Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

A's Security + Self Study > Unit 1 - Intro to Security > Flashcards

Unit 1 - Intro to Security Flashcards

1
Q

A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security risks is most pressing?

Integrity

Non-repudiation

Availability

Confidentiality

A

Confidentiality

Confidentiality ensures that data is not disclosed to unintended persons. Removable media poses a big threat to confidentiality because it makes it easy to remove data and share it with unauthorized users.

Availability ensures that data is available when it is needed. Copying files to a server that includes malware could threaten the data’s availability if the malware deletes or corrupts the data.

Integrity ensures that data is not modified or tampered with.

Non-repudiation provides validation of a message’s origin.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following BEST describes a cyber terrorist?

Exploits internal vulnerabilities to steal information

Desires some kind of financial reward or revenge

Disrupts network-dependent institutions

Downloads and runs attacks available on the internet

A

Disrupts network-dependent institutions

Cyber terrorists generally use the internet to carry out terrorist activities such as disrupting network-dependent institutions.

Downloading and running attacks available on the internet is usually a script kiddie activity.

Cybercriminals are after some kind of financial reward or revenge.

A spy applies for a job with a commercial competitor and then exploits internal vulnerabilities to steal information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your computer system is a participant in an asymmetric cryptography system. You’ve created a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user.

In this example, which protection does the hashing activity provide?

Confidentiality

Availability

Integrity

Non-repudiation

A

Integrity

Hashing of any sort, including within a digital signature, provides data integrity.

Signing the message with the private key creates non-repudiation.

A digital signature activity, as a whole, does not provide protection for confidentiality because the original message is sent in cleartext.

No form of cryptography provides protection for availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is an example of an internal threat?

A server backdoor allows an attacker on the internet to gain access to the intranet site.

A user accidentally deletes the new product designs.

A water pipe in the server room breaks.

A delivery man is able to walk into a controlled area and steal a laptop.

A

A user accidentally deletes the new product designs.

Internal threats are intentional or accidental acts by employees, including:

Malicious acts such as theft, fraud, or sabotage

Intentional or unintentional actions that destroy or alter data

Disclosing sensitive information through snooping or espionage

External threats are events that originate outside of the organization. They typically focus on compromising the organization’s information assets. Examples of external threats include hackers, fraud perpetrators, and viruses.

Natural events are events that may reasonably be expected to occur over time, such as a fire or a broken water pipe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

By definition, which security concept uses the ability to prove that a sender undeniably sent an encrypted message?

Privacy

Authentication

Integrity

Non-repudiation

A

Non-repudiation

Explanation
The ability to prove that a sender undeniably sent a message is known as non-repudiation. By various mechanisms in different cryptographic solutions, you can prove that only the sender would be able to have initiated a certain communication. Therefore, the sender cannot repute that they originated a message.

Integrity is protection against alteration. Authentication is the assignment of access privileges to users.

Privacy is the protection and confidentiality of personal information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following includes all hardware and software necessary to secure data, such as firewalls and antivirus software?

Users and administrators

Assets

Policies

Physical security

A

Assets

Explanation
Physical security includes all hardware and software necessary to secure data, such as firewalls and antivirus software.

Users and administrators are the people who use the software and the people who manage the software, respectively.

Policies are the rules an organization implements to protect information.

An asset is something that has value to a person or organization, such as sensitive information in a database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Policies, procedures, and awareness

A

Policies, procedures, and awareness:

User education; manageable network plans; and employee onboarding and off-boarding procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Physical

A

Physical:

Fences, door locks, mantraps, turnstiles, device locks, server cages, cameras, motion detectors, and environmental controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Perimeter

A

Perimeter:

Firewalls using ACLs and securing the wireless network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Network

A

Network:

The installation and configuration of switches and routers; implementation of VLANs; penetration testing; and virtualization use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Host

A

Host:
Log management, OS hardening, patch implementation, patch management, auditing, anti-malware, and password attack prevention on each workstation, laptop, and mobile device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Application

A

Application:

Authentication and authorization, user management, group policies, and web application security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Data

A

Data:

Storing data properly, destroying data, classifying data, cryptography, and data transmission security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The Application layer of the security model includes which of the following? (Select two.)

User management

Web application security

Environmental controls

User education

Log management

A

User management
Web application security

The Application layer includes user management and web application security.

The Policies, Procedures, and Awareness layer includes user education.

The Physical layer includes environmental controls.

The Host layer includes log management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When training your employees on how to identify various attacks, which of the following policies should you be sure to have and enforce? (Select two.)

Group policies

Password policies

Clean desk policies

Usage policies

Encryption policies

A

Password policies
Clean desk policies

Be sure to have an effective password policy and clean desk policy in place, and don’t forget to enforce them. Be sure to train your employees on how to identify all the various attacks that could target them. Train them on how to spot suspicious emails, instant messages, downloads, attachments, and websites.

Encryption policies should protect you in the event you experience a physical security breach. For example, if a hard drive were stolen, the thief wouldn’t be able to access the information stored on it.

An Acceptable Use Policy (AUP) determines the rules for using a website or internet service.

You can use Windows group policies to administer your Windows systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following reduces the risk of a threat agent being able to exploit a vulnerability?

Manageable network plans

Implementation of VLANs

Countermeasures

Secure data transmissions

A

Countermeasures

A countermeasure is a means of mitigating potential risk. Countermeasures reduce the risk of a threat agent being able to exploit a vulnerability. An appropriate countermeasure:

Must provide a security solution to an identified problem

Should not depend on secrecy

Must be testable and verifiable

Must provide uniform or consistent protection for all assets and users

Should be independent of other safeguards

Should require minimal human intervention

Should be tamper-proof

Should have overrides and fail-safe defaults

17
Q

Which of the following items would be implemented at the Data layer of the security model?

Authentication

Group policies

Auditing

Cryptography

A

Cryptography is implemented at the Data layer.

Authentication, authorization, and group policies are implemented at the Application layer.

Auditing is implemented at the Host layer.

18
Q

Which of the following items would you secure in the Perimeter layer of the security model?

VLANs

Firewalls

Switches

Routers

A

Firewalls

Firewalls using ACLs are secured in the Perimeter layer.

Switches, routers, and VLANs are secured in the Network layer.

19
Q

Which of the following is a security approach that combines multiple security controls and defenses?

Network security

Countermeasure security

Layered security

Cumulative security

Perimeter security

A

Layered security

Layered security, sometimes called defense in depth security, is a security approach that combines multiple security controls and defenses to create a cumulative effect.

Perimeter security includes firewalls with ACLs and a wireless network. Network security includes the installation and configuration of switches and routers, the implementation of VLANs, penetration testing, and the utilization of virtualization. A countermeasure is a means of mitigating a potential risk. Countermeasures reduce the risk of a threat agent exploiting a vulnerability.

20
Q

Which of the following items would be implemented at the Network layer of the security model?

Network plans

Wireless networks

Penetration testing

Firewalls using ACLs

A

Penetration testing

Explanation
The installation and configuration of switches and routers, the implementation of VLANs, penetration testing, and virtualization are implemented at the Network layer.

Firewalls with ACLs and wireless networks are secured in the Perimeter layer.

Network plans are implemented at the Policies, Procedures, and Awareness layer.

21
Q

Which of the following is one of the MOST common attacks on employees?

Phishing attack

Password attack

DNS attack

Remote attack

A

Phishing attack

Phishing attacks are one of the most common attacks directed at employees. In most cases, employees are lured into clicking a link or downloading an attachment from a seemingly legitimate email.

22
Q

The Policies, Procedures, and Awareness layer of the security model includes which of the following? (Select two.)

Motion detectors

User education

Server cages

Employee onboarding

Environmental controls

A

User education
Employee onboarding

User education and employee onboarding and off-boarding procedures are included in the Policies, Procedures, and Awareness layer.

The Physical layer deals with server cages, motion detectors, and environmental controls.

A's Security + Self Study (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions