Flashcards in IS3220 CHAPTER 6 Deck (42):
Less rigorous than training or education this security training focuses on common or basic security elements that all employees must know and abide by. This is called ___?
This process of making copies of data onto other storage media is called ___?
The purpose is to protect against data loss by having additional onsite or offsite copies of data that can be restored when necessary.
A plan to maintain the mission-critical functions of the organization in the event of a problem that threatens to take business processes offline is called ___?
The goal is to prevent the interruption of business tasks, even with a damaged environment and reduced resources.
BUSINESS CONTINUITY PLAN
A detailed and thorough review of the deployed security infrastructure compared with the organization's security policy and any applicable laws and regulations is called ___?
A security stance that blocks all access to all resources until a valid authorized explicit exemption is defined is called ___?
A security stance that allows all access to all resources until an explicit exception is defined is called ___?
A plan to restore the mission-critical functions of the organization once they have been interrupted by an adverse event is called ___?
The goal of this is to return the business to functional operation within a limited time to prevent the failure of the organization to the incident.
DISASTER RECOVERY PLAN
The third and highest level of obtaining security knowledge that leads to career advancement is called ___?
This is broad and not necessarily focused on specific job tasks or assignments. More rigorous than awareness or training.
A form of security protection that protects individual files by scrambling the contents in such a way as to render them unusable by unauthorized third parties is called ___?
A collection of multiple honey pots in a network for the purposes of luring and trapping hackers is called ___?
A predefined procedure to react to security breaches to limit damage, contain the spread of malicious content, stop compromise of information, and promptly restore the environment to a normal state. This is called ___?
INCIDENT RESPONSE PLAN
The state or condition of an asset or process vitally important to the long-term existence and stability of an organization is called ___?
If this element is interrupted or removed, it often results in the failure of the organization.
Specialized host used to place an attacker into a system where the intruder cannot do any harm is called ___?
The guideline that all users should be granted only the minimum level of access and permission required to perform their assigned job tasks and responsibilities is called ___?
PRINCIPLE OF LEAST PRIVILEGE
A security guideline, procedure, or recommendation manual is called ___?
SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGS)
An administrative rule whereby no single individual possesses sufficient rights to perform certain actions is called ___?
Achieved by dividing administrative level tasks and powers among compartmentalized administrators.
SEPARATION OF DUTIES
The use of only a single element of validation or verification to prove the identity of a subject and considered much weaker than multi-factor authentication is called ___?
The second level of knowledge distribution offered by an organization to educate users about job task focused security concerns is called ___?
More rigorous than awareness: less rigorous than education.
A dedicated microchip found on some motherboards that host and protect the encryption key for whole hard drive encryption is called ___?
TRUSTED PLATFORM MODULE (TPM)
A form of investigation that aims at checking whether or not a target system is subject to attack based on a database of test, scripts, and simulated exploits is called ___?
The process of encrypting an entire hard drive rather than just individual files is called ___?
In most cases, this provides better security against unauthorized access than file encryption, because it encrypts temporary directories and slack space.
WHOLE HARD DRIVE ENCRYPTION
1. All of the following are examples of network security management best practices EXCEPT:
1. Write a security policy
2. Obtain senior management endorsement
3. Filter Internet connectivity
4. Provide fast response time to customers
5. Implement defense-in-depth
Provide fast response time to customers
2. All of the following are examples of network security management best practices EXCEPT:
1. Avoid remote access
2. Purchase equipment from a single vendor
3. Use whole heard drive encryption
4. Implement IPSec
5. Harden internal and border devices
Purchase equipment from a single vendor
3. All the following are examples of network security management best practices EXCEPT:
1. Use multi-factor authentication
3. Have a business continuity plan
5. Spend each year's budget in full
Spend each year's budget in full
4. A firewall host that fails and reverts to a state where all communication between the Internet and the DMZ is cut off displays a type of defense known as:
1. Default permit
2. Explicit deny
4. Egress filtering
5. Security through obscurity
5. The purpose of physical security access control is to:
1. Grant access to external entities
2. Prevent external attacks from coming through the firewall
3. Provide teachable scenarios for training
4. Limit interaction between people and devices
5. Protect against authorized communications over external devices
Protect against authorized communications over external devices
6. A complete and comprehensive security approach needs to address or perform two main functions, the first is to secure assets and the second is:
1. Watch for violation attempts
2. Prevent downtime
3. Verify identity
4. control access to resources
5. Design the infrastructure based on the organization's mission
Watch for violation attempts
7. Incident response is the planned reaction to negative situations or events. Which of the following is NOT a common step or phase in an incident response?
8. All of the following are elements of an effective network security installation EXCEPT:
9. The task of compartmentalization is focused on as siting with what overarching security concern?
1. Limiting damage caused by intruders
2. Filtering traffic based on volume
3. Controlling access based on location
4. Supporting transactions through utilization
5. Assess security
Limiting damage caused by intruders
10. Which of the following types of security components are important to install on all hosts?
3. Whole hard drive encryption
4. Spyware defense
5. All the above
Whole hard drive encryption
11. What is the only protection against data loss?
1. Integrity checking
3. Traffic filtering
4. Backup and recovery
Backup and recovery
12. All the following are common mistakes or security problems that should be addressed in awareness training EXCEPT:
1. Opening email attachments from unknown sources
2. Using resources from other subnets of which the host is not a member
3. Installing unapproved software on work computers
4. Failing to make backups of personal data
5. Walking awry from a computer while still logged in
Using resources from other subnets of which the host is not a member
13. The best network security management tools include all of the following EXCEPT:
1. Complete inventory of equipment
2. Written security policy
3. Expensive commercial products
4. Logical organization map
5. Change documentation
Expensive commercial products
14. The purpose of a security checklist is:
1. To keep an inventory of equipment
2. To create shopping list for replacement parts
3. To ensure that all security elements are still effective
4. To complete the security documentation for the organization
5. To assess the completeness of the infrastructure
To ensure that all security elements are still effective
15. Which of the following is NOT a potential hazard when installing patches or updates?
1. Resetting configuration back to factory defaults
2. Reducing security
3. Bricking the device
4. Installing untested code
5. Improving resiliency against exploits
Improving resiliency against exploits
16. Which of the following is a true statement in regards to compliance auditing?
1. Compliance auditing is a legally mandated task for every organization
2. Compliance auditing ensures that all best practices are followed
3. Compliance auditing creates a security policy
4. Compliance auditing is an optional function for the financial and medical industries
5. Compliance auditing verifies that industry specific regulations and laws are followed
Compliance auditing verifies that industry specific regulations and laws are followed
17. Which of the following is not typically considered a form of network security assessment in terms of how well existing security stands up to current threats?
1. Configuration scan
3. Vulnerability assessment
4. Ethical hacking
5. Penetration testing
18. Which of the following cannot be performed adequately using an automated tool?
1. Checking for current patches
2. Confirming configuration settings
3. Vulnerability assessment
4. Scanning for known weaknesses
5. Ethical hacking
19. What is the key factor that determines how valuable and relevant a vulnerability assessment's report is?
1. Timeliness of the database
2. Whether the product is open sourced
3. The platform hosting the scanning engine
4. The time of day the scan is performed
5. The available bandwidth on the network
Timeliness of the database
20. What is the primary purpose of a post-mortem assessment review?
1. Reducing costs
2. Adding new tools and resources
3. Placing blame on an individual
4. Learning from mistakes
5. Extending the length of time consumed by a task
Learning from mistakes