CISA Refresher 1 Flashcards Preview

CISA Stuff > CISA Refresher 1 > Flashcards

Flashcards in CISA Refresher 1 Deck (31):
1

It is possible to break LAN security through the dail in route. Without dail up access controls, a caller can dial in and try passwords until they gain acces

TRUE

2

A dial back modem may be used to prevent access by guessing passwords.

TRUE

3

Twin line dial back modems

Dial back modems are available that are connected to two individual telephones. one is used for incoming calls and the second is used to call back the user on the known telephone number.

4

Router packet filtering firewalls

Packet header have information in them, including the IP address of the sender and receiver and the authorized port numbers allowed to use the information transmitted. Base onthat information the router know what kind of internet service, such as web based or FTP, is being used to send the date as well as the identitied of the sender and reciver of the data.

5

Possible attacks in packet filtering firewalls

IP spoofing, Source routing specification and miniature fragment attack.

6

Application firewall systems

Disadvantages are poor performance and scalability as internet usage grows

7

Stateful inspection firewall

It keeps track of the destination IP address of each packet that leaves the organizations internal network. whenever the response to the packet is received its record is referenced to ascertain and ensure that the incoming message is in response to the request that went out from the organization.

8

problem faced firewall

Most firewalls operate at network layer, therefore they do not stop any application base or input based attack

9

example of such attacks in application layer

SQL injection, buffer overflow attacks.

10

components of IDS

Sensors that are responsible for collecting data, Analyzer that receive input from sensors and determine intrusive activity, An administrative control, A user interface

11

Types of IDS

Signature based, statistical based, and Neural based

12

Neural based IDS

are similar to statistical model but with added self learning functionality

13

IDS cannot help following weakness

weakness in policy definition, application level vulnerabilities, back door in the applications, weakness in identification and athentication schemes

14

Two types of Honey pots

High interactionn , Low interaction

15

Heuristic scanning tools

are a type of virus scanning used to indicate possible infected codes

16

what is the most prevalent security risk when an organisation implements remote VPN access to its network

Malicious code could be spread across the network

17

Establishing controls to handle concurrent access problems is a preventive control

TRUE

18

Implementing data backup and recovery procedure is a corrective control, because backup and recovery procedure can be used to rollback database errors

TRUE

19

An ITF is considered a useful audit tool because it uses the same programs to compare processing using independently calculated data

TRUE

20

A benefit of open system architecture is that it

facilitates interoperatability

21

Open system are those for which suppliers provied components whose interfaces aer defined by public standards, thus facilitating interoperability between systems made by different vendors

TRUE

22

Prototyping is the development of a system through controlled trial and error

TRUE

23

when using public key encryption to secure data being transmitted across a network

the key use to encrypt is public, but the key used to deycrypt the data is private

24

symmetric key systems use single, secret, bidirectional keys

TRUE

25

In asymetric encryption process, two keys ork together as pair. One key is ued to encrypt data and other is used to decrypt data. Either key can be used to encrypt or decrypt but once the key has been used to encrypt data, only its partner can be used to decrypt the data

TRUE

26

If asymmetric keys were used to encrypt bulk data

the proces would be very slow, this is the reason they are used to encrypt short messages such as digest or signatures

27

A common form of asymmetric encryption is RSA

TRUE

28

common type of message digest algorithms are SHA1, MD2, MD4 and MD5

There algorithms are one way functions unlike private and public key encryption algoritms. This process of creating message digest cannot be reversed

29

digital signature is a cryptographic method that ensures

Data integrity, Authentication and Non repudiation

30

digital signatures and public\ Key encryption are vulnerable to man in the middle attacks wherein the senders digital signature private key and public key may be faked

TRUE

31

To protect against Man in the middle attacks and independent authority has been designed

TRUE