Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
25 Cards in this Set
- Front
- Back
|
A risk assessment and a System Security Plan (SSP) are PRIMARY documents in which process?
1.) System requirements analysis 2.) System accreditation 3.) Procedure development 4.) Audit remediation |
2.) System accreditation
Risk assessments and System Security Plans are developed primarily for system accreditation activities. |
|
|
Which of the following mechanisms are essential for fraud reduction and error control in data integrity?
1.) Ability to rollback the transaction and use of need-to-know 2.) Segregation of duties and well-formed transaction 3.) Ability to rollback the transaction and well-formed transaction 4.) Segregation of duties and use of need-to-know |
2.) Segregation of duties and well-formed transaction
This is based on the Clark-Wilson model of integrity rules. |
|
|
The Certificate Authority (CA) MUST revoke the certificate for all the following circumstances EXCEPT
1.) Change of password 2.) compromise of the corresponding private key. 3.) change of name. 4.) change of association between subject and CA |
1.) Change of password.
The most common reason for revocation is the user's not being in sole possession of the private key. |
|
|
Rogue wireless access points are MOST frequently installed by
1.) law enforcement agencies. 2.) malicious attackers. 3.) contractors. 4.) employees. |
4.) employees.
|
|
|
SSO refers to only
1.) one user allowed on a system at a time. 2.) needing to provide one login to access many resources. 3.) having one trusted method of accessing a system. 4.) being allowed access to one system or network |
2.) needing to provide one login to access many resources.
|
|
|
Which group of statements BEST describes a virus?
1.) self-replicating, does not require network access to infect other hosts, causes harm 2.) self-replicating, requires network access to infect other hosts, causes no harm 3.) Non-self-replicating, requires network access to infect other hosts, causes harm 4.) Non-self-replicating, does not require network access to infect other hosts, causes harm |
4.) Non-self-replicating, does not require network access to infect other hosts, causes harm.
|
|
|
What is a benefit of a HIDS?
1.) Correlate activities of a DDOS attack. 2.) Passively sniff the network to perform deep packet analysis 3.) Act as a log scrubber for system and application events 4.) Interpret network traffic for anomalies |
3.) Act as a log scrubber for system and application events.
A log scrubber is a process that examines application and system logs for evidence of system misuse. |
|
|
After two devices have exchanged some data, a third device spoofs a FIN command to each of them. A plausible hypothesis for the observed traffic is
1.) the firewall blocked the session 2.) an intruder has compromised the IPS 3.) an intruder has compromised the server 4.) an IDS took action to disrupt the session |
1.) the firewall blocked the session.
This is one method by which a firewall can interrupt a suspicious connection. A firewall may craft a packet so that it appears that the other end has terminated the connection. |
|
|
Enterprise policy governs digital forensics and incident response in the organization. Which of the following are characteristics of effective policy towards incident response?
1.) Collaboration with other organizations, such as law enforcement, only hinders development of effective policy. 2.) Policy drivers, such as threats and risk, determine what constitutes an event in a policy. 3.) Organizations from CIRTs (Computer Incident Response Teams) to create policy. 4.) Management creates policy based on business need as well as legal and regulatory requirements. |
4.) Management creates policy based on business need as well as legal and regulatory requirements.
|
|
|
When a digital forensics examiner analyzes media, best practices dictate whose established procedures should be followed?
1.) Information Assurance Technical Framework (IATF) 2.) International Criminal Police Organization (INTERPOL) 3.) International Association of Computer Investigative Specialists (IACIS) 4.) Information Technology Security Evaluation Criteria (ITSEC) |
3.) International Association of Computer Investigative Specialists (IACIS)
The IACIS has established a set of procedures which ensure that digital evidence is examined in a competent and professional way. This set of procedures is among the most respected and accepted standards in the field. |
|
|
Which of the following steps of the incidence response process occurs FIRST?
1.) containment 2.) Recovery 3.) Notification 4.) Response |
1.) Containment
The basic steps of incident response process occur in the following order; > Preparation and planning > Detection > Containment > Notification > Investigation > Recovery > Response > Follow Up |
|
|
Which of the following protocols are members of the TCP/IP stack? (I) TCP (II) Internet Datagram Protocol (III) ICMP IV. UDP
1.) II, III, IV 2.) I, II, III 3.) I, II, IV 4.) I, III, IV |
4.) I, III, IV
|
|
|
In order to avoid being open to exploitation without notification, an IDS MUST analyze
1.) Single packet header, multi packet header, obfuscated data, fragmented data, protocol embedded attacks, and flooding detection. 2.) single packet data patterns, mult packet data patterns, obfuscated data, fragmented data, protocol embedded attacks, and flooding detection 3.) single packet data patterns, multi packet data patterns, encrypted data, fragmented data, protocol embedded attacks, and flooding detection 4.) single packet data patterns, multi packet data patterns, obfuscated data, fragmented data, malformed packet analysis, and flooding detection |
2.) single packet data patterns, multi packet data patterns, obfuscated data, fragmented data, protocol embedded attacks, and flooding detection.
As an IDS needs to scan the most common attacks over application, data and network layers, it needs to scan for single and multi packet data patterns, obfuscated data, fragmented data, protocol embedded attacks and detect flooding. |
|
|
Recovering the backup is an important activity: therefore, the system administrator should
1.) reload all servers from backup weekly to ensure compatibility. 2.) keep a close inventory of backups to ensure correct versions. 3.) run integrity checks on backup versions to ensure completeness. 4.) periodically test to ensure that you can do a full recovery from backup |
4.) periodically test to ensure that you can do a full recovery from backup.
The only way to ensure a backup will work is to periodically test it. |
|
|
Log management is complicated by (I) many data sources. (II) unsynchronized clocks. (III) multiple log formats. (IV) automation.
1.) II, III, IV 2.) I, III, IV 3.) I, II, III 4.) I, II, IV |
3.) I, II, III
Complications of log management include many log sources, inconsistent log content, unsynchronized system clocks, and inconsistent log formats. Automation decreases complexities of log management. |
|
|
During an informal security audit, it was found that a high percentage of end-user systems had passwords that could easily be compromised. The security team, along with executive management within the organization, has now been tasked with creating a supporting security policy for implementation of strong passwords. Which of the following is a characteristic that would NOT be acceptable given the new mandate?
1.) The password must include characters of both upper and lower cases. 2.) The password may be composed of character strings from the username. 3.) The password is required to contain a non-alphanumeric character. 4.) The password must have a minimum number of eight characters. |
2.) The password may be composed of character strings from the username.
|
|
|
A non-complete contract must be signed prior to the hiring of all sales personnel for XZY organization. What process detects forgery of a signature?
1.) Confidentiality 2.) Non-repudiation 3.) Integrity 4.) Hashing |
2.) Non-Repudiation
Non-repudiation is a validation of the authenticity of the document. |
|
|
A systems administrator wants to purchase a security appliance that mitigates a significant threat: however, doing so would exceed budgetary limits. Which of the following is an appropriate course of action?
1.) Negotiate with the vendor to spread the cost over several budget cycles. 2.) Present metrics to management that accurately demonstrate that the risk is real and significant 3.) Postpone seeking approval of the purchase by management until the threat is imminent 4.) Convince management to approve the purchase by exaggerating the scope of the threat |
2.) Present metrics to management that accurately demonstrate that the risk is real and significant.
|
|
|
Which of the following is a function of penetration testing?
1.) Identifies and exploits vulnerabilities 2.) Identifies vulnerabilities only 3.) Uses the same scope as vulnerability testing 4.) Provides better security than policy |
1.) Identifies and exploits vulnerabilities.
|
|
|
A common characteristic of a hoax is that it
1.) propagates via infected web pages. 2.) consumes company resources. 3.) can be detected by anti-virus software. 4.) harms a PC network. |
2.) consumes company resources.
|
|
|
Which of the following defines procedures and packet formats to negotiate, establish, modify, and delete Security Associations within Internet Protocol Security (IPSec)?
1.) Internet Security Association and Key Management Protocol (ISAKMP) 2.) Diffie-Hellman 3.) Authentication Header (AH) 4.) IKE - Internet Key Exchange Protocol |
1.) Internet Security Association and Key Management Protocol (ISAKMP)
ISAKMP is used to provide a common framework for the format of Security Association (SA) attributes, as well as the methodologies for negotiating, modifying, and deleting SA's that different key exchange protocols can use. |
|
|
The network administration staff has identified a latency problem within their network. Which of the following type of tools may be used to identify the source of the issue?
1.) Port Monitoring 2.) Network Sniffing 3.) NS Lookup/Whois 4.) Tracert/Traceroute |
4.) Tracert/Traceroute
|
|
|
What database management system (DBMS) security architecture utilizes an untrusted back-end DBMS with access to the data in the database, an untrusted front end that communicates with the user, and a trusted front end that uses encryption?
1.) Distributed architecture 2.) Trusted Subject architecture 3.) Integrity Lock architecture 4.) Kernel Extensions architecture |
3.) Integrity Lock architecture
The integrity lock architecture utilizes an entrusted back-end DBMS, an entrusted front end that communicates with the user, and a trusted front end that makes use of encryption technology. |
|
|
An organization has decided to allow offsite Information technology (ID) contractors to connect to the organization's office through a VPN. For a VPN, which of the following protocol IDs would need to be allowed through the firewall?
1.) 50, 21 2.) 50, 51 3.) 80, 25 4.) 51, 25 |
2.) 50,51
When there is a FW or gateway in the data path, IP forwarding must be enabled at the firewall for the following IP Protocols; IP Protocol ID: 50: For both inbound and outbound filters. IP Protocol ID: 51: For both inbound and outbound filters. |
|
|
Steam ciphers are commonly used
1.) to generate a hash. 2.) when transmission errors are highly probable. 3.) to add diffusion to the cryptographic process. 4.) to generate a public key. |
2.) when transmission errors are highly probable.
They are advantageous They are advantageous to use in situations where errors are likely, as they have no error propagation due to their small size. |
