Module 9: Managing a Secure Network Flashcards

1
Q

It is a risk management process that include monitoring behaviors and habits on social media sites as well as discouraging employees from sharing login credentials via email or text message.

A

operations security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

It is a risk management process that encourages managers to view operations from the perspective of an adversary in order to protect sensitive information from falling into the wrong hands.

A

operations security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Types of Network tests

A
  • Penetration testing
  • Network scanning
  • Vulnerability scanning
  • Password cracking
  • Log review
  • Integrity checks
  • Virus detection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A type of network test where the objective is to identify security weaknesses.

A

Penetration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A type of network test which is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.

A

Penetration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A type of network test which can also be used to test an organization’s security policy, its adherence to compliance requirements, its employees’ security awareness and the organization’s ability to identify and respond to security incidents.

A

Penetration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A type of network test which is the process allowing you to determine all active devices on your network.

A

network scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

_____________ is when the tool sends a ping to each device on the network and awaits a response.

A

active scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A type of network test which aims to identify any systems that are subject to known vulnerabilities.

A

vulnerability scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

It is an application that identifies and creates an inventory of all the systems (including servers, desktops, laptops, virtual machines, containers, firewalls, switches, and printers) connected to a network.

A

vulnerability scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A type of network test which is the art of obtaining the correct password that gives access to a system protected by an authentication method.

A

password cracking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A type of network test which is the process of attempting to gain Unauthorized access to restricted systems using common passwords or algorithms that guess passwords.

A

password cracking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A type of network test that works by reading your entire disk and recording integrity data that acts as a signature for the files and system sectors.

A

Integrity checks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A type of network test that provide the only reliable way to discover what damage a virus has done.

A

Integrity checks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Network Testing Tools

A
  • Nmap/Zenmap
  • SuperScan
  • SIEM
  • GFI LANguard
  • Tripwire
  • Nessus
  • L0phtCrack
  • Metasploit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A network testing tool which is a multi-platform free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users.

17
Q

A network testing tool which is the official Nmap Security Scanner GUI.

18
Q

A network testing tool which includes a variety of additional networking tools such as ping, traceroute, HTTP HEAD, and whois.

19
Q

A network testing tool which is a free Windows-only closed-source TCP/UDP port scanner by Foundstone.

20
Q

A network testing tool that ingests log and event data from a wide variety of sources such as security software and appliances, network infrastructure devices, applications, and endpoints to give IT security teams a centralized tool for spotting and responding to security incidents.

A

SIEM (Security Information and Event Management)

21
Q

An essential function of SIEM that focuses primarily on collecting, examining, and analyzing network traffic.

A

forensic analysis

22
Q

An essential function of SIEM is the process of moving data and log files from disparate sources into a common repository.

A

aggregation

23
Q

An essential function of SIEM that tells your SIEM system which sequences of events could be indicative of anomalies which may suggest security weaknesses or cyber attack.

A

correlation

24
Q

An essential function of SIEM which refers to the regular archiving of event logs, particularly those significant to cyber security.

25
Q

What are the groups that the End user policy can be divided to?

A
  • customer
  • employee
  • partner
26
Q

Who are the audiences for security policy?

A
  • manager
  • end user
  • engineer
27
Q

What are the contents of a security policy documents?

A
  • procedures
  • standards
  • guidelines
28
Q

What are the primary components of security awareness program?

A
  • Awareness campaigns
  • Training and education