study 4

Question 1

Refers to attack and control circumvention attempts on a target’s network perimeter from outside the target’s system, usually the Internet

Answer 1

External Testing

Question 2

Refers to attack and control circumvention attempt on target from within the perimeter. The objective is to identify what would occur if the external perimeter was successfully compromised and/or an authorized user from within the network wanted to compromise security of a specific resource on a network.

Answer 2

Internal Testing

Question 3

Refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target’s information systems. Such testing is expensive, since penetration tester have to research the target and profile it based on publicly available information.

Answer 3

Blind Testing

Question 4

It is a extension of blind testing, since the administrator and security staff at the target are also not aware of test. Such a testing can effectively evaluate the incident handling and response capability of the target and how well managed the environment is.

Answer 4

Double Blind Testing

Question 5

Refers to attack and control circumvention attempts on the target, while both the target’s IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design. Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.

Answer 5

Targeted Testing

Question 6

Personnel who review result and deliverables within each phase and at the end of each phase, and confirm compliance with requirements. Their objective is to ensure that the quality of the project by measuring adherence of the project staff to the organization’s software development life cycle (SDLC), advise on the deviation and propose recommendation for process improvement or greater control points when deviation occur.

Answer 6

Quality Assurance

Question 7

Ensures that system controls and supporting processes provides an effective level of protection, based on the data classification set in accordance with corporate security policies and procedures: consult throughout the life cycle on appropriate security measures that should be incorporated into the system.

Answer 7

Security Officer

Question 8

Completes assigned tasks, communicate effectively with the system developers by actively involving themselves in the development process as Subject Matter Expert (SME) and works according to local standards, and advise the project manager of expected and actual project deviations.

Answer 8

User Project Team

Question 9

Completes assigned tasks, communicates effectively with user by actively involving them in the development process, works according to local standards, and advise the project manager of necessary plan deviations.

Answer 9

System Development Project Team

Question 10

Project sponsor provides funding for the project and works closely with the project manager to define critical success factor(CSFs) and metrics for measuring the success of the project. It is crucial that success is translated to measurable and quantifiable terms. Data and application ownership are assigned to a project sponsor. A project sponsor is typically the senior manager in charge of the primary business unit that the application will support.

Answer 10

Project Sponsor

Question 11

Provides day-to-day management and leadership of the project, ensures that project activities remain in line with the overall directions, ensures appropriate representation of the affected departments, ensures that the project adheres local standards, ensures that deliverable meet the quality expectation of key stakeholder, resolve interdepartmental conflict, and monitors and controls cost of the project timetables.

Answer 11

Project Manager

Question 12

Provides technical support for hardware and software environment by developing, installing and operating the requested system.

Answer 12

System Development Management

Question 13

Provides overall directions and ensures appropriate representation of the major stakeholders in the project’s outcome. The project steering committee is ultimately responsible for all deliverables, project costs and schedules. This committee should be compromised of senior representative from each business area that will be significantly impacted by the proposed new system or system modifications.

Answer 13

Project Steering Committee

Question 14

Demonstrate commitment to the project and approves the necessary resources to complete the project. This commitment from senior management helps ensure involvement by those needed to complete the project.

Answer 14

Senior Management

Question 15

Assumes ownership of the project and resulting system, allocates qualified representatives to the team, and actively participates in business process redesign, system requirement definitions, test case development, acceptance testing and user training.

Answer 15

User Management

Question 16

A certificate is a digital document that at a minimum includes what?

Answer 16

1. a Distinguished Name (DN)

2. an associated public key

Question 17

is used to match an IP address to an Ethernet address so the packet can be sent to the appropriate node.

Answer 17

The Address Resolution Protocol (ARP)

Question 18

is used to match an Ethernet address to an IP address

Answer 18

Reverse address resolution protocol (RARP)

Question 19

L2TP Protocol works at what layer?

Answer 19

data link layer

Question 20

Secure Sockets Layer (SSL): Works at what layer?

Answer 20

transport layer

Question 21

IPSec: Works at what layer?

Answer 21

network layer, and provides security on top of IP

Question 22

Point-to-Point Tunneling Protocol (PPTP) Works at what layer?

Answer 22

data link layer

Question 23

What protection devices is used for spot protection within a few inches of the object,

Answer 23

Capacitance detectors

Question 24

is the act of gathering the necessary information so the best decision-making activities can take place.

Answer 24

Due Diligence

Question 25

a gateway act as a ? Device

Answer 25

translation device

It could be used to translate from IPX to TCP/IP

Question 26

A bridge work at what layer

Answer 26

at the data link layer

Question 27

token ring IEEE #

Answer 27

802.5

Question 28

IEEE 802.2 refers to what?

Answer 28

the logical link control

Question 29

IEEE 802.11 refers to what?

Answer 29

wireless communications

Question 30

IEEE 802.3 refers to what?

Answer 30

Ethernet’s CSMA/CD

Question 31

is used to send encrypted information using symmetric keys, and the relevant session key along with it. It is a secure method to send electronic document without compromising the data integrity,

Answer 31

Digital Envelope

Question 32

he most common method of session hijacking is called

Answer 32

P spoofing

Question 33

a computer with a ? firewall would respond to ACK packets sent to port TCP/80 when the port should not respond to unsolicited ACK packets for a non-existent TCP session.

Answer 33

stateless firewall

Question 34

From most effective (lowest CER) to least effective (highest CER) are? (4)

Answer 34

1. Iris scan,
2. fingerprint,
3. voice verification
4. keystroke dynamics

Question 35

a hamming code is used to create

Answer 35

parity information?

Question 36

confirms that users’ needs have been met by the supplied solution.

Answer 36

Acceptance

Question 37

is the formal testing of security safeguards and assurance is the degree of confidence that the implemented security measures work as intended.

Answer 37

Certification

Question 38

Once an intrusion into your organization’s information system has been detected, the first action that needs to be performed

Answer 38

Determine to what extent systems and data may be compromised.

Question 39

using mathematical properties of modular arithmetic and a method known as

Answer 39

Computing in Galois fields

Question 40

In which phase of the System Development Lifecycle (SDLC) is Security Accreditation Obtained?

Answer 40

Testing and evaluation control

Question 41

n which phase of the System Development Lifecycle (SDLC) is implementation

Answer 41

Transition to production

Question 42

decision support system (DSS) is know as

Answer 42

Delphi Method or Delphi Technique:

Question 43

The main purpose of off-site hardware testing to ensure What?

Answer 43

The continued compatibility of the contingency facilities.

Question 44

provides protection against sniffing and replay attacks but also provides message authentication and integrity.

Answer 44

SRTP - Secure Real-time Transport Protocol

Question 45

SRTP uses what as the default cipher.

Answer 45

AES - Advanced Encryption Standard

Question 46

is used on the Local Area Network (LAN) to obtain an IP address from it’s known MAC address?

Answer 46

is used on the Local Area Network (LAN) to obtain an IP address from it’s known MAC address?