

Defense-in-depth

Answer 62

Security arrangement includes the use of multiple security mechanisms that support & complement each other -centralized firewalls + logical access controls

Question 63

Secure socket layer (SSL)

Answer 63

Uses cryptographic functions to protect the confidentiality, reliability, and integrity of private data traveling through the internet

Question 64

SBC

Answer 64

Session border controllers - deployed to protect VoIP networks & DoS/DDoS attacks -prevents fraud -encrypts signals -provides quality of service

Question 65

DDoS

Answer 65

Distributed denial of service - attack aims to bring down VoIP infrastructure by flooding with heavy traffic from multiple sources

Question 66

PBX (private branch exchange)

Answer 66

Computer based switch/basically an in house phone company for org -protection of PBX is high priority

Question 67

Segregation of VoIP infrastructure using VLAN ensures

Answer 67

Security and reliability

Question 68

Address resolution protocol (ARP)

Answer 68

Communication protocol used to map IP and MAC addresses -data traffic in VoIP can be eavesdropped by corrupting ARP

Question 69

Digital signature ensures

Answer 69

(Email) authenticity

Question 70

War driving

Answer 70

Used by hackers in wireless networks -most relevant technique to test the security of an orgs WiFi

Question 71

Botnets

Answer 71

Zombie computers/used to run malicious software for DDoS attacks

Question 72

Buffer overflow

Answer 72

Common software coding mistake; more data in a buffer than can handle and overflows to adjacent storage

Question 73

Data diddling

Answer 73

No preventative controls Data is altered as it entered a computer system

Question 74

Man in the middle attack

Answer 74

Attacker interferes while 2 devices are establishing a connection -avoids 2 factor authentication

Question 75

Spoofing

Answer 75

Appearing to originate from an internal source

Question 76

IDS (intrusion detection systems) components

Answer 76

Sensor - collects data Analyzer User interface Admin console

Question 77

Where should the IDS be located in a network

Answer 77

Between the firewall and the orgs internal network

Question 78

Statistical based IDS generates the most

Answer 78

False positives

Question 79

Neural network IDS

Answer 79

Creates database & is most effective in detecting fraud

Question 80

Honeypot

Answer 80

Software application, that pretends to be a vulnerable server on the Internet, and is not set up to actively protect against break-ins, so it acts as a decoy system that lures hackers 

Question 81

IDS limitations

Answer 81

1. Will not be able to detect application level vulnerabilities. 2. Back doors into applications 3. IDS will not be able to detect encrypted traffic

Question 82

Programmers should not have access to the

Answer 82

Production database

Question 83

Hash values ensure data has

Answer 83

Not been changed during transmission

Question 84

Data mining

Answer 84

Technique used to detect trends or patterns of transactions or data

Question 85

Storage devices (usb) can be a vehicle for

Answer 85

Infecting other computers with malware

Question 86

Advanced encryption standard (AES) provides

Answer 86

Strongest encryption and greatest assurance that data is protected

Question 87

Steganography

Answer 87

-Technique for concealing the existence of messages or information -digital water marking -hides date within data

Question 88

Digital signatures provide

Answer 88

Integrity

Question 89

Message digest

Answer 89

Calculated & included in a digital signature to prove the message hasn’t been altered

Question 90

Encapsulation or tunneling

Answer 90

Technique used to encrypt the traffic payload so that it can be securely transmitted over an insecure network

Question 91

For confidentiality and authenticity; sign a message using

Answer 91

The senders private key & Encrypt using receivers public key

Question 92

Digital signatures - encrypt & decrypt

Answer 92

Encrypt with receivers public key and decrypt with senders private key

Question 93

USB

Answer 93

Universal Serial Bus

Question 94

Which of the following is the most reliable method to ensure identity of sender for messages transferred across Internet ? 

Answer 94

Digital certificates (not digital signatures - identity is confirmed by DC)