security

Question 1

WHAT ARE SOME STRATEGIES FOR SECURE SYSTEMS

Answer 1

RISK ASSESSMENT
WHAT IS MOST IMPORTANT
LOSS OF EVENTS
FREQUENCY
IMPACT
MITIGATION
IMPLEMENTATION
COST
MAKE DECISION

Question 2

A concept in computer security that recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved. COST VS BENEFITES

Answer 2

REASONABLE ASSURANCE

Question 3

INCLUES HARDWARE, SOFTWARE, DATA, NETWORK, FACILITIES PLAN A documented process for recovering an organization’s business information system assets—including hardware, software, data, networks, and facilities—in the event of a disaster.

Answer 3

DISASTER RECOVERY

Question 4

CRITICAL BUSINESS PROCESS AND WHO SUPPORTS A risk-based strategy that includes an occupant emergency evacuation plan, a continuity of operations plan, and an incident management plan with an active governance process to minimize the potential impact of any security incident and to ensure business continuity in the event of a cyberattack or some form of disaster.

Answer 4

BUSINESS CONTINUTIY PLAN

Question 5

WHAT NEEDS DONE - DELICATES RESPONSIBILITIES An organization’s security requirements, as well as the controls and sanctions needed to meet those requirements.

Answer 5

SECURITY POLICY

Question 6

sysadmin, audit, network, security

Answer 6

SANS

Question 7

WHAT DOES CIA TRIAD STAND FOR

Answer 7

CONFIDENTIALITY
INTEGRITY
AVAILABILITY

Question 8

WHAT LEVEL OF CIA IS AUTHENTICAION METHOD SINGLE FACTOR

Answer 8

APPLICATION

Question 9

WHAT LEVEL OF CIA IS USER ROLES AND ACCOUNTS

Answer 9

APPLICATION

Question 10

WHAT LEVEL OF CIA IS DATA ENCRYPTION USED

Answer 10

APPLICATION

Question 11

AT WHAT LEVEL OF CIA IS EDUCATION USED

Answer 11

END USER

Question 12

AT WHAT LEVEL OF CIA IS AUTHENTICATION USED

Answer 12

END USER

Question 13

AT WHAT LEVEL OF CIA IS ANTI VIRUS USED

Answer 13

END USER

Question 14

AT WHAT LEVEL OF CIAS IS DATA ENCRYPTION USED

Answer 14

END USER

Question 15

COMPANY MONITORS, MANAGES, MAINTAINS COMPUTER SECURITY

Answer 15

MSSP
MANAGED SECURITY SERVICE PROVIDER

Question 16

WHAT ARE STEPS TO RESPOND TO CYBER ATTACK

Answer 16

INCIDENT NOTIFICATION
PROTECTION OF EVIDENCE/ACTIVITY LOG
INCIDENT CONTAINMENT
ERADICATION
INCIDENT FOLLOW UP

Question 17

WHAT ARE THE TWO CERTIFICATION NEEDED FOR COMPUTER FORENSICS FOR LEGAL MATTERS

Answer 17

CCE - CERTIFIED COMPUTER EXAMINER
ENCE CERTIFIED EXAMINER MASTERED COMPUTER INVESTIGATION

Question 18

NAME SOME AUTHENTICATION METHODS FOR SECURE NETWORKS

Answer 18

FIREWALL
NEXT GENERATION FIREWALL
ROUTERS
ENCRYPTION
ENCRYPTION KEY
TLS - TANSPORT LAYER SECURITY
PROXY SERVER
VPN
INTRUSION DETECTION SYSTEM

Question 19

hardware or software (or a combination of both) that serves as the first line of defense between an organization’s network and the Internet; also limits access to the company’s network based on the organization’s Internet-usage policy can be configured to serve as an effective deterrent to unauthorized web surfing by blocking access to specific objectionable websites.

Answer 19

FIREWALL

Question 20

A hardware- or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.

Answer 20

NGFW - NEXT GENERATION FIREWALL

Question 21

a gateway that passes data between one or more local area networks (LANs)

Answer 21

ROUTER

Question 22

communications protocol is used to secure sensitive data. a communications protocol or system of rules that ensures privacy between communicating applications and their users on the Internet enables a client (such as a web browser) to initiate a temporary, private conversation with a server (such as an online shopping site or bank)

Answer 22

TLS - TRANSPORT LAYER SECURITY

Question 23

serves as an intermediary between a web browser and another server on the Internet that makes requests to websites, servers, and services on the Internet for you

Answer 23

PROXY SERVER

Question 24

is software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment

Answer 24

IDS - INTRUSION DETECTION SYSTEM

Question 25

enables remote users to securely access an organization’s collection of computing and storage devices and share data remotely.

Answer 25

VPN - VIRTUAL PRIVATE NETWORK

Question 26

An evaluation of whether an organization has a well-considered security policy in place and if it is being followed.

Answer 26

SECURITY AUDIT

Question 27

an active governance process to minimize the potential impact of any security incident and to ensure business continuity in the event of a cyberattack. Creating such a strategy typically begins with performing a risk assessment to identify and prioritize the threats that the organization faces.

Answer 27

SECURITY STRATEGY

Question 28

Business processes that are more pivotal to continued operations and goal attainment than others.

Answer 28

MISSION CRITICAL PROCESS

Question 29

An organization’s security requirements, as well as the controls and sanctions needed to meet those requirements.

Answer 29

SECURITY POLICIES

Question 30

BRING YOUR OWN DEVICE

Answer 30

BYOD
PROS - MORE EFFICEINT/FAMILIAR WITH DEVICE
CONS - EXPOSE TO MALAWARE/PASSWORD PROTECTION/PRIVACY

Question 31

NAME SOME AREAS OF POSSIBLE ENTRY POINTS TO ORGANIZATIONS DATA INFORMATION

Answer 31

CLOUD COMPUTING
NETWORK COMPUTERS
MOBILE DEVICES
VIRTUALIZATION
OPERATING SYSTEMS
APPLICATIONS
WEB SITES
SWITCHES
ROUTERS
GATEWAY

Question 32

Established in 2003 to protect the nation’s Internet infrastructure against cyberattacks, it serves as a clearinghouse for information on new viruses, worms, and other computer security topics.

Answer 32

U.S. COMPUTER EMERGENCY READINESS TEAM US-CERT

Question 33

FEDERAL GOV’T DOES NOT HAVE TO INFORM ORGANIZATION OF VULNERABILITY

Answer 33

VEP - VULNERABILITY EQUITIES PROCESS

Question 34

NAME SOME CAUSES OF POOR SOFTWARE DESIGN

Answer 34

DO NOT KNOW HOW TO DESIGN QUALITY
DO NOT TAKE TIME
DO NOT FOLLOW RIGOUROUS ENGINEERING PRINCIPLES
NOT LEARNING FROM PAST MISTAKES
NOT UNDERSTANDING ENVIRONMENT
PRESSURE TO GET TO MARKET

Question 35

METHOD OR TECHNIQUE HAS CONSISTENTLY SHOWN RESULTS SUPERIOR TO THOSE ACHIEVED BY OTHER MEANS

Answer 35

BEST PRACTICE

Question 36

ORGANIZATION CHOOSES TO ELIMINATE VULNERABILITY THAT GIVES RIST TO PARTICULAR RISK IN ORDER TO AVOID RISK ALTOGETHER

Answer 36

AVOIDANCE

Question 37

An approach to minimizing the impact of software errors by independently implementing the same set of user requirements N times (where N could be 2, 3, 4 or more); the N-versions of software are run in parallel; and, if a difference is found, a “voting algorithm” is executed to determine which result to use.

Answer 37

N-VERSION PROGRAMMING

Question 38

A description of how a product or process could fail to perform the desired functions described by the customer.

Answer 38

FAILURE MODE