Questions and Answers Flashcards

Question

``` In which one of the following documents is the assignment of individual roles and responsibilities MOST appropriately defined? A. Security policy B. Enforcement guidelines C. Acceptable Use Policy D. Program manual ```

Answer 1

C. An AUP is a document that the employee signs in which the expectations, roles and responsibilities are outlined. Issue-specific policies address specific security issues that management feels need more detailed explanation and attention to make sure a comprehensive structure is built and all employees understand how they are to comply to these security issues.

Answer 2

A. A system-specific policy presents the management's decisions that are closer to the actual computers, networks, applications and data. This type of policy can provide an approved software list, which contains a list of applications that can be installed on individual workstations. This policy can describe how databases are to be protected, how computers are to be locked down, and how firewall, intrusion detection systems and scanners are to be employed.

Answer 3

B. | Management approval precludes all policies, thereby giving them the ownership of the policy.

Answer 4

B. | This level of information is best suited for a lower level user policy or an Acceptable User Policy.

Answer 5

C. Regulatory Security Policies are mandated to the organization but it is up to them to implement it. "Regulatory - This policy is written to ensure that the organization is following standards set by a specific industry and is regulated by law. The policy type is detailed in nature and specific to a type of industry. This is used in financial institutions, health care facilities and public utilities."

Answer 6

C. | Administrative, physical and technical controls should be utilized to achieve the managements directives.

Answer 7

D. Significant actions: The quality or state that enables actions on an ADP system to be traced to individuals who may then be held responsible. These actions include violations and attempted violations of the security policy, as well as allowed actions.

Answer 8

A. Security is a continuous process; as such you must closely monitor your systems on a regular basis. Log files are usually a good way to find an indication of abnormal activities. However some care must be exercised as to what will be logged and now the logs are protected. Having corrupted logs is about as good as not having logs at all.

Answer 9

D. Most computer attacks only corrupt a system's security in very specific ways. For example, certain attacks may enable a hacker to read specific files but don't allow alteration of any system components. Another attack may allow a hacker to shut down certain system components but doesn't allow access to any files. Despite the varied capabilities of computer attacks, they usually result in violation of only four different security properties: availability, confidentiality, integrity and control.

Answer 10

C. There are several small and large objectives of a security program but the three main principles in all programs are confidentiality, integrity and availability. The CIA triad.

Answer 11

C. Management

Answer 12

D. How security measures will be tested for effectiveness.

Answer 13

D. Information security is the protection of data against accidental or malicious disclosure, modification, or destruction. Information will be protected based on its value, confidentiality, and/or sensitivity to the company and the risk of loss or compromise. At a minimum, information will be update-protected so that only authorized individuals can modify or erase the information.

Answer 14

A. Change control: changes must be authorized, tested and recorded. Change systems may require re-certification and re-accreditation.

Answer 15

B. When the security officer is addressing senior management, the focus would not be on user responsibilities, it would be on making sure the senior management has a clear understanding of the risk and potential liability is.

Answer 16

A. The controls and procedures of a security program should reflect the nature of the data being processed. These different types of companies would also have very different cultures. For a security awareness program to be effective, these considerations must be understood and the program should be developed in a fashion that makes sense per the environment.

Answer 17

A. Shoulder surfing: attackers can thwart confidentiality mechanisms by network monitoring, shoulder surfing, stealing password files and social engineering. Shoulder surfing is when a person looks over another person's shoulder and watches keystrokes or date as it appears on the screen. Social engineering is tricking another person into sharing confidential information by posing as an authorized individual to that information.

Answer 18

C. A weakness in system security procedures, system design, implementation, internal controls and so on that could be exploited to violate system security policy.

Answer 19

C. The likelihood of a threat agent taking advantage of a vulnerability. A risk is the loss potential, or probability, that a threat will exploit a vulnerability.

Answer 20

``` B. Vulnerability analysis (a.k.a. vulnerability assessment) tools test to determine whether a network or host is vulnerable to known attacks. Vulnerability assessment represents a special case of the intrusion detection process. The information sources used are system state attributes and outcomes of attempted attacks. The information sources are collected by a part of the assessment engine. The timing of analysis is interval-based or batch-mode, and the type of analysis is misuse detection. This means that vulnerability assessment systems are essentially batch mode misuse detectors that operate on system state information and results of specified test routines. ```

Answer 21

C Not B: it is not the objective of the pen tester to supply a method on how to correct the flaws. In fact management may decide to accept the risk and not repair the flaw. They may be able to demonstrate the effects of a flaw-especially if they manage to clobber a system.

Answer 22

C "one common method to test the strength of your security measures is to preform penetration testing. Penetration testing is a vigorous attempt to break into a protected network using any means necessary" pg 430 Tittlel

Answer 23

I am sure you knew the answer but for filling in the cards sake its D!!! I love you so much!! I am so proud of all the hard work you do and what you strive to accomplish! You are an amazing role model for our kiddos! ALWAYS ALWAYS FOREVER FOREVER PROMISE PROMISE!

Answer 24

C Not A: Assessment would imply management deciding whether they can live with a given vulnerability. "Its goal is to measure an organization's resistance to an attack and to uncover an weakness within the environment...the result of a penetration test is a report given to management describing the list of vulnerabilities that were identified and the severity of those vulnerabilities."

Answer 25

D Flaw hypothesis methodology- a system analysis and penetration technique where specifications and documentation for the system are analyzed and then flaws in the system are hypothesized. The list of hypothesized flaws is then prioritized on the basis of the estimated probility that a flaw actually exist and, assuming a flaw does exist, on the ease of exploiting it and on the extent of control or compromise it would provide. The prioritized list is used to direct the actual testing of the system.

Answer 26

C The type of penetration test depends on the organization, its security objectives and the management's goals.

Answer 27

B | ISS, Ballista, and SATAN are all penetration tools

Answer 28

D Single loss expectancy (SLE) X Annualized Rate of Occurance (ARO) = ALE

Answer 29

B | "SLE x annualized rate of occurrence (ARO) = ALE"

Answer 30

A Another method of risk analysis is qualitative, which does not assign numbers and monetary values to components and losses

Answer 31

B Single loss expectancy (SLE) an SLE is the dollar figure that is assigned to a single event. It represents an organization's loss from a single threat and is derived from the following formula: Asset value ($) x Exposure Factor (EF) = SLE

Answer 32

D The MTD is period of time a business function or process can remain interrupted before its ability to recover becomes questionable.

Answer 33

A " A BIA is performed at the beginning of a disaster recovery and continuity planning to identify the areas that would suffer the greatest financial or operational loss in the event of disaster or disruption. It identifies the company's critical systems needed for survival and estimates the outage time that can be tolerated by the company as a result disaster or disruption.

Answer 34

A all information generated, or used must have a designated owner. the owner must determine appropriate sensitivity classifications, and access controls. The owner must also take steps to ensure the appropriate controls for the storage, handling, distribution, and use of the information in the secure manner.

Answer 35

B Authorization determins who is trusted for the given purpose. More precisely, it determines whether a particular principal, who has been authenticated as the source of a request to do something, is trusted for that operation. Authorization may also include controls on the time at which something can be done. (e.g. only during working hours) or the computer terminal from which it can be requested (e.g. only the one on the system administration desk)

Answer 36

C Least privilege; the security principal that requires each subject to be granted the most restrictive set of privileges needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized.

Answer 37

B Procedures are looked at as the lowest level in the policy chain because they are closest to the computers and provide detailed steps for configuration and installation issues. They provide the steps to actually implement the statements in the policies, standards, and guidelines...Security procedures, standards, measures, practices, and policies cover a number of different subject areas.

Answer 38

D Protection of life is of the utmost importance and should be dealt with first before looking to save material objects. .

Answer 39

B An ISO and ITU standard for addressing and transporting e-mail messages. It conforms to layer 7 of the OSI model and supports several types of transport mechanisms, including Ethernet, X.25, TCP/IP, and dial-up lines.

Answer 40

B Disadvantages of Knowledge-based ID systems: This system is resources-intensive; the knowledge database continually needs maintenance and updates New, unique, or original attacks often go unnoticed. Disadvantages of Behavior-based ID systems: The system is characterized by high false alarm rates. High positives are the most common failure of ID systems and can create data noise that makes the system unusable. The activity and behavior of the users while in the networked system might not be static enough to effectively implement a behavior-based ID system.

Answer 41

B This means that a one-way hashing function would be run on the message and then Kevin would encrypt that has value with his private key...The act of signing just means that value was encrypted with a private key

Answer 42

Macro Languages enable programmers to edit, delete, and copy files. Because these languages are so easy to use, many more types of macro viruses are possible.

Answer 43

Accountability: Auditing capabilities ensure that users are accountable for their actions, verify that the security policies are enforced, worked as a deterrent to improper actions, and are used as investigation tools.

Answer 44

C Traffic analysis, which is sometimes called trend analysis, is a technique employed by an intruder that involves analyzing data characteristics (message length,message frequency, and so forth) and the patterns of transmissions (rather than any knowledge of the actual information transmitted) to infer information that is useful to an intruder)

Answer 45

B Answer: B Emanation eavesdropping. Receipt and display of information, which is resident on computers or terminals, through the interception of radio frequency (RF) signals generated by those computers or terminals. The U.S. government established a program called TEMPEST that addressed this problem by requiring a shielding and other emanation-reducing mechanisms to be employed on computers processing sensitive and classified government information.

Answer 46

D A computer is in a supervisory state when it is executing these privileged instructions. (privileged instructions are executed by the system administrator or by an individual who is authorized to use those instructions.)

Answer 47

D Policies are considered the first and highest level of documentation, from which the lower level elements of standards, procedures, and guidelines flow. This order, however, does not mean that policies are more important than the lower elements. These higher-level policies, which are the more general policies and statements, should be created first in the process for strategic reasons, and then the more tactical elements can follow.

Answer 48

C I am going to disagree with the original answer in this question The original answer was B. I do think that is important but in the text that I have read (Harris,Krutz, the Sybex book and the Que book) they stress over and over again the Need to know and proper identification as a subset of the CIA. B to me, give more to the individual methods of control, not the underlying concepts to BASE information system controls on. However, use your best judgment on this based on your experience and knowledge.

Answer 49

A If the two values are different, Maureen knows that the message was altered, either intentionally or unintentionally, and she discards the message...As stated in an earlier section, the goal of using a one-way hash function is to provide a fingerprint of the message. MD5 is the newer version of MD4. It still produces a 128-bit hash, but the algorithm is a bit more complex to make it harder to break than MD4. The MD5 added a fourth round of operations to be performed during the hash functions and makes several of its mathematical operations carry steps or more complexity to provide a higher level of security

Answer 50

D "If a computer crime is suspected, it is important not to alert the suspect. A preliminary investigation should be conducted to determine weather a crime has been committed by examining the audit records and system logs, interviewing witnesses, and assessing the damage incurred....Search warrants are issued when there is a probable cause for the search and provide legal authorization to search a location for specific evidence."

Answer 51

C In 1985, the Trusted Computer System Evaluation Criteria (TCSEC) was developed by the National Computer Security Center (NCSC) to provide guidelines for evaluating vendor's products for the specified security criteria. TCSEC provides the following: A basis for establishing security requirements in the acquisition specifications A standard of the security services that should be provided by vendors for the different classes of security requirements A means to measure the trustworthiness of an information system.

Answer 52

A There are several good reasons to classify information. Not all data has the same value to an organization. Some data is more valuable to the people who are making strategic decisions because it aids them in making long-range or short-range business direction decisions. Some data, such as trade secrets, formulas, and new product information, is so valuable that its loss could create a significant problem for the enterprise in the marketplace by creating public embarrassment or causing a lack of credibility. For these reasons, it is obvious that information classification has a higher enterprise-level benefit. Information can have an impact on a business globally, not just on the business unit or line operation levels. Its primary purpose is to enhance confidentiality, integrity, and availability and to minimize the risks to the information.

Answer 53

B Accountability is another facet of access control. Individuals on a system are responsible for their actions. This accountability property enables system activities to be traced to the proper individuals. Accountability is supported by audit trails that record events on the system and on the network. Audit trails can be used for intrusion detection and for the reconstruction of past events.

Questions and Answers Flashcards

(110 cards)