Module 1

Question 1

Assets

Answer 1

An organization resource that is being protected.

can be logical or physical

They are the focuse of what security efforts are attempting to protect

Question 2

Information assets

Answer 2

The focus of information security

any collection, set, or database of information or any asset that collects, stores, processes, or transmits information of value to the organzation.

Question 3

three groups involved in information security planning

Answer 3

those in the field of information security

those in the field of IT

those from the rest of the organization

Question 4

Role of Information Security Community

Answer 4

protects the organziations information assets from the many threats they face

Question 5

Role of the IT Community

Answer 5

supports the business objectives of the organization by supplying and supporting IT that is appropriate to the organization’s needs

Question 6

role of general business community

Answer 6

articulates and communicates organizational policy and objectives and allocates resources to the other groups

Question 7

Specialized Areas of Security

Answer 7

Physical

Operations

Communications

Cyber

Network

Question 8

Physical Security

Answer 8

protection of physical items, objects, or areas from unauthorized access and misuse

Question 9

operations security

Answer 9

The protection of the details of an organziations operations and activities.

Question 10

communications security

Answer 10

the protection of all communications media, technology, and content

Question 11

cyber security

Answer 11

the protection of computerized information processing systems and the data they contain and process

Question 12

Network security

Answer 12

a subset of communications security and cybersecurity; the protection of voice and data networking components, connections, and content.

Question 13

Information Security (InfoSec)

Answer 13

Protection of the confidentiality, integrity, and availability of informaiton assets, whether in storage, processing, or transmision, via the application of policy, education, training and awareness, and technology.

Question 14

McCumber Cube

Answer 14

standard for understanding many aspects of infosec, and shows the three dimensions that are central to the discussion of infosec

1. information characteristics
2. information location
3. security control categories.

Question 15

The CIA Triad

Answer 15

key characteristic of information that make it valuable to an organization

1. Confidentiality
2. Integrity
3. Availability

Question 16

confidentiality

Answer 16

limiting access to informaiton only to those who need it and preventing access to those who do not.

Question 17

integrity

Answer 17

an attribute of information that describes how data is whole, complete, and uncorrupted

Threatened when exposed to corruption, damage, destruction, or other disruption of its authentic state.

Question 18

Availability

Answer 18

users, either people or other systems, have access to it in a usable format.

access when needed by authorized users.

Question 19

privacy

Answer 19

the right of individuals or groups to protect themselves and thier informaiton from unauthorized access, providing confidentiality

Question 20

synonym for attack

Answer 20

threat event

Question 21

12 categories of threats to information security

Answer 21

1. compromises to intellectual property
2. Deviations in quality of service
3. espionage or tresspass
4. force of nature
5. human error or failure
6. information extortion
7. sabotage and vandalism
8. software attacks
9. technical hardware failures and errors
10. technical software failures and errors
11. technological obsolescence
12. theft

Question 22

example of compromises to intellectual property

Answer 22

software piracy

copyright infringement

Question 23

Examples of deviations in quality of service

Answer 23

internet service issues

communications and service provider issues

power irregularities

Question 24

competitive intelligence

Answer 24

collectiion and analysis of informaiton about an organization’s business competitors through legal and ethical means to gain business intelligence and competive advantage.

Question 25

industrial espionage

Answer 25

collection of information of business competitors through illegal and unethical means to gain an unfair competitive advantge. Also known as corporate spying.

Question 26

APT

Answer 26

advanced persistent threat

Question 27

cracking

Answer 27

attempting to bypass a password orr other access control protection.

Question 28

rainbow table

Answer 28

table of hash values and their corresponding plaintext values that can be used to look up passwords if attacker is able to steal a system's encrypted password file.

Question 29

espionage or trespass

Answer 29

when unauthorized person gains acess to informaiton an oranization is trying to protect

Question 30

types of password attacks

Answer 30

brute force dictionary attack rainbow table social engineering

Question 31

advance fee fraud

Answer 31

nigerian scam scam requiring overpayment scam pretending to be a legit business saying you are due a large amount of money where you only need to provide small fee and banking information.

Question 32

what are common human error attcks

Answer 32

social engineering advance fee fraud phishing spear phishing pretexting

Question 33

other term of informaiton extortion

Answer 33

cyberextortion

Question 34

Example of information extortion

Answer 34

ransomeware attack

Question 35

TTP

Answer 35

tools, techniques, and procedures

Question 36

Types of software attacks

Answer 36

malware, viruses, worms, trojan horses back doors, trap doors, and maintanance hooks denial of service email attack communications interception attacks

Question 37

other name for malware

Answer 37

malicous code malicous software

Question 38

macro virus

Answer 38

virus written in macro language to target applications that use that language typically affects documents, slideshows, emails, or spreadsheets created by office suite applications.

Question 39

boot virus

Answer 39

boot sector virus virus that targets the boot sector or master boot record of a computer system's harddrive or removable storage media.

Question 40

polymorphic threat

Answer 40

malware that over time changes the way it appears to anitvirus software programs making it undetectable.

Question 41

another term for back door

Answer 41

maintenance hook

Question 42

types of software attacks

Answer 42

malware back doors DOS and DDOS email attacks communications interception attacks

Question 43

types of communication interception attacks

Answer 43

packet sniffer spoofing pharming man in the middle

Question 44

pharming

Answer 44

the redirection of legitamite user web traffic to illegitamite web sites with the intent to collect personal information

Question 45

Domain Name System (DNS) cashe poisoning or DNS Spoofing

Answer 45

intentional hacking and modification of a DNS database to redirect legitimate traffic to illegitamate ineternet locations

Question 46

TCP hijacking

Answer 46

also known as session hijacking form of Man in the middle attack where attacker inserts himself into TCP/IP based communications allows attacker to eavesdrop as well as to change, delete, reroute, add, forge, or divert data.

Question 47

mean time between failures (MTBF)

Answer 47

average amount of time between hardware failures presumes hardware can be repaired whereas mean time to failure (MTTF) presumes must be replaced

Question 48

Types of technical softwared failures or errors

Answer 48

1. web application sins - sql injection, web server related vulnerabilities 2. implementation sins - buffer overflow, format string problems 3. cyrptographs sins - use of weak password, weak random numbers 4. networking sins - failure to protect traffic

Question 49

POLC - popular management theory

Answer 49

management appraoch that uses the core principles of planning, organizing, leading, and controlling

Question 50

Planning

Answer 50

process of developing, creating, and implementing strategies for the accomplishment of objectives

Question 51

What are the three levels of planning

Answer 51

1. strategic planning 2. tactical planning 3. operational planning

Question 52

strategic planning

Answer 52

occurs at highest levels of organization and for a long period of time, usually five or more years

Question 53

tactical planning

Answer 53

focuses on production planning and integrates organizational resources at a level below the entire enterprise and or an intermediate duration (1-5 years)

Question 54

operational planning

Answer 54

focuses on day to day operations of local resources and occurs in the present or short term.

Question 55

organzing

Answer 55

the structuring of resources to support the accomplishment of objectives

Question 56

controlling

Answer 56

the process of monitoring progress and making necessary adjustments to achieve desired goals or objectives

Question 57

What are the problem solving steps

Answer 57

1. recognize and define the problem 2. gather facts and make assumptions 3. develop possible solutions 4. analyze and compare possible solutions 5. select, implelment, and evaluate

Question 58

what are the 6 Ps?

Answer 58

planning, policy, programs, protection, people, project management