Ch.4

Question 1

a paper or electronic record of individuals who have permission to enter a secure area, the time that they entered, and the time they left the area

Answer 1

access list

Question 2

subtypes of security controls, classified as deterrent, preventive, detective, compensation, or corrective

Answer 2

activity phase controls

Question 3

process for developing and ensuring that policies and procedures are carried out, specifying actions that users may do, must do, or cannot do

Answer 3

administrative control

Question 4

an audible sound to warn a guard of an intruder

Answer 4

alarm

Question 5

software that helps prevent computers from becoming infected by different types of spyware

Answer 5

antispyware

Question 6

software that can examine a computer for any infections as well as monitor computer activity and scan new documents that might contain a virus

Answer 6

antivirus (AV)

Question 7

a structure designed to block the passage of traffic

Answer 7

barricade

Question 8

spam filtering software that analyzes every word in an email and determines how frequently a word occurs in order to determine if it is spam

Answer 8

Bayesian filtering

Question 9

a collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing applications

Answer 9

big data

Question 10

permitting everything unless it appears on the list; a list of nonapproved senders

Answer 10

blacklist

Question 11

a device that can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device to prevent it from being stolen

Answer 11

cable lock

Question 12

having the client web browser perform all validations and error recovery procedures

Answer 12

client-side validation

Question 13

video cameras and receivers used for surveillance in areas that require security monitoring

Answer 13

closed circuit television (CCTV)

Question 14

control that provides an alternative to normal controls that for some reason cannot be used

Answer 14

compensating control

Question 15

control that is intended to mitigate or lessen the damage caused by an incident

Answer 15

corrective control

Question 16

an attack that uses the user’s web browser settings to impersonate the user

Answer 16

cross-site request forgery (XSRF)

Question 17

data that is stored on electronic media

Answer 17

data at-rest

Question 18

data that is in transit across a network, such as an email sent across the internet

Answer 18

data in-transit

Question 19

a stat of data in which actions upon it are being performed by “endpoint devices” such as printers

Answer 19

data in-use

Question 20

a system that can identify critical data, monitor how it is being accessed, and protect it from unauthorized users

Answer 20

data loss prevention (DLP)

Question 21

a door lock that extends a solid metal bar into the door frame for extra security

Answer 21

deadbolt lock

Question 22

detective control

Answer 22

a control that is designed to identify any threat that has reached the system

Question 23

deterrent control

Answer 23

a control that attempts to discourage security violations before they occur

Question 24

embedded system

Answer 24

a computer system with a dedicated function within a larger electrical or mechanical system

Question 25

errors

Answer 25

faults in program that occur while the application is running. also called EXCEPTIONS

Question 26

exceptions

Answer 26

faults in program that occur while application is running. also called ERRORS

Question 27

fencing

Answer 27

securing a restricted area by erecting a barrier

Question 28

firewall

Answer 28

hardware or software that is designed to prevent malicious packets from entering or leaving computers. also called PACKET FILTER

Question 29

fuzz testing (fuzzing)

Answer 29

a software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a computer program

Question 30

guard

Answer 30

a human who is an active security element

Question 31

host-based application firewall

Answer 31

a firewall that runs as a program on local system

Question 32

hotfix

Answer 32

software that addresses a specific customer situation and often may not be distributed outside that customer’s organization

Question 33

input validation

Answer 33

verifying a user’s input to an application

Question 34

lighting

Answer 34

lights that illuminate an area so that it can be viewed after dark

Question 35

locking cabinet

Answer 35

a ruggedized steel box with a lock

Question 36

mainframe

Answer 36

a very large computing system that has significant processing capabilities

Question 37

mantrap

Answer 37

a device that monitors and controls two interlocking doors to a small room (a vestibule), designed to separate secure and nonsecure areas

Question 38

motion detection

Answer 38

determining an object’s change in position in relation to its surroundings

Question 39

NoSQL

Answer 39

a nonrelational database that is better tuned for accessing large data sets

Question 40

NoSQL databases vs. SQL databases

Answer 40

an argument regarding which database technology is superior. also called SQL vs. NoSQL

Question 41

OS hardening

Answer 41

tightening security during the design and coding of the OS

Question 42

packet filter

Answer 42

hardware or softwAre that is designed to prevent malicious packets from entering or leaving computers. Also called FIREWALL

Question 43

patch

Answer 43

a general software security update intended to cover vulnerabilities that have been discovered

Question 44

popup blocker

Answer 44

either a program or a feature incorporated within a browser that stops popup advertisements from appearing

Question 45

preventive controls

Answer 45

a control that attempts to prevent the threat from coming in and reaching contact with the vulnerability

Question 46

protected distribution system (PDS)

Answer 46

a system of cable conduits that is used to protect classified information being transmitted between two secure areas

Question 47

a device that detects an emitted signal in order to identify the owner

Answer 47

proximity reader

Question 48

a ruggedized steel box with a lock

Answer 48

safe

Question 49

large-scale, industrial-control systems

Can be found in military installations, oil pipeline control systems, manufacturing environments, and nuclear power plants

Answer 49

SCADA (supervisory control and data acquisition)

Question 50

any device or process that is used to reduce risk

Answer 50

security control

Question 51

a document or series of documents that clearly defines the defense mechanisms an organization will employ to keep information secure

Answer 51

security policy

Question 52

having the server perform all validations and error recovery precedures

Answer 52

server-side validation

Question 53

software that is a cumulative package of all security updates plus additional features

Answer 53

service pack

Question 54

a written placard that explains a warning, such as notice that an area is restricted

Answer 54

sign

Question 55

a cell phone with an operating system that allows it to run third-party applications (apps)

Answer 55

smartphone

Question 56

an argument regarding which database technology is better. also called NoSQL DATABASES vs. SQL DATABASES

Answer 56

SQL vs NoSQL

Question 57

devices in which additional hardware cannot easily be added or attached

Answer 57

static environment

Question 58

security controls that are carried out or managed by devices

Answer 58

technical controls

Question 59

an operating system that has been designed through OS hardening

Answer 59

trusted OS

Question 60

monitoring activity that is captured by a video camera

Answer 60

video surveillance

Question 61

permitting nothing unless it appears on the list

Answer 61

whitelist

Question 62

a substitute for a regular function that is used in testing

Answer 62

wrapper function

Question 63

What type of controls are the processes for developing and ensuring that policies and procedures are carried out?

a. technical controls
b. active controls
c. administrative controls
d. policy controls

Answer 63

c

Question 64

Which of the following is NOT an activity phase control?

a. compensating control
b. detective control
c. resource control
d. deterrent control

Answer 64

c

Question 65

Which of the following is NOT designed to prevent individuals from entering sensitive areas but instead is instead is intended to direct traffic flow?

a. barricade
b. fencing
c. roller barrier
d. type V controls

Answer 65

a

Question 66

Which of the following is NOT a motion detection method?

a. radio frequency
b. moisture
c. magnetism
d. infrared

Answer 66

b

Question 67

The residential lock most often used for keeping out intruders is the _______.

a. encrypted key lock
b. privacy lock
c. passage lock
d. keyed entry lock

Answer 67

d

Question 68

A lock that extends a solid metal bar into the door frame for extra security is the ______.

a. triple bar lock
b. deadman’s lock
c. full bar lock
d. deadbolt lock

Answer 68

d

Question 69

Which statement about a mantrap is true?

a. it is illegal in the U.S.
b. it monitors and controls two interlocking doors to a room
c. it is a special keyed lock
d. it requires the use of a cipher lock

Answer 69

b

Question 70

Which of the following cannot be used along with fencing as a security perimeter?

a. vapor barrier
b. rotating spikes
c. roller barrier
d. anticlimb paint

Answer 70

a

Question 71

A ______ can be used to secure a mobile device.

a. mobile connector
b. cable lock
c. mobile chain
d. security tab

Answer 71

b

Question 72

Which of the following is NOT a characteristic of an alarmed carrier PDS?

a. periodic visual inspections
b. continuous monitoring
c. carrier can be hidden below a floor
d. eliminates the need to seal connections

Answer 72

a

Question 73

Which is the first step in securing an operating system?

a. develop the security policy
b. implement patch management
c. configure operating system security and settings
d. perform host software baselining

Answer 73

a

Question 74

Atypical configuration baseline would include each of the following EXCEPT _______.

a. changing any default settings that are insecure
b. eliminating any unnecessary software
c. enabling operating system security features
d. performing a security risk assessment

Answer 74

d

Question 75

Which of the following is NOT a Microsoft Windows settings that can be configured through a security template?

a. account policies
b. user rights
c. keyboard mapping
d. system services

Answer 75

c

Question 76

______ allows for a single configuration to be set and then deployed to many or all users.

a. active directory
b. group policy
c. snap-in replication (SIR)
d. command configuration

Answer 76

b

Question 77

A ____ addresses a specific customer situation and often may not be distributed outside that customer’s organization.

a. rollup
b. service pack
c. patch
d. hotfix

Answer 77

d

Question 78

Which of the following is NOT an advantage to an automated patch update service?

a. Administrators can approve or decline updates for client systems, force updates to install by a specific date, and obtain reports on what updates each computer needs.
b. Downloading patches from a local server instead of using the vendor’s online update service can save bandwidth and time because each computer does not have to connect to an external server
c. Users can disable or circumvent updates just as they can if their computer is configured to use the vendor’s online update service
d. Specific types of updates that the organization does not test, such as hotfixes, can be automatically installed whenever they become available

Answer 78

c

Question 79

Which of these is NOT a state of data that DLP examines?

a. data in-use
b. data in -process
c. data in-transit
d. data at-rest

Answer 79

b

Question 80

How does heuristic detection detect a virus?

a. a virtualized environment is created and the code is executed in it
b. a string of bytes from the virus is compared against the suspected file
c. the bytes of a virus are placed in different “piles” and then used to create a profile
d. the virus signature file is placed in a suspended chamber before streaming to the CPU

Answer 80

a

Question 81

Which of these is a list of approved email senders?

a. blacklist
b. whitelist
c. greylist
d. greenlist

Answer 81

b

Question 82

Which statement about data loss prevention (DLP) is NOT true?

a. it can only protect data while it is on the user’s personal computer
b. it can scan data on a DVD
c. it can read inside compressed files
d. a policy violation can generate a report or block he data

Answer 82

a