Part 8 Flashcards

0
Q

Even with the most robust security tools in place, it is important to ____ your systems.

A

monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

Monitor ____

A

Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

All security products are ____ and can ____ or be ____.

A

manmade, fail, compromised

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

As with any other aspect of technology, one should ____on simply one product or tool.

A

never rely

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Enabling ____ on your systems is one way to put your organization in a position to identify problem areas.

A

logging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The problem is, ____

A

what should be logged?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Logging mechanisms and the ability to track ____ are critical.

A

user activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The presence of logs in all environments allows thorough tracking and analysis if something does go wrong. Determining the cause of a compromise is very difficult without ____:

A

system activity logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Invalid ____ access attempts

A

logical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
Record at least the following \_\_\_\_ for all system components for each event:
● User identification
● Type of event
● Date and time
● Success or failure indication
● Origination of event
A

audit trail entries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

____ or name of affected data, system component, or resource

A

Identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

____ for all system components at least daily. ______ must include those servers that perform security functions like intrusion detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS).
Note: Log harvesting, parsing, and alerting tools may
be used to achieve compliance.

A

Review logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Fortunately, there are tools that will collect and ____ log files from a variety of sources. All these tools have the ability to notify individuals of a particular event.

A

parse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Hire a ____ to Audit Security

A

Third Party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Regardless of how talented your staff is, there is always the possibility that they ___ something or inad- vertently misconfigured a device or setting.

A

overlooked

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

For this reason it is very important to bring in an extra set of “eyes, ears, and hands” to ____ your organization’s security posture.

16
Q

Though some IT professionals will become paranoid having a third party review their work, intelligent staff members will recognize that a security review by outsiders can be a great ____.

A

learning opportunity

17
Q

The advantage of having a ___review your systems is that the outsiders have experience reviewing a wide range of systems, applications, and devices in a variety of industries.

A

third party

18
Q

They will know what works well and what might work but cause problems in the future. They are also more likely to be up to speed on new ____ and the latest product updates. Why? Because this is all they do.

A

vulnerabilities

19
Q

What is heartbleed

20
Q

They are not encumbered by administrative duties, inter- nal politics, and help desk requests. They will be more ____ than in-house staff, and they will be in a position to make recommendations after their analysis.

21
Q

The —- analysis should involve a two-pronged approach: They should identify how the network appears to attackers and how secure the system is, should attack- ers make it past the perimeter defenses.

A

third-party

22
Q

Don’t Forget the ____

23
Q

Many organizations spend a great deal of time and money addressing ____ and overlook some fundamental security mechanisms, as described here.

A

perimeter defenses

24
Change ____
Default Account Passwords
25
Nearly all network devices come ___ with a password/username combination.
preconfigured
26
If these ____ are not changed upon configu- ration, it becomes a trivial matter for an attacker to get into these systems.
default passwords
27
Use ___ Passwords
Robust
28
Close Unnecessary ____
Ports
29
____ on a computer are logical access points for com- munication over a network.
Ports
30
The well-known port numbers are 0 through ____.
1023
31
``` ● Port 21: ●bPort 23: ● Port 25: ● Port 53: ● Port 80: ● Port 110: ```
``` Port 21: FTP ● Port 23: Telnet ● Port 25: SMTP ● Port 53: DNS ● Port 80: HTTP ● Port 110: POP ```
32
The built-in command-line tool ____ will allow you to identify open ports and process IDs by using the following switches: -a Displays all connections and listening ports -n Displays addresses and port numbers in numerical form -o Displays the owning process ID associated with each connection (Note: In Unix, netstat is also available but utilizes the following switches: -atvp.) Other tools that can prove helpful are ActivePorts,47 a graphical user interface (GUI) tool that allows you to export the results in delimited format, and Fport,48 a popula
netstat
33
Nearly all operating systems have a mechanism for auto- matically checking for ____. This notification system should be turned on.
updates
34
Use Administrator Accounts for ____
Administrative Tasks
35
This means that the malicious software can run with ____, which can create serious problems. Administrators should log into their systems using a standard user account to prevent malicious software from gaining control of their computers.
administrator privi- leges
36
Restrict ___
Physical Access
37
Critical systems should be kept in ___
secure areas.
38
A ___ is one that provides the ability to control access to only those who need access to the systems as part of their job responsibilities.
secure area