Lesson 1

Question 1

For a network intrusion to occur all three legs of the intrusion triangle must exist. These are:

Answer 1

Motive
Means
Opportunity

Question 2

_______refers to the characteristic of a communication or any data that ensures the quality of being genuine or not corrupted from the original

Answer 2

Authenticity

Question 3

Major roles of ___________ include confirming that the user is who he or she claims to be and ensuring the message is authentic and not altered or forged

Answer 3

authentication

Question 4

___ ___ ___

are used to ensure authenticity of data, transactions, communications or documents.

Answer 4

Biometrics
,
smart cards
, or
digital certificates

Question 5

refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated
•
It It is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message

Answer 5

Non-repudiation

Question 6

_____ and ___ are used to establish authenticity and non-repudiation of a document or message.

Answer 6

Digital signatures
and
encryption

Question 7

Information security deals principally with _________

.

Answer 7

risk management

Question 8

Once the enterprise’s assets and their corresponding threats have been identified, risk management can take the form of: (4)

Answer 8

–
Acceptance
–
Mitigation
–
Transference
–
Avoidance

Question 9

________ (IC3)
is a resource for both victims of Internet crime and the law enforcement agencies investigating and prosecuting these crimes.

Answer 9

The Internet Crime Complaint Center

Question 10

The level of security in any system can be defined by the strength of three components:

Answer 10

Functionality (Features)

Security (Restrictions)

Usability

Question 11

Types of Attacks on a System

Answer 11

Operating system attacks < Misconfiguration attacks < Shrink wrap code attacks < Application level attacks <

Question 12

Some of the OS vulnerabilities:

Answer 12

–
Buffer overflow
vulnerabilities
–
Bugs in operating
system
–
Unpatched operating
system

Question 13

This will lead to default code or shrink wrap code attacks.

Answer 13

not fine tuning or customizing OS/Application scripts

Question 14

_______________ is a formal statement of the rules by which people who are given access to an organization’s technology and information assets must abide

Answer 14

A security policy

Question 15

Keep in mind that in the end the basic goals for IT security for an organization can be stated as:

Answer 15

Maintain the organization’s competitive advantage
–
Protect the organization’s reputation
–
Comply with mandates by governmental regulations.

Question 16

_________ Specify mandatory rules, regulations, or activities. For
instance, there can be an internal standard specifying that all traffic to a particular destination be encrypted using a certain cryptographic algorithm

_______ Provide recommendations, reference actions, and operational guides for users under circumstances to which standards do not apply
.

Answer 16

Standards

Guidelines

Question 17

_______Provide step-by-step instructions for performing specific tasks. Procedures define how policies, standards, and guidelines are implemented within the operating environment.

__________Define the minimum level of security required for a given system type. For example, a list of unnecessary network services that should be disabled on every router provides a baseline of protection

Answer 17

Procedures

Baselines