IS3110 CHAP 11

Question 1

A written policy created to ensure that user and computer accounts are managed securely. It identifies details for creating accounts, such as using a first name, last name format. It specifies what to do with unused accounts. It can also include requirements for account lockout and password policies. This written policy is usually enforced with a technical policy.

Answer 1

Account management policy

Question 2

A philosophy applied to routers and firewalls. All traffic is blocked unless it is explicitly allowed.

Answer 2

Implicit deny

Question 3

A technology that allows a load to be shared among multiple servers. As new clients connect, they are directed to the server that has the least load. It is used in Web farms.

Answer 3

Network load balancing

Question 4

A written or technical policy that specifies security requirements for passwords. Requirements include length, age, and complexity.

Answer 4

Password policy

Question 5

A method of increasing capability by adding additional servers to a service. Efficient techniques don’t require the modification of the core application.

Answer 5

Scale out

Question 6

A method of increasing capability by adding additional resources to a server.

Answer 6

Scale up

Question 7

A battery or bank of batteries used to provide immediate power to systems if power fails. This intended to provided short term power. This gives a system enough time to shut down gracefully, or switch over to a long term power source.

Answer 7

Uninterruptible power supply

Question 8

A group of multiple servers used to host a single Web site. This allows a service to easily support more clients by just adding an additional server. If a server fails, clients will not be directed to the server. This provides a measure of fault tolerance.

Answer 8

Web farm

Question 9

1. A(n) ___ countermeasure has been approved and has a date for implementation.

Answer 9

In-place

Question 10

2. A single risk can be mitigated by more than one countermeasure.
   TRUE OR FALSE

Answer 10

TRUE

Question 11

3. The formula for risk is Risk = ___.

Answer 11

Threat X Vulnerability

Question 12

4. What would an account management policy include?
   A. Details on how to create accounts
   B. Details on when accounts should be disable
   C. Password policy
   D. A and B only
   E. All the above

Answer 12

Details on how to create accounts
Details on when accounts should be disable
Password policy

Question 13

5. What could a password policy include?
A. Length of password
B. List of required passwords
C. User profiles
D. All the above

Answer 13

Length of password

Question 14

6. The ___ plan will include details on how and when to implement approved countermeasures.

Answer 14

Mitigation

Question 15

7. You are reviewing a countermeasure to add to the mitigation plan.  What costs should be considered?
A. Initial purchase costs
B. Facility costs
C. Installation costs
D. Training costs
E. All the above

Answer 15

Initial purchase costs
Facility costs
Installation costs
Training costs

Question 16

8. Which of the following are considered facility costs for the implementation of a countermeasure?
A. Installation and air condition
B. Installation and training
C. Power and air conditioning 
D. Power and training

Answer 16

Power and air conditioning

Question 17

9. An account management policy needs to be created as a mitigation countermeasure.  You will write the policy.  What is a reasonable amount of time for this to be completed and approved?
A. 20 minutes
B. One day
C. One month
D. One year

Answer 17

One month

Question 18

10. What can you use to determine the priority of countermeasures?
A. Cost benefit analysis
B. Threat/vulnerability matrix
C. Disaster recovery plan
D. Best guess method

Answer 18

Threat/vulnerability matrix

Question 19

11. A risk assessment was complete three months ago.  It has recently been approved, and you are tasked with implementing a mitigation plan.  What should you do first?
A. Verify risk elements
B. Purchase countermeasures
C. Redo risk assessment
D. Redo the CBA

Answer 19

Verify risk elements

Question 20

12. You are evaluating two possible countermeasures to mitigate the risk.  Management only wants to purchase one.  What can you use to determine which countermeasure provides the best cost benefits?
A. Threat/Vulnerability matrix
B. Threat/vulnerability score
C. CBA
D. CIA

Answer 20

CBA

Question 21

13. You are performing a cost benefit analysis. You want to determine if a countermeasure should be used. Which of the following formulas should you use?
    A. Loss before countermeasure - Loss after countermeasure
    B. Loss after countermeasure - Loss before countermeasure
    C. Projected benefits - Cost of countermeasure
    D. Cost of countermeasure - Projected benefits

Answer 21

Projected benefits - Cost of countermeasure

Question 22

14. Of the following, what should be included in a cost-benefit analysis report?
A. Recommended countermeasure
B. Risk to be mitigated
C. Costs
D. Annual projected benefits
E. A and C only
F. All the above

Answer 22

Recommended countermeasure
Risk to be mitigated
Costs
Annual projected benefits

Question 23

15. A POAM can be used to follow up on a risk mitigation plan.
    TRUE OR FALSE

Answer 23

TRUE