Exam 2

Question 1

Access Control Approaches Rely on The Following Four Mechanisms

Answer 1

1. Identification- I am a user of the system
2. Authentication- I can prove I’m a user of the system
3. Authorization- Here’s what I can do with the system
4. Accountability- You can track and monitor my use on the system

Question 2

Roles of the Communities of Interest

Answer 2

Evaluation of current and proposed risk controls
Determining which options are cost effective
Installing the needed controls
Ensuring that the controls stay effective

Question 3

Three commonly used authentication factors

Answer 3

1. Something you know
   Relies on what the unverified user knows. Like password.
2. Something You Have
   Relies on that an unverified user has and can produce when necessary. Like ID cards
3. Something That You Are or Can Produce
   Relies on individual characteristics. Like fingerprints

Question 4

MAC layer firewall

Answer 4

Designed to operate at the media access control sublayer at layer 2 of the network

Question 5

Application layer proxy firewall

Answer 5

capable of functioning as both a firewall and an application layer proxy server

Question 6

Packet-filtering firewall

Answer 6

Examines header information of data packets that enter a network.

Question 7

Firewall

Answer 7

Combination of hardware/software that filters information moving between the inside/outside of a network

Question 8

Encapsulation

Answer 8

The native protocol of the client is embedded within the frames of a protocol

Question 9

Encryption

Answer 9

Keeps data private as it travels over the public network

Question 10

Authentication

Answer 10

Ensures the identification of the remote user

Question 11

Transport Mode

Answer 11

Data within an IP packet is encrypted, but the header information is not

Question 12

Tunnel Mode

Answer 12

Establishes two perimeter tunnel servers to encrypt all traffic that will traverse an unsecured network

Question 13

Proxy server

Answer 13

server that exists to intercept requests for information from external users to minimizing demand on internal servers

Question 14

Reverse proxy

Answer 14

retrieves internal information to provide to requesting outside users

Question 15

Clark-Wilson Integrity Model change control principles

Answer 15

• No changes by unauthorized users
• No unauthorized changes by authorized users
• Maintain internal and external consistency

Question 16

IDPS Response Techniques

Answer 16

Terminating the user session or network connection
Blocking access to the target system or systems
Blocking all access to the targeted information asset

Question 17

Reasons for an IDPS

Answer 17

Intrusion detection
Documentation- Logs data
Attack deterrence

Question 18

Host based IDPS

Answer 18

Resides on a particular device and only monitors that system

Question 19

Network based IDPS

Answer 19

Resides on a device connected to a segment of an organizations network and only monitors that segment

Question 20

Attack protocol

Answer 20

Series of steps used by an attacker to launch an attack

Question 21

Footprinting

Answer 21

Research of internet addresses owned by a target organization

Question 22

Fingerprinting

Answer 22

Survey of all the target addresses collected during footprinting

Question 23

Attack surface

Answer 23

Functions and features a system exposes to unauthenticated users

Question 24

Port scanners

Answer 24

Tools used by both attacker and defenders to identify or fingerprint active computers on a network

Question 25

Seven Major Sources of Physical Loss

Answer 25

1. Extreme temperature: heat, cold 2. Gases: humid or dry air 3. Liquids: water, chemicals 4. Living organisms: virus, people, animals 5. Projectiles: Tangible objects in motion 6. Movement: Collapse, vibration, slide 7. Energy anomalies: electrical surge

Question 26

Uninterruptible power supply

Answer 26

Ensures delivery of electrical power without interruption

Question 27

Standby/Offline UPS

Answer 27

Backup battery that detects interruption in power and activates a transfer switch to provide power through batteries

Question 28

TEMPEST

Answer 28

Government program to protect computers from electrical remote eavesdropping by reducing EMR emissions

Question 29

Packet sniffer

Answer 29

Software or hardware that can intercept, copy, and interpret network traffic

Question 30

Active vulnerability scanner

Answer 30

Application that scans networks for exposed usernames/groups

Question 31

Passive vulnerability scanner

Answer 31

Scanner that listens in on a network and identifies vulnerable versions of both server and client software

Question 32

Best Practices for Firewalls

Answer 32

All traffic from trusted networks is allowed out Firewall devices are never to be directly accessible from the public network SMTP data is allowed but is directed to a well configured gateway All ICMP data should be denied

Question 33

Static packet filtering

Answer 33

Filtering rules need to be developed with the firewall

Question 34

Dynamic packet filtering

Answer 34

Can react to events and update or create rules to deal with an event

Question 35

Stateful packet inspection (SPI)

Answer 35

Keep track of each network connection between internal and external systems

Question 36

Kerberos

Answer 36

Uses symmetric key encryption to validate a user to network resources

Question 37

Kerberos three interactive services

Answer 37

Authentication server- Kerberos server that authenticates clients and servers Key Distribution Center- generates and issues session keys Kerberos ticket granting service- provides tickets to valid clients who request services

Question 38

VPN

Answer 38

A private secure network operated over a public network

Question 39

Hybrid VPN

Answer 39

combination of trusted and secure VPN implementations

Question 40

Secure VPN

Answer 40

uses security protocols to encrypt traffic transmitted across unsecure networks

Question 41

Trusted VPN

Answer 41

VPN that uses leased circuits

Question 42

Know yourself

Answer 42

Understand the current information in your organization

Question 43

Know the enemy

Answer 43

Identify threats facing the organization

Question 44

Risk appetite| tolerance

Answer 44

The quantity of risk that organizations are willing to accept

Question 45

Residual risk

Answer 45

Risk to information that remains after current controls are applied

Question 46

Attack success probability

Answer 46

number of successful attacks that are expected to occur within a specified time period

Question 47

Likelihood

Answer 47

The probability that a vulnerability within an organization will be attacked

Question 48

Risk control

Answer 48

Application of controls that reduce risk to an organizations assets