Information Asset Security and Controls 2.0

Question 1

WHAT type of of firewall would best protect a network from an Internet attack?

Answer 1

A Screened Subnet Firewall

i.e. The subnet would isolate Internet-based traffic from the rest of the corporate network.

Question 2

What does the disabling of a Dynamic Host Configuration Protocol (DHCP) - at all of an entity’s wireless access points do?

Answer 2

It reduces the risk of unauthorized access to the network

i.e. DHCP automatically assigns IP addresses to anyone connecting to the network. With DHCP disabled, static IP addresses must be used.

Question 3

WHAT is the purpose of a mantrap in controlling access to a computer facility?

Answer 3

To prevent piggybacking

Question 4

WHAT is normally the next line of defense after the network firewall has been compromised?

Answer 4

The Intrusion Detection System (IDS)

i.e. This would detect anomalies in the network/server activity and try to detect the perpetrator

Question 5

WHAT environmental control is appropriate to protect computer equipment against short-term reductions in electrical power?

Answer 5

A. Power line conditioners

i.e. This is used to compensate for peaks and valleys in the power supply and reduce peaks in the power flow to what is needed by the machine (SHORT TERM)

Question 6

WHAT intrusion detection system will likely generate false alarms resulting from normal network activity?

Answer 6

The “Statistical-based” system

WHY? - Because an statistical-based intrusion detection system (IDS) relies on a definition of known and expected behavior of systems (AND normal network activity may, at times, include unexpected behavior)

Question 7

WHAT could an IS auditor do to test wireless security at branch office locations?

Answer 7

War Driving

i.e. a technique for locating and gaining access to wireless networks by driving or walking around a building with a wireless-equipped computer

Question 8

HOW are distributed denial-of-service (DDoS) attacks on Internet sites typically evoked by hackers?

Answer 8

By using Botnets (a number of Internet-connected devices)

Note: Botnets can be used to perform distributed denial-of-service (DDoS) attacks, steal data, send spam, and allows an attacker to access a device and its connection

Question 9

WHAT is an effective control to reduce the exposure risk of intercepting data transmitted to and from remote site?

Answer 9

Encryption

i.e. Encryption of data is the most secure method of protecting confidential data from exposure

Question 10

WHAT is a characteristic of User Datagram Protocol (UDP) in network communication?

Answer 10

Packets may arrive out of order

i.e. UDP provides an unreliable service and datagrams may arrive out of order, appear duplicated or get dropped

Question 11

WHAT is the purpose of a receiver recalculating the cryptographic hash sum of a message?

Answer 11

To ensure the integrity of data transmitted by the sender

i.e. If the hash sum is different from what is expected, it implies that the message has been altered

Question 12

True or False.

A digital signature contains a message digest to show if a message has been altered after transmission.

Answer 12

TRUE.

The message digest is calculated and included in a digital signature to prove that the message has not been altered

Question 13

True or False.

Validated digital signatures in an email software application will provide confidentiality.

Answer 13

FALSE.

Validated digital signatures in an email software application will help detect spam.

Validated electronic signatures are based on qualified certificates that are created by a certificate authority, with the technical standards required to ensure the key can neither be forced nor reproduced in a reasonable time.

Question 14

WHAT type of scenario could result in eavesdropping of VoIP traffic?

Answer 14

Corruption of the Address Resolution Protocol cache in Ethernet switches

i.e. If an ARP cache is intentionally corrupted with an ARP poisoning attack, some Ethernet switches simply “flood” the directed traffic to all ports of the switch

Question 15

What would be a major concern in reviewing a newly installed VoIP system in the wiring closets of a building?

Answer 15

The local area network (LAN) switches are not connected to uninterruptible power supply units

i.e. If the LAN switches do not have backup power, the phones will lose power if there is a utility interruption and potentially not be able to make emergency calls

Question 16

WHAT is the (Public/Private) combination when using public key encryption to secure data being transmitted across a network?

Answer 16

The key used to encrypt is public, but the key used to decrypt the data is private

i.e. With “Public key encryption”, also known as asymmetric key cryptography, a public key is used to encrypt the message and a private key to decrypt it

Question 17

WHAT would be a Major concern when evaluating the technical aspects of logical access security?

Answer 17

Unencrypted passwords are used

WHY? - Because it would be assumed that remote access would be over an untrusted network where passwords could be discovered

Question 18

WHAT should be the first action triggered by an IDS?

Answer 18

Create an entry in the log

Question 19

What method/technology supplies the most relevant information for proactively strengthening security settings?

Answer 19

A Honeypot

i.e. A honeypot allows the attack to continue, so as to obtain information about the hacker’s strategy and methods

Question 20

WHAT public key infrastructure (PKI) elements describes procedure for disabling a compromised private key?

Answer 20

Certification Practice Statement

i.e. This is the how-to document used in policy-based public key infrastructure (PKI).