MOD 8 - Midterm

Question 1

What do the letters in the CIA triad stand for?

Answer 1

Confidentiality
Integrity
Availability

Question 2

What is confidentiality?

Answer 2

Concept of measures used to ensure the protection of the secrecy of data, objects or resources

Question 3

What is integrity?

Answer 3

The concept of protecting the reliability and correctness of data. prevents unauthorized altercations of data.

Question 4

What is Availability?

Answer 4

Authorized subjects are granted timely and uninterrupted access to objects.

Question 5

Name the AAA services.

Answer 5

Identification
Authentication
Authorization
Auditing
Accounting(Accountability)

Question 6

What are the types of security plans in security governance

Question 7

What is the minimum level of security?

Answer 7

Baseline

Question 8

Due dilligence

Answer 8

Establishing a plan, policy and process to protect the interest of an organization, knowing what should be done and planning for it.

Question 9

Due care

Answer 9

practicing the individual activities that maintain the due diligence effort, doing the right action at the right time.

Question 10

Separation of duties

Answer 10

Making sure duties are split from each other so things get done ; protects from fraud.

Question 11

Job rotation

Answer 11

Making sure multiple people know how to do the same job and you are forcefully rotated into this position; protects against fraud.

Question 12

What is SLA?

Answer 12

Service Level Agreement
An agreement established ahead of time that ensures organizations providing services to internal and/or external customers maintain an appropriate level of service agreed on by both the service provider and the vendor.

Question 13

What is security governance

Answer 13

The collection of practices related to supporting, defining and directing the security efforts of an organization.

Question 14

What is risk assessment?

Answer 14

A detailed process of identifying factors that could damage or disclose data, evaluating those factors in light of data value and countermeasure cost, and implementing cost-effective solutions for mitigating or reducing risk.

Question 15

What is vulnerability?

Answer 15

Weakness in asset or the absence or the weakness of a safeguard or countermeasure.

Question 16

What are the types of risk analysis?

Answer 16

Qualitative - Rank threats on a scale to evaluate their risks, costs and effects
Quantitative - Inventory assets and assign a value (money)

Question 17

What are the risk responses?

Answer 17

Reduce/Mitigate
Assign/Transfer
Accept
Deter
Avoid
Reject/Ignore

Question 18

What is exposure?

Answer 18

The amount of damage done to an asset if the risk manifests.

Question 19

What is asset value?

Answer 19

How much something costs. Dollar amount of the asset.

Question 20

What is BCP?

Answer 20

Business Continuity Planning

Involves assessing risks to organizational processes and creating policies, plans and procedures to minimize the impact those risks might have on the organization if they were to occur.

Question 21

What is shoulder surfing?

Answer 21

Looking over someone shoulder to get their information

Question 22

What are the 4 steps of BCP?

Answer 22

Project planning and scope
Business impact analysis
Continuity planning
Approval and implementation

Question 23

What are the two types of threats?

Answer 23

Natural
Person made/Man made

Question 24

Why is BCP used?

Answer 24

To reduce the impact of a realized risk on organization.

Question 25

What is the main formula for SLE?

Answer 25

SLE (Single loss expectancy) = Asset value * Exposure Factor

Question 26

What is the formula for ALE?

Answer 26

ALE = SLE * ARO

Question 27

What is ARO?

Answer 27

Annualized rate of occurrence (number of times per year)

Question 28

In the scope of BIA, what is MTD?

Answer 28

Maximum tolerable downtime

The amount of time a business can be inoperable.

Question 29

What is RTO?

Answer 29

Recovery time objective

The amount of time it takes for a business to recover.

Question 30

What is PHI?

Answer 30

Protected Health Information

Health information that relates to an individual.

Question 31

What is proprietary data?

Answer 31

It gives competitive advantage

Question 32

What are the government data classification?

Answer 32

Top secret
Secret
Confidential
Unclassified
For official use only
Sensitive but unclassified

Question 33

What are the non-government data classification?

Answer 33

Confidential/Proprietary
Private
Sensitive
Public

Question 34

What is Data at Rest?

Answer 34

Any data stored on media such as system hard drives, solid state devices, external, USB drives, storage area networks and backup tapes.

Question 35

What is Data in transit

Answer 35

Includes data transmitted over an internal network using wired or wireless methods and data transmitted over public networks such as the internet.

Question 36

What is Data in use?

Answer 36

Refers to data in memory or temporary storage buffers while an application is using it.

Question 37

What is DLP? How does it work?

Answer 37

Data Loss Prevention

Hostbased/Endpoint Based DLP (looks on your host to make sure information isn’t put on USB stick.
Network based DLP (looks on the network to find keywords)

Question 38

What do baselines provide?

Answer 38

The minimum level of security

Question 39

What is PII?

Answer 39

Personal Identifiable Information

Anything that can identify a human

Question 40

What would occur if top secret data is breached?

Answer 40

Exceptionally grave damage

Question 41

What is anonymization?

Answer 41

The process of removing all relevant data so that it is theoretically impossible to identify the original subject or person.

Question 42

What is hardware?

Answer 42

Physical components of a computer.
Anything you can touch.

Question 43

What is multi-processing?

Answer 43

Having more than one processor simultaneously

Question 44

What are the 2 modes in an operating system

Answer 44

User and Privileged/Kernel

Question 45

What is ROM?

Answer 45

Read Only Memory

You can’t write on it

Question 46

What is Random Access Memory?

Answer 46

Directly readable and writable memory

Question 47

What is Firmware?

Answer 47

Software that is stored in a ROM or an EEPROM chip.
E.g BIOS

Question 48

What is a DCE?

Answer 48

Distributed Computing environment

Question 49

What is IOT?

Answer 49

Internet of things

Question 50

Mobile device deployment policy

Answer 50

Bring your own device (BYOD)
COE (Corporate-Owned personally enabled)
CYOD (Choose your own device)
COMS (Corporately owned mobile strategy; the best one)

Question 51

What is a rootkit?

Answer 51

Malware that embeds itself deep within an OS

Question 52

What is a covert channel?

Answer 52

Information that is shared on a path that is not normally used to pass information.

Question 53

What is Malware?

Answer 53

A broad range of software threats that exploit various network,
operating system, software, and physical security vulnerabilities to spread
malicious payload to computer systems.

or

Broad range of software with malicious payloads

EX: Trojan Horses, viruses, worms

Question 54

What is APT?

Answer 54

Advanced persistent Threat

Question 55

What are the two main functions of viruses?

Answer 55

Propagation
Destruction

Question 56

What is a logic bomb?

Answer 56

Malicious code that lies dormant until triggered by the occurrence of one or more conditions such as time, program launch, website logon, certain keystrokes.

Question 57

Who introduced logic bombs?

Answer 57

Coders because they want to protect their code.

Question 58

What worm infected something in Iran?

Answer 58

Stuxnet

Question 59

What is spyware?

Answer 59

Monitors your actions and transmits important details to a remote system that spies on your activity.

Question 60

What are zero days?

Answer 60

Security flaws discovered by hackers that have not been thoroughly addressed by the security community.

Question 61

What is integrity monitoring?

Answer 61

Programs that detect unauthorized file modifications

Question 62

What is code signing?

Answer 62

Use digital signatures to ensure the authenticity of code.

Question 63

What are injection attacks?

Answer 63

Specially formatting input to execute user-defined SQL commands.

Question 64

What is secure coding practices?

Answer 64

Input Validation
Error handling
Remove comments
Get rid of hardcoded credentials

Question 65

What does physical security protect against?

Answer 65

Physical threats

Question 66

What is secure facility plan?

Answer 66

Outlines the security needs of your organization and emphasizes methods or mechanisms to employ to provide security.

Question 67

What is critical path analysis?

Answer 67

A systematic effort to identify relationships between mission-critical applications, processes and operations and all of the necessary supporting elements.

Question 68

What are the functional order of controls?

Answer 68

Deterrence
Denial
Detection
Delay
Determine
Decide

Question 69

What is MTTF?

Answer 69

Mean Time To failure

Expected typical functional lifetime required to perform a repair on a device given a specific operating environment

Question 70

What is MTTR?

Answer 70

Mean Time To Repair

Average length of time required to perform a repair on the device

Question 71

What physical considerations are required for server rooms?

Answer 71

Human Incompatible:
Gas fire extinguisher
Low temperatures
Little or no lightning
Equipment stacked with little room to maneuver

Question 72

What is local alarm system?

Answer 72

Broadcast audible alarm

Question 73

What is piggybacking?

Answer 73

Following someone through a secured gate or doorway without being identified or authorized personally

Question 74

What is a SCIF?

Answer 74

Sensitive Compartmented Information Facility

Used by the government and military contractors to provide a secure environment for highly sensitive data storage and computation.

Question 75

What is UPS?

Answer 75

Uninterruptable Power Supply

A self charging battery that can be used to supply consistent clean power to sensitive equipment.

Question 76

What is a brownout?

Answer 76

Prolonged low voltage

Question 77

What are the two modes of EMI?

Question 78

What class of fire extinguishers should be used for electric systems?

Answer 78

Class C

Question 79

What is Access control vestibule?

Answer 79

A mantrap

Question 80

What is KPI? What does it do?

Answer 80

Key Performance Indicators

Provide metrics of operations.