Ch8: Using Risk Management Tools

Question 1

Threat

Answer 1

a potential danger

Question 2

Threat assessment

Answer 2

evaluates potential threats

Question 3

Environmental threats

Answer 3

include natural threats such as weather events

Question 4

Manmade threats

Answer 4

any potential dangers from people and can be either malicious or accidental

Question 5

Internal threats

Answer 5

typically refers to employees within an organization

Question 6

External threats

Answer 6

any source outside an organization

Question 7

Handling risk…

Answer 7

It is not possible to eliminate risk, but you can take steps to manage it

Question 8

An organization can avoid risk by

Answer 8

not providing a service or not participating in a risky activity

Question 9

Insurance

Answer 9

transfers the risk to another entity

Question 10

You can mitigate risk by

Answer 10

implementing controls. But when the cost of implementing the controls exceeds the cost of the risk, an organization accepts the remaining (residual) risk

Question 11

Quantitative risk assessment

Answer 11

uses specific monetary amounts to identify cost and asset values

Question 12

SLE

Answer 12

Single loss expectancy identifies the amount of each loss

Question 13

ARO

Answer 13

Annual rate of occurence identifies the number of failures in a year

Question 14

ALE

Answer 14

Annual loss expectancy identifies the expected annual loss

Question 15

ALE equation

Answer 15

ALE = SLE x ARO

Question 16

Qualitative risk assessment

Answer 16

uses judgment to categorize risks based on likelihood of occurrence and impact

Question 17

Risk register

Answer 17

a comprehensize document listing known information about risks. Typically includes risk scores along with recommended security controls to reduce the risk scores

Question 18

Supply chain assessment

Answer 18

evaluates everything needed to produce and sell a product. It includes all the raw materials and processes required to create and distribute a finished product

Question 19

Password crackers

Answer 19

attempt to discover passwords and can identify weak passwords or poorly protected passwords

Question 20

Network scanners

Answer 20

can detect all the hosts on a network, including the OS and services or protocols running on each host

Question 21

Wireless scanners

Answer 21

can detect rogue access points on a network and sometimes crack passwords used by access points

Question 22

Netcat

Answer 22

can be used for banner grabbing on remote systems or to remotely administer systems

Question 23

Vulnerability scanner

Answer 23

can identify vulnerabilities, misconfigured systems, and the lack of security controls such as up-to-date patches.

Question 24

Vulnerability scans vs penetration tests

Answer 24

Vulnerability scans are passive and have little impact on a system during a test. Penetration tests are intrusive and can potentially compromise a system

Question 25

False positive from a vulnerability scan

Answer 25

indicates the scan detected a vulnerability, but the vulnerability doesn’t exist

Question 26

Credentialed scans

Answer 26

run under the context of a valid account and are typically more accurate than non-credentialed scans

Question 27

Penetration test

Answer 27

is an active test that can assess deployed security controls and determine the impact of a threat. It starts with a vulnerability scan and then tries to exploit vulnerabilities by actually attacking or simulating an attack

Question 28

Pen tests usually include

Answer 28

both passive and active reconnaissance

Question 29

Passive reconnaissance

Answer 29

uses open-source intelligence such as social media and an organization’s web site

Question 30

Active reconnaissance

Answer 30

uses tools such as network scanners to gain information on the target

Question 31

After exploiting a system, pen testers..

Answer 31

use privilege escalation techniques to gain more access to target systems

Question 32

Pivoting

Answer 32

the process of using an exploited system to target other systems

Question 33

Black box testers

Answer 33

have zero prior knowledge of the system prior to a penetration test. Often use fuzzing

Question 34

White box testers

Answer 34

have full knowledge of a system

Question 35

Gray box testers

Answer 35

have some knowledge of a system

Question 36

Admins use a protocol analyzer to

Answer 36

capture, display, and analyze packets sent over a network

Question 37

Protocol analyzers are useful to

Answer 37

troubleshoot communications problems between systems and detect attacks that manipulate or fragment packets

Question 38

A network capture shows information including

Answer 38

type of traffic (protocol), flags, source and destination IP addresses, source and destination MACs

Question 39

To capture all traffic, configure..

Answer 39

the NIC to use promiscuous mode

Question 40

Tcpdump

Answer 40

a command-line protocol analyzer. It can create packet captures that can then be viewed in wireshark

Question 41

Nmap

Answer 41

a sophisticated network scanner that runs from the command line

Question 42

Logs record…

Answer 42

what happened, when it happened, where it happened, and who did it

Question 43

By monitoring logs, admins can detect…

Answer 43

event anomalies

Question 44

By reviewing logs, security personnel can create…

Answer 44

an audit trail

Question 45

SIEM system

Answer 45

A security information and event management system provides a centralized solution for collecting, analyzing, and managing data from multiple sources. Typically includes aggregation and correlation to collect and organize log data from multiple sources. Provides continuous monitoring with automated alerts and triggers

Question 46

Usage auditing

Answer 46

records user activity in logs

Question 47

Usage auditing review

Answer 47

looks at the logs to see what users are doing and can be used to re-create an audit trail

Question 48

Permission auditing reviews

Answer 48

help ensure that users have only the access they need and no more, and can detect privilege creep issues