IS3110 CHAP 2

Question 1

What is a security policy?

1. A rigid set of rules that must be followed explicitly to be effective
2. A technical control used to enforce security
3. A physical control used to enforce security
4. A document created by senior management that identifies the role of security in the organization

Answer 1

A document created by senior management that identifies the role of security in the organization

Question 2

You want to ensure that users are granted only the rights to perform actions required for their jobs. What should you use?

1. Principle of least privilege
2. Principle of need to know
3. Principle of limited rights
4. Separation of duties

Answer 2

Principle of least privilege

Question 3

You want to ensure that users are granted only the persuasions needed to access data required to perform their jobs. What should you use?

1. Principle of least privilege
2. Principle of need to know
3. Principle of limited rights
4. Principle of limited permissions

Answer 3

Principle of need to know

Question 4

Which of the following security principles divides job responsibilities to reduce fraud?

1. Need to know
2. Least privilege
3. Separation of duties
4. Mandatory vacations

Answer 4

Separation of duties

Question 5

What can you use to ensure that unauthorized changes are not made to systems?

1. Input validation
2. Patch management
3. Version control
4. Configuration management

Answer 5

Configuration management

Question 6

What are two types of intrusion detection systems?

1. Intentional and unintentional
2. Natural and manmade
3. Host-based and network-based
4. Technical and physical

Answer 6

Host-based and network-based

Question 7

A technical control prevents unauthorized personnel from having physical access to a secure area or secure system.
TRUE OR FALSE

Answer 7

FALSE

Question 8

What allows an attacker to gain additional privileges on a system by sending unexpected code to the system?

1. Buffer overflow
2. MAC flood
3. Input validation
4. Spiders

Answer 8

Buffer overflow

Question 9

What is hardening a server?

1. Securing it from the default configuration
2. Ensuring it cannot be powered down
3. Locking it in a room that is hard to access
4. Enabling necessary protocols and services

Answer 9

Securing it from the default configuration

Question 10

Which of the following steps could be taken to harden a server?

1. Removing unnecessary services and protocols
2. Keeping the server up to date
3. Changing defaults
4. Enabling local firewalls
5. All the above

Answer 10

All the above

Question 11

Which government agency includes the Information Technology Laboratory and published SP 800-30?

1. NIST
2. DHS
3. NCSD
4. US-CERT

Answer 11

NIST

Question 12

ITL and ITIL are different names for the same thing.

TRUE OR FALSE

Answer 12

FALSE

Question 13

Which US government agency regularly publishes alerts and bulletins related to security threats?

1. NIST
2. FBI
3. US-CERT
4. The MITRE Corporation

Answer 13

US-CERT

Question 14

The CVE list is maintained by ___?

Answer 14

The MITRE Corporation

Question 15

What is the standard used to create Information Security Vulnerability names?

1. CVE
2. MITRE
3. DISA
4. CSI

Answer 15

CVE

Question 16

The amount that can be attacked on a server. Every additional service or protocol running or enabled increased the surface. By disabling services or protocols that are not needed, you reduce the surface

Answer 16

ATTACK SURFACE

Question 17

A common exploit used against public-facing servers. Buffer overflow can occur when an attacker sends more data or different data than is expected. Attackers can use it to gain additional privileges on the system

Answer 17

BUFFER OVERFLOW

Question 18

Standards used to ensure that systems are configured similarly. Additionally, you can perform compliance auditing regularly to ensure that systems have not been improperly modified.

Answer 18

CONFIGURATION MANAGEMENT

Question 19

A philosophy centered on the principle that security requires continuous effort. You put controls into place. Later, you perform checks and audits to ensure they are still working as expected.

Answer 19

CONTINUOUS MONITORING

Question 20

A buffer zone separating the Internet from the internal network. A DMZ is often created with two separate firewalls. You then place public-facing servers such as Web servers or email servers in the DMZ

Answer 20

DEMILITARIZED ZONE (DMZ)

Question 21

An attack designed to prevent a system from providing a service. This is launched from a single client.

Answer 21

DENIAL OF SERVICE (DoS)

Question 22

A major department in the US government. It is charged with protecting the United States from threats and emergencies.

Answer 22

DEPARTMENT OF HOMELAND SECURITY (DHS)

Question 23

A DoS attack launched from multiple clients at the same time. These attacks often include zombies controlled in a botnet.

Answer 23

DISTRIBUTED DENIAL OF SERVICE (DDoS)

Question 24

The act of initiating a vulnerability. It occurs when a command or program is executed to take advantage of a weakness. Some examples are buffer overflows, DoS attacks and DDoS attacks.

Answer 24

EXPLOIT

Question 25

The day after Patch Tuesday. After patches are released, attackers attempt to reverse-engineer the patches to learn the vulnerabilities. They then create attacks to expo it the vulnerabilities before the patches are widely applied.

Answer 25

EXPLOIT WEDNESDAY

Question 26

The act of making server more secure from the default. Defaults are changed. The attack surface is reduced. The system is kept up to date

Answer 26

HARDENING A SERVER

Question 27

Acts that are hostile to the organization. Intentional threats come from criminals, vandals, disgruntled employees, hackers, and others.

Answer 27

INTENTIONAL THREATS

Question 28

A system that can monitor a network and send an alert if an intrusion is detected. Both host-based ___ and network-based IDS (NIDS) systems are commonly used. A passive IDS logs and alerts on events. An active IDS can block a detected attack.

Answer 28

INTRUSION DETECTION SYSTEM (IDS)

Question 29

A division of the Department of Homeland Security. NCSD and Department of Homeland Security work together with private, public, and international parties to secure cyberspace. They particularly focus on America’s cyber assets.

Answer 29

NATIONAL CYBER SECURITY DIVISION (NCSD)

Question 30

A division of the US Department of Commerce. Its mission is to promote US innovation and industrial competitiveness. The information Technology Laboratory (ITL) is within ___. ITL publishes special publications that are widely used in IT risk management.

Answer 30

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST)

Question 31

Ensuring that patches are deployed when needed. Software regularly develops busts. When that happens, vendors release patches to correct the problems. ___ ensures that appropriate patches are deployed. Many bugs present serious security risks, so if the patches are’t deployed, the systems become vulnerable.

Answer 31

PATCH MANAGEMENT

Question 32

The day that Microsoft released patches for Microsoft products. ___ is the second Tuesday of every month.

Answer 32

PATCH TUESDAY

Question 33

Controls that restrict physical access to areas or systems. Examples include locked rooms, guards, and cameras.

Answer 33

PHYSICAL CONTROLS

Question 34

A security principle that grants users only the minimum rights and permissions needed to perform their job. This is similar to the need to know principle. however, the need to know principle focuses only on permissions for data, not rights.

Answer 34

PRINCIPLE OF LEAST PRIVILEGE

Question 35

A security principle that grants users access only to the data they need to perform their job. This is similar to the least-privilege principle. However, the least-privilege principle includes rights and permissions, while the need to know principle focuses only on permissions for data.

Answer 35

PRINCIPLE OF NEED TO KNOW

Question 36

An attacker without much knowledge about programming and the potential harm it may cause. The idea is that some hacking tools are so easy to use, a kid can use them.

Answer 36

SCRIPT KIDDIE

Question 37

A written policy created by senior management. it identifies resources and plans to implement security in the organization. It will usually includes individual policies such as a password policy, and acceptable use policy, and a firewall policy.

Answer 37

SECURITY POLICY

Question 38

A principle that ensures that a single person does not control all the functions of a critical process. It is designed to prevent fraud, theft, and errors.

Answer 38

SEPARATION OF DUTIES

Question 39

An attack on a Web site that accesses a database. The attacker uses Structured Query Language (SQL) code to retrieve or modify data in the database. You can prevent SQL injection attacks with sound development practices.

Answer 39

SQL INJECTION ATTACK

Question 40

A common DoS attack, where the attacker withholds the third packet in a three-way handshake. When the attacker does this repeatedly in a short time period, the server’s resources are consumed and the server can crash.

Answer 40

SYN FLOOD ATTACK

Question 41

Controls that use technology to reduce vulnerabilities. Examples include anti-virus software, intrusion detection systems, access controls, and firewalls.

Answer 41

TECHNICAL CONTROLS

Question 42

When a threat expo its a vulnerability, this results in a harmful event or a loss.

Answer 42

THREAT/VULNERABILITY PAIR

Question 43

Threats that don;t have a perpetrator. They include threats in the following categories: environmental, human, accidents, and failures.

Answer 43

UNINTENTIONAL THREATS

Question 44

Part of the National Cyber Security Division. The US-CERT provides response support and defense against cyber attackers. Their focus is on the protection of federal government resources. They also collaborate and share information with state and local governments, and other public and private sectors.

Answer 44

UNITED STATES COMPUTER EMERGENCY READINESS TEAM (US-CERT)

Question 45

A process that ensures that changes to files are controlled and tracked. Version control is often used with application development. Programmers check out a module or file, make their changes, and then check the file back in.

Answer 45

VERSION CONTROL