Security Event Management Flashcards
What tool can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card?
The Data Mining Technique
Why? - Because data mining is used to detect trends or patterns of transactions or charges
What would result in a denial-of-service attack?
A “Ping of Death” event
What technology would an IS auditor review to identify digital rights management applications?
Steganography
i.e. This technique involves concealing the existence of messages or information within another message.
How do Neural networks detect fraud?
By addressing problems that require consideration of a large number of input variables.
i.e. attack problems that require consideration of numerous input variables.
Note: This will not discover new trends.
What event or technology would most likely result in a denial-of-service attack?
Router configuration and rules
i.e. Improper router configuration and rules could lead to an exposure to denial-of-service (DoS) attacks.
What is an example of a “passive” cybersecurity attack?
Traffic analysis
i.e. A passive attack is one that monitors or captures network traffic but does not in any way modify, insert or delete the traffic.
What is a benefit of quality of service?
That the participating applications will have bandwidth guaranteed.
i.e. The main function of QoS is to optimize network performance by assigning priority to business applications and end users (and allocation of dedicated parts of the bandwidth)
How can a hacker obtain passwords without the use of computer tools or programs?
Through the technique of social engineering
E.g. The divulgence of private information through dialogues, interviews, inquiries, etc
What should an IS auditor recommend to ensure compliance with a security policy requiring that passwords be a combination of letters and numbers?
An automated password management tool
i.e. This is a preventive control (software) measure, that would prevent repetition (semantic) and would enforce syntactic rules, thus making the passwords robust
What is the primary purpose of an audit trail?
To establish accountability for processed transactions
What is an effective method of dealing with the spread of network worms that exploit vulnerabilities in a protocol?
Stopping the services that the protocol uses.
Why? - because it directly addresses the means of propagation at the lowest practical level.
How do Electromagnetic emissions from a terminal represent a risk?
Because they can be detected and displayed
i.e. if intercepted and analyzed, they may reveal their contents
How could a Hacker obtain passwords without the use of computer tools or programs?
Through the use of social engineering
Why? - Because social engineering is based on the divulgence of private information through dialogues, interviews, inquiries, etc
What would be considered an inherent risk with no distinct identifiable preventive controls?
Data diddling
Which involves changing data before they are entered into the computer.
What is an important action following a cyber attack?
Activating an incident response team
i.e. The first step is to activate the team, contain the incident and keep the business operational