IS3220 CHAPTER 6 Flashcards Preview

IS3220 NETWORK SECURITY, FIREWALLS, & VPNS > IS3220 CHAPTER 6 > Flashcards

Flashcards in IS3220 CHAPTER 6 Deck (42):
1

Less rigorous than training or education this security training focuses on common or basic security elements that all employees must know and abide by. This is called ___?

AWARENESS

2

This process of making copies of data onto other storage media is called ___?
The purpose is to protect against data loss by having additional onsite or offsite copies of data that can be restored when necessary.

BACKUP

3

A plan to maintain the mission-critical functions of the organization in the event of a problem that threatens to take business processes offline is called ___?
The goal is to prevent the interruption of business tasks, even with a damaged environment and reduced resources.

BUSINESS CONTINUITY PLAN

4

A detailed and thorough review of the deployed security infrastructure compared with the organization's security policy and any applicable laws and regulations is called ___?

COMPLIANCE AUDIT

5

A security stance that blocks all access to all resources until a valid authorized explicit exemption is defined is called ___?

DEFAULT DENY

6

A security stance that allows all access to all resources until an explicit exception is defined is called ___?

DEFAULT PERMIT

7

A plan to restore the mission-critical functions of the organization once they have been interrupted by an adverse event is called ___?
The goal of this is to return the business to functional operation within a limited time to prevent the failure of the organization to the incident.

DISASTER RECOVERY PLAN

8

The third and highest level of obtaining security knowledge that leads to career advancement is called ___?
This is broad and not necessarily focused on specific job tasks or assignments. More rigorous than awareness or training.

EDUCATION

9

A form of security protection that protects individual files by scrambling the contents in such a way as to render them unusable by unauthorized third parties is called ___?

FILE ENCRYPTION

10

A collection of multiple honey pots in a network for the purposes of luring and trapping hackers is called ___?

HONEYNET

11

A predefined procedure to react to security breaches to limit damage, contain the spread of malicious content, stop compromise of information, and promptly restore the environment to a normal state. This is called ___?

INCIDENT RESPONSE PLAN

12

The state or condition of an asset or process vitally important to the long-term existence and stability of an organization is called ___?
If this element is interrupted or removed, it often results in the failure of the organization.

MISSION-CRITICAL

13

Specialized host used to place an attacker into a system where the intruder cannot do any harm is called ___?

PADDED CELL

14

The guideline that all users should be granted only the minimum level of access and permission required to perform their assigned job tasks and responsibilities is called ___?

PRINCIPLE OF LEAST PRIVILEGE

15

A security guideline, procedure, or recommendation manual is called ___?

SECURITY TECHNICAL IMPLEMENTATION GUIDES (STIGS)

16

An administrative rule whereby no single individual possesses sufficient rights to perform certain actions is called ___?
Achieved by dividing administrative level tasks and powers among compartmentalized administrators.

SEPARATION OF DUTIES

17

The use of only a single element of validation or verification to prove the identity of a subject and considered much weaker than multi-factor authentication is called ___?

SINGLE-FACTOR AUTHENTICATION

18

The second level of knowledge distribution offered by an organization to educate users about job task focused security concerns is called ___?
More rigorous than awareness: less rigorous than education.

TRAINING

19

A dedicated microchip found on some motherboards that host and protect the encryption key for whole hard drive encryption is called ___?

TRUSTED PLATFORM MODULE (TPM)

20

A form of investigation that aims at checking whether or not a target system is subject to attack based on a database of test, scripts, and simulated exploits is called ___?

VULNERABILITY SCANNING

21

The process of encrypting an entire hard drive rather than just individual files is called ___?
In most cases, this provides better security against unauthorized access than file encryption, because it encrypts temporary directories and slack space.

WHOLE HARD DRIVE ENCRYPTION

22

1. All of the following are examples of network security management best practices EXCEPT:

1. Write a security policy
2. Obtain senior management endorsement
3. Filter Internet connectivity
4. Provide fast response time to customers
5. Implement defense-in-depth

Provide fast response time to customers

23

2. All of the following are examples of network security management best practices EXCEPT:

1. Avoid remote access
2. Purchase equipment from a single vendor
3. Use whole heard drive encryption
4. Implement IPSec
5. Harden internal and border devices

Purchase equipment from a single vendor

24

3. All the following are examples of network security management best practices EXCEPT:

1. Use multi-factor authentication
2. Backup
3. Have a business continuity plan
4. Prioritize
5. Spend each year's budget in full

Spend each year's budget in full

25

4. A firewall host that fails and reverts to a state where all communication between the Internet and the DMZ is cut off displays a type of defense known as:

1. Default permit
2. Explicit deny
3. Fail-close
4. Egress filtering
5. Security through obscurity

Fail-close

26

5. The purpose of physical security access control is to:

1. Grant access to external entities
2. Prevent external attacks from coming through the firewall
3. Provide teachable scenarios for training
4. Limit interaction between people and devices
5. Protect against authorized communications over external devices

Protect against authorized communications over external devices

27

6. A complete and comprehensive security approach needs to address or perform two main functions, the first is to secure assets and the second is:

1. Watch for violation attempts
2. Prevent downtime
3. Verify identity
4. control access to resources
5. Design the infrastructure based on the organization's mission

Watch for violation attempts

28

7. Incident response is the planned reaction to negative situations or events. Which of the following is NOT a common step or phase in an incident response?

1. Containment
2. Recovery
3. Eradication
4. Detection
5. Assessment

Assessment

29

8. All of the following are elements of an effective network security installation EXCEPT:

1. Backup
2. Recovery
3. Eradication
4. Detection
5. Assessment

Assessment

30

9. The task of compartmentalization is focused on as siting with what overarching security concern?

1. Limiting damage caused by intruders
2. Filtering traffic based on volume
3. Controlling access based on location
4. Supporting transactions through utilization
5. Assess security

Limiting damage caused by intruders

31

10. Which of the following types of security components are important to install on all hosts?

1. Firewall
2. Antivirus
3. Whole hard drive encryption
4. Spyware defense
5. All the above

Firewall
Antivirus
Whole hard drive encryption
Spyware defense

32

11. What is the only protection against data loss?

1. Integrity checking
2. Encryption
3. Traffic filtering
4. Backup and recovery
5. Auditing

Backup and recovery

33

12. All the following are common mistakes or security problems that should be addressed in awareness training EXCEPT:

1. Opening email attachments from unknown sources
2. Using resources from other subnets of which the host is not a member
3. Installing unapproved software on work computers
4. Failing to make backups of personal data
5. Walking awry from a computer while still logged in

Using resources from other subnets of which the host is not a member

34

13. The best network security management tools include all of the following EXCEPT:

1. Complete inventory of equipment
2. Written security policy
3. Expensive commercial products
4. Logical organization map
5. Change documentation

Expensive commercial products

35

14. The purpose of a security checklist is:

1. To keep an inventory of equipment
2. To create shopping list for replacement parts
3. To ensure that all security elements are still effective
4. To complete the security documentation for the organization
5. To assess the completeness of the infrastructure

To ensure that all security elements are still effective

36

15. Which of the following is NOT a potential hazard when installing patches or updates?

1. Resetting configuration back to factory defaults
2. Reducing security
3. Bricking the device
4. Installing untested code
5. Improving resiliency against exploits

Improving resiliency against exploits

37

16. Which of the following is a true statement in regards to compliance auditing?

1. Compliance auditing is a legally mandated task for every organization
2. Compliance auditing ensures that all best practices are followed
3. Compliance auditing creates a security policy
4. Compliance auditing is an optional function for the financial and medical industries
5. Compliance auditing verifies that industry specific regulations and laws are followed

Compliance auditing verifies that industry specific regulations and laws are followed

38

17. Which of the following is not typically considered a form of network security assessment in terms of how well existing security stands up to current threats?

1. Configuration scan
2. Compliance
3. Vulnerability assessment
4. Ethical hacking
5. Penetration testing

Compliance

39

18. Which of the following cannot be performed adequately using an automated tool?

1. Checking for current patches
2. Confirming configuration settings
3. Vulnerability assessment
4. Scanning for known weaknesses
5. Ethical hacking

Ethical hacking

40

19. What is the key factor that determines how valuable and relevant a vulnerability assessment's report is?

1. Timeliness of the database
2. Whether the product is open sourced
3. The platform hosting the scanning engine
4. The time of day the scan is performed
5. The available bandwidth on the network

Timeliness of the database

41

20. What is the primary purpose of a post-mortem assessment review?

1. Reducing costs
2. Adding new tools and resources
3. Placing blame on an individual
4. Learning from mistakes
5. Extending the length of time consumed by a task

Learning from mistakes

42

The procedure of watching for the release of new updates from vendors is called ___?
This includes testing the patches, obtain approval, then overseeing the deployment and implementation of updates across the production environment.

PATCH MANAGEMENT