Security Event Management Flashcards

1
Q

What tool can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card?

A

The Data Mining Technique

Why? - Because data mining is used to detect trends or patterns of transactions or charges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What would result in a denial-of-service attack?

A

A “Ping of Death” event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What technology would an IS auditor review to identify digital rights management applications?

A

Steganography

i.e. This technique involves concealing the existence of messages or information within another message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do Neural networks detect fraud?

A

By addressing problems that require consideration of a large number of input variables.

i.e. attack problems that require consideration of numerous input variables.

Note: This will not discover new trends.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What event or technology would most likely result in a denial-of-service attack?

A

Router configuration and rules

i.e. Improper router configuration and rules could lead to an exposure to denial-of-service (DoS) attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an example of a “passive” cybersecurity attack?

A

Traffic analysis

i.e. A passive attack is one that monitors or captures network traffic but does not in any way modify, insert or delete the traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a benefit of quality of service?

A

That the participating applications will have bandwidth guaranteed.

i.e. The main function of QoS is to optimize network performance by assigning priority to business applications and end users (and allocation of dedicated parts of the bandwidth)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can a hacker obtain passwords without the use of computer tools or programs?

A

Through the technique of social engineering

E.g. The divulgence of private information through dialogues, interviews, inquiries, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What should an IS auditor recommend to ensure compliance with a security policy requiring that passwords be a combination of letters and numbers?

A

An automated password management tool

i.e. This is a preventive control (software) measure, that would prevent repetition (semantic) and would enforce syntactic rules, thus making the passwords robust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the primary purpose of an audit trail?

A

To establish accountability for processed transactions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an effective method of dealing with the spread of network worms that exploit vulnerabilities in a protocol?

A

Stopping the services that the protocol uses.

Why? - because it directly addresses the means of propagation at the lowest practical level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How do Electromagnetic emissions from a terminal represent a risk?

A

Because they can be detected and displayed

i.e. if intercepted and analyzed, they may reveal their contents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How could a Hacker obtain passwords without the use of computer tools or programs?

A

Through the use of social engineering

Why? - Because social engineering is based on the divulgence of private information through dialogues, interviews, inquiries, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What would be considered an inherent risk with no distinct identifiable preventive controls?

A

Data diddling

Which involves changing data before they are entered into the computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is an important action following a cyber attack?

A

Activating an incident response team

i.e. The first step is to activate the team, contain the incident and keep the business operational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What would be the main reason to have all organization’s computer clocks synchronized?

A

To support the incident investigation process

If not, investigations will be more difficult, because a time line of events occurring on different systems might not be easily established.

17
Q

What is an action that would likely result in the destruction or corruption of evidence on a compromised system?

A

Rebooting the system

18
Q

What risk is increased due to inadequate programming and coding practices?

A

Buffer overflow exploitation

19
Q

What is an important factor when conducting a penetration test on a system server?

A

To obtain the permissions of the data owner of the server

20
Q

True or False.

An Intrusion Detection System (IDS) can be used to detect attacks involving encrypted traffic

A

FALSE.

An IDS cannot detect attacks within encrypted traffic