IS3220 CHAPTER 6

Question 1

Less rigorous than training or education this security training focuses on common or basic security elements that all employees must know and abide by. This is called ___?

Answer 1

AWARENESS

Question 2

This process of making copies of data onto other storage media is called ___?
The purpose is to protect against data loss by having additional onsite or offsite copies of data that can be restored when necessary.

Answer 2

BACKUP

Question 3

A plan to maintain the mission-critical functions of the organization in the event of a problem that threatens to take business processes offline is called ___?
The goal is to prevent the interruption of business tasks, even with a damaged environment and reduced resources.

Answer 3

BUSINESS CONTINUITY PLAN

Question 4

A detailed and thorough review of the deployed security infrastructure compared with the organization’s security policy and any applicable laws and regulations is called ___?

Answer 4

COMPLIANCE AUDIT

Question 5

A security stance that blocks all access to all resources until a valid authorized explicit exemption is defined is called ___?

Answer 5

DEFAULT DENY

Question 6

A security stance that allows all access to all resources until an explicit exception is defined is called ___?

Answer 6

DEFAULT PERMIT

Question 7

A plan to restore the mission-critical functions of the organization once they have been interrupted by an adverse event is called ___?
The goal of this is to return the business to functional operation within a limited time to prevent the failure of the organization to the incident.

Answer 7

DISASTER RECOVERY PLAN

Question 8

The third and highest level of obtaining security knowledge that leads to career advancement is called ___?
This is broad and not necessarily focused on specific job tasks or assignments. More rigorous than awareness or training.

Answer 8

EDUCATION

Question 9

A form of security protection that protects individual files by scrambling the contents in such a way as to render them unusable by unauthorized third parties is called ___?

Answer 9

FILE ENCRYPTION

Question 10

A collection of multiple honey pots in a network for the purposes of luring and trapping hackers is called ___?

Answer 10

HONEYNET

Question 11

A predefined procedure to react to security breaches to limit damage, contain the spread of malicious content, stop compromise of information, and promptly restore the environment to a normal state. This is called ___?

Answer 11

INCIDENT RESPONSE PLAN

Question 12

The state or condition of an asset or process vitally important to the long-term existence and stability of an organization is called ___?
If this element is interrupted or removed, it often results in the failure of the organization.

Answer 12

MISSION-CRITICAL

Question 13

Specialized host used to place an attacker into a system where the intruder cannot do any harm is called ___?

Answer 13

PADDED CELL

Question 14

The guideline that all users should be granted only the minimum level of access and permission required to perform their assigned job tasks and responsibilities is called ___?

Answer 14

PRINCIPLE OF LEAST PRIVILEGE

Question 15

A security guideline, procedure, or recommendation manual is called ___?

Answer 15

SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGS)

Question 16

An administrative rule whereby no single individual possesses sufficient rights to perform certain actions is called ___?
Achieved by dividing administrative level tasks and powers among compartmentalized administrators.

Answer 16

SEPARATION OF DUTIES

Question 17

The use of only a single element of validation or verification to prove the identity of a subject and considered much weaker than multi-factor authentication is called ___?

Answer 17

SINGLE-FACTOR AUTHENTICATION

Question 18

The second level of knowledge distribution offered by an organization to educate users about job task focused security concerns is called ___?
More rigorous than awareness: less rigorous than education.

Answer 18

TRAINING

Question 19

A dedicated microchip found on some motherboards that host and protect the encryption key for whole hard drive encryption is called ___?

Answer 19

TRUSTED PLATFORM MODULE (TPM)

Question 20

A form of investigation that aims at checking whether or not a target system is subject to attack based on a database of test, scripts, and simulated exploits is called ___?

Answer 20

VULNERABILITY SCANNING

Question 21

The process of encrypting an entire hard drive rather than just individual files is called ___?
In most cases, this provides better security against unauthorized access than file encryption, because it encrypts temporary directories and slack space.

Answer 21

WHOLE HARD DRIVE ENCRYPTION

Question 22

1. All of the following are examples of network security management best practices EXCEPT:
2. Write a security policy
3. Obtain senior management endorsement
4. Filter Internet connectivity
5. Provide fast response time to customers
6. Implement defense-in-depth

Answer 22

Provide fast response time to customers

Question 23

2. All of the following are examples of network security management best practices EXCEPT:
3. Avoid remote access
4. Purchase equipment from a single vendor
5. Use whole heard drive encryption
6. Implement IPSec
7. Harden internal and border devices

Answer 23

Purchase equipment from a single vendor

Question 24

3. All the following are examples of network security management best practices EXCEPT:
4. Use multi-factor authentication
5. Backup
6. Have a business continuity plan
7. Prioritize
8. Spend each year’s budget in full

Answer 24

Spend each year’s budget in full

Question 25

4. A firewall host that fails and reverts to a state where all communication between the Internet and the DMZ is cut off displays a type of defense known as:
5. Default permit
6. Explicit deny
7. Fail-close
8. Egress filtering
9. Security through obscurity

Answer 25

Fail-close

Question 26

5. The purpose of physical security access control is to:
6. Grant access to external entities
7. Prevent external attacks from coming through the firewall
8. Provide teachable scenarios for training
9. Limit interaction between people and devices
10. Protect against authorized communications over external devices

Answer 26

Protect against authorized communications over external devices

Question 27

6. A complete and comprehensive security approach needs to address or perform two main functions, the first is to secure assets and the second is:
7. Watch for violation attempts
8. Prevent downtime
9. Verify identity
10. control access to resources
11. Design the infrastructure based on the organization’s mission

Answer 27

Watch for violation attempts

Question 28

7. Incident response is the planned reaction to negative situations or events. Which of the following is NOT a common step or phase in an incident response?
8. Containment
9. Recovery
10. Eradication
11. Detection
12. Assessment

Answer 28

Assessment

Question 29

8. All of the following are elements of an effective network security installation EXCEPT:
9. Backup
10. Recovery
11. Eradication
12. Detection
13. Assessment

Answer 29

Assessment

Question 30

9. The task of compartmentalization is focused on as siting with what overarching security concern?
10. Limiting damage caused by intruders
11. Filtering traffic based on volume
12. Controlling access based on location
13. Supporting transactions through utilization
14. Assess security

Answer 30

Limiting damage caused by intruders

Question 31

10. Which of the following types of security components are important to install on all hosts?
11. Firewall
12. Antivirus
13. Whole hard drive encryption
14. Spyware defense
15. All the above

Answer 31

Firewall
Antivirus
Whole hard drive encryption
Spyware defense

Question 32

11. What is the only protection against data loss?
12. Integrity checking
13. Encryption
14. Traffic filtering
15. Backup and recovery
16. Auditing

Answer 32

Backup and recovery

Question 33

12. All the following are common mistakes or security problems that should be addressed in awareness training EXCEPT:
13. Opening email attachments from unknown sources
14. Using resources from other subnets of which the host is not a member
15. Installing unapproved software on work computers
16. Failing to make backups of personal data
17. Walking awry from a computer while still logged in

Answer 33

Using resources from other subnets of which the host is not a member

Question 34

13. The best network security management tools include all of the following EXCEPT:
14. Complete inventory of equipment
15. Written security policy
16. Expensive commercial products
17. Logical organization map
18. Change documentation

Answer 34

Expensive commercial products

Question 35

14. The purpose of a security checklist is:
15. To keep an inventory of equipment
16. To create shopping list for replacement parts
17. To ensure that all security elements are still effective
18. To complete the security documentation for the organization
19. To assess the completeness of the infrastructure

Answer 35

To ensure that all security elements are still effective

Question 36

15. Which of the following is NOT a potential hazard when installing patches or updates?
16. Resetting configuration back to factory defaults
17. Reducing security
18. Bricking the device
19. Installing untested code
20. Improving resiliency against exploits

Answer 36

Improving resiliency against exploits

Question 37

16. Which of the following is a true statement in regards to compliance auditing?
17. Compliance auditing is a legally mandated task for every organization
18. Compliance auditing ensures that all best practices are followed
19. Compliance auditing creates a security policy
20. Compliance auditing is an optional function for the financial and medical industries
21. Compliance auditing verifies that industry specific regulations and laws are followed

Answer 37

Compliance auditing verifies that industry specific regulations and laws are followed

Question 38

17. Which of the following is not typically considered a form of network security assessment in terms of how well existing security stands up to current threats?
18. Configuration scan
19. Compliance
20. Vulnerability assessment
21. Ethical hacking
22. Penetration testing

Answer 38

Compliance

Question 39

18. Which of the following cannot be performed adequately using an automated tool?
19. Checking for current patches
20. Confirming configuration settings
21. Vulnerability assessment
22. Scanning for known weaknesses
23. Ethical hacking

Answer 39

Ethical hacking

Question 40

19. What is the key factor that determines how valuable and relevant a vulnerability assessment’s report is?
20. Timeliness of the database
21. Whether the product is open sourced
22. The platform hosting the scanning engine
23. The time of day the scan is performed
24. The available bandwidth on the network

Answer 40

Timeliness of the database

Question 41

20. What is the primary purpose of a post-mortem assessment review?
21. Reducing costs
22. Adding new tools and resources
23. Placing blame on an individual
24. Learning from mistakes
25. Extending the length of time consumed by a task

Answer 41

Learning from mistakes

Question 42

The procedure of watching for the release of new updates from vendors is called ___?
This includes testing the patches, obtain approval, then overseeing the deployment and implementation of updates across the production environment.

Answer 42

PATCH MANAGEMENT