Quiz 14

Question 1

Which of the following is a type of security audit? (Choose all that apply.)

Question 1 options:

A) operational

B) independent

C) automated

D) centralized

Answer 1

A) Operational
B) Independent

Question 2

Why is it important to protect the confidentiality of information you gather through auditing? (Choose all that apply.)

A) The information might become corrupted when you store it.

B) Viruses could infect it.

C) Intruders could discover passwords.

D) Employee privacy could be compromised.

Answer 2

C) Intruders could discover passwords.

D) Employee privacy could be compromised.

Question 3

When should you follow the procedure for carrying out change shown in
Figure 14-4?
Question 3 options:

whenever a change needs to be made to security configurations

when the change will have a substantial impact

when the change is needed urgently

when many employees will be affected by the change

Answer 3

when the change will have a substantial impact

Question 4

What is an auditing program in which current connections are scanned and alerts are
generated after suspicious logon attempts?
Question 4 options:

event monitoring

social engineering

port scan

Tinkerbell program

Answer 4

Tinkerbell program

Question 5

Which of the following employees has primary responsibilities that include maintaining
and strengthening network defenses?
Question 5 options:

computer security manager

security incident response team leader

chief information officer

security auditor

Answer 5

computer security manager

Question 6

What is a realistic goal of ongoing security management? (Choose all that apply.)

Question 6 options:

A) tracing as many intrusion attempts as possible

B) tracing all attacks

C) continually strengthening and modifying defenses

D) blocking all suspicious packets

Answer 6

A) tracing as many intrusion attempts as possible

C) continually strengthening and modifying defenses

Question 7

Which of the following describes a goal of a security event management program? (Choose all that apply.)
Question 7 options:

A) consolidating events from multiple sources x

B) conducting forensics to trace and prosecute offenders

C) managing IDPS signatures

D) responding to events as quickly as possible x

Answer 7

A) consolidating events from multiple sources

D) responding to events as quickly as possible

Question 8

How can you gather information on a variety of security events and respond to
it quickly?
Question 8 options:

Assemble a large response team.*

Outsource security management.

Use distributed data collection.

Automate data collection and analysis.

Answer 8

Automate data collection and analysis.

Question 9

Which of the following is an advantage of centralized data collection? (Choose all that apply.)
Question 9 options:

A) reduced traffic through network gateways x

B) only one person needed to review data x

C) reduced software and hardware costs X

D) reduced administrative costs X

Answer 9

A) reduced traffic through network gateways

B) only one person needed to review data

Question 10

Why would you choose distributed data collection rather than centralized data
collection?
Question 10 options:

to reduce hardware and software costs

to reduce the load on security managers

to reduce overall costs

to reduce traffic through gateways

Answer 10

to reduce traffic through gateways

Question 11

Before installing new signatures for an IDPS, what do you need to do?

Question 11 options:

Stop the IDPS.

Change passwords.

Back up the IDPS.

Double-check to verify whether new signatures are necessary.

Answer 11

Back up the IDPS.

Question 12

What can happen if you change a security configuration too abruptly and without
proper authorization?
Question 12 options:

Employees might ignore the change.

You might be flooded with protests from employees.

The change might surprise other security managers.

You could face disciplinary action.

Answer 12

You might be flooded with protests from employees.

Question 13

The change management process might apply when which of the following occurs? (Choose all that apply.)
Question 13 options:

A) You need to block access to DMZ servers.

B) A new VPN gateway is installed. X

C) You need to change a fragmentation rule in a packet filter. x

D) New password logon procedures are needed. X

Answer 13

B) A new VPN gateway is installed.

C) You need to change a fragmentation rule in a packet filter.

D) New password logon procedures are needed.

Question 14

Security auditing involves which of the following? (Choose all that apply.)

Question 14 options:

A) reviewing hardware and software costs

B) rotating firewall logs

C) testing defenses

D) reviewing log files

Answer 14

B) rotating firewall logs

C) testing defenses

D) reviewing log files

Question 15

What is nonrepudiation?

Question 15 options:

a legal defense used by employees whose privacy has allegedly been violated

the ability to rely on information gained through a security audit

the ability to validate transactions through electronic documentation

the ability of a system to authenticate users*

Answer 15

the ability to validate transactions through electronic documentation