COMPUTER SECURITY-FINAL EXAM 2021
1. TCP/IP Model Developed by US DoD
True
False
Start of Ch 5b
===============================================
2. TCP/IP Model has four layers Application, Transport ,
Internet and Network Access
True
False
===============================================
3. Protect a whole network
A. Hardware firewalls
B. Software firewalls
C. Packet filtering
D. None of the above
===============================================
4. Typically protect only a single host and Dependent on
OS
A. Hardware firewalls
B. Software firewalls
C. Packet filtering
D. None of the above
===============================================
5. Most basic and inexpensive firewall, Allows or denies
traffic based on Access Control Lists (ACLs) using ,
Operate at OSI layers 3 or 4
A. Circuit-level gateway
B. Application-level gateway
C. Packet filtering
D. None of the above
6. Advantages of Packet Filtering
A. Inexpensive—can be implemented within a router
B. Fast and flexible
C. Transparent to users
D. All of the above
===============================================
7. Disadvantages of Packet Filtering
A. Examines only headers
B. No protection from IP or DNS spoofing
C. Limited logging ability
D. All of the above
===============================================
8. Context-based access control – Creates dynamic rules
for sessions as they are established
A. Circuit-level gateway
B. Dynamic Packet Filtering
C. Packet filtering
D. None of the above
===============================================
9. Operates at OSI layer 5 , Maintains state information
about established sessions , Once a session is
established, a tunnel or virtual circuit is established and
Packets flow freely through the tunnel without further
inspection
A. Circuit-level gateway
B. Dynamic Packet Filtering
C. Packet filtering
D. None of the above
10. Advantages of Circuit-Level Gateway
A. Speed
B. Support for many protocols
C. Easy maintenance
D. All of the above
===============================================
11. Disadvantages of Circuit-Level Gateway
A. Dependent on trustworthy users and hosts
B. Limited logging
C. None of the above
D. All of the above
===============================================
12. Developed by Check Point , Gathers packets at layer
3 , Analyzes those packets at higher layers, up to layer 7
and Also includes context
A. Circuit-level gateway
B. Stateful Packet Inspection
C. Packet filtering
D. None of the above
===============================================
13. Operates at OSI Layer 7 , The most secure and
Operates as a proxy server—breaks the client server
connection
A. Circuit-level gateway
B. Application-Layer Gateway
C. Packet filtering
D. None of the above
14. Advantages of Application-Layer Gateway
A. Internal network is concealed from Internet
B. Can implement strong user authentication in
applications
C. None of the above
D. All of the above
===============================================
15. Disadvantages of Application-Layer Gateway
A. Slow: every packet must be inspected up to layer 7
B. Must be tailored to specific applications
C. None of the above
D. All of the above
===============================================
16. Most basic firewall architecture and A router with
ACLs sits between the trusted and untrusted networks
A. Screening Router
B. Dual-homed Gateway
C. Screened-host Gateway
D. None of the above
===============================================
17. Advantages of Screening Router
A. Transparent
B. Simple to use and inexpensive
C. None of the above
D. All of the above
18. Disadvantages of Screening Router
A. Limited logging
B. No user authentication
C. Difficult to conceal internal network structure
D. All of the above
===============================================
19. Gateway has two NICs , Acts as a proxy server, may
require user authentication
A. Screening Router
B. Dual-homed Gateway
C. Screened-host Gateway
D. None of the above
===============================================
20. Advantages of Dual-homed Gateway
A. Fail-safe: if it fails, it allows no access
B. Internal network structure is masked
C. None of the above
D. All of the above
===============================================
21. Disadvantages of Dual-homed Gateway
A. May inconvenience users by requiring authentication
B. Proxies may not be available for some services
C. May slow down network
D. All of the above
22. Gateway protected by screening router
A. Screening Router
B. Dual-homed Gateway
C. Screened-host Gateway
D. None of the above
===============================================
23. Advantages of Screened-host Gateway
A. Distributes security between two devices
B. Transparent outbound access
C. Restricted inbound access
D. All of the above
===============================================
24. Disadvantages of Screened-host Gateway
A. Less secure because screening router can bypass the
bastion host for certain trusted services
B. Masking internal network structure is difficult
C. Multiple single points of failure
D. All of the above
===============================================
25. Most secure and Implements a DeMilitarized Zone
(DMZ)
A. Screening Router
B. Screened-subnet
C. Screened-host Gateway
D. None of the above
26. Advantages of Screened-subnet
A. Transparent to end-users
B. Flexible and Defense in depth
C. Internal network structure can be masked
D. All of the above
===============================================
27. Disadvantages of Screened-subnet
A. More expensive
B. More difficult to configure, maintain, and
troubleshoot
C. None of the above
D. All of the above
===============================================
28. IDS is automatically blocks attacks in progress , Must
be placed inline at a network boundary , Single point of
failure and high-value target , Can deny access to
legitimate users and May create a DoS if the IPS is
attacked
True
False
===============================================
29. Passive IDS is to Detects attacks and alerts operator
and Does not block attacks
True
False
30. NIC sniffing in promiscuous mode on a monitor port
A. Network-based IDS
B. Host-based IDS
C. None of the above
D. All of the above
===============================================
31. Requires agents on each monitored system and
Agents write data to log files, and/or trigger alarms
A. Network-based IDS
B. Host-based IDS
C. None of the above
D. All of the above
===============================================
32. Advantages of Knowledge-based IDS (aka Signaturebased) Uses a database of attack signatures
A. Low false-alarm rate
B. More standardized & easily understood than
behavior-based IDS
C. None of the above
D. All of the above
===============================================
33. Disadvantages of Knowledge-based IDS (aka
Signature-based) Uses a database of attack signatures
A. Signature database must be updated
B. New attacks may not be detected
C. None of the above
D. All of the above
34. Advantages of Behavior-based IDS (aka Statistical
Anomaly-based) References a baseline of normal system
activity and Deviations from normal activity trigger
alarms
A. Low false-alarm rate
B. Adapt to new attacks
C. None of the above
D. All of the above
===============================================
35. Disadvantages of Behavior-based IDS (aka Statistical
Anomaly-based) References a baseline of normal system
activity and Deviations from normal activity trigger
alarms
A. Higher false alarm rate
B. Inability to adapt to rapidly-changing legitimate usage
patterns
C. None of the above
D. All of the above
===============================================
36. Restricted allowed addresses is Only certain IP
addresses allowed in , Identifies node, not user and Can
be spoofed
True
False
===============================================
37. Caller ID Can be spoofed
True
False
38. Callback Requires RAS server to call back at known
phone number and Can be defeated by call forwarding
True
False
===============================================
39. RAS (Remote Access Server) uses PPP (Pointto-Point
Protocol) to encapsulate packets
True
False
===============================================
40. PAP (Password Authentication Protocol) sends
passwords in cleartext
True
False
===============================================
41. CHAP (Challenge Handshake Protocol) sends a hash
of challenge + shared secret and MS-CHAP and MSCHAPv2 are Microsoft's versions
True
False
===============================================
42. EAP (Extensible Authentication Protocol) is
Commonly used on wireless networks, MD5-challenge ,
S/Key (a one-time password system, Token, card , Digital
certificates and More options
True
False
===============================================
43. RADIUS (Remote Authentication Dial-In User Service)
is Open source , Uses UDP , Provides authentication and
accountability and Uses PAP or CHAP
True
False
===============================================
44. Diameter is Improvement on RADIUS , Uses TCP and
Supports IPSec or TLS
True
False
45. TACACS+ Terminal Access Controller Access-Control
System is Developed by Cisco , Replaces the older
TACACS protocol , TCP 49 and Supports many
authentication methods – PAP, CHAP, MS-CHAP, EAP,
Token cards, Kerberos, et.
True
False
===============================================
46. VPN Tunnel is a secure tunnel connecting two
endpoints via an insecure network, usually the Internet ,
Client-to-VPN Concentrator , Client-to-Firewall , Firewallto-Firewall and Router-to-Router
True
False
===============================================
47. What are the protocols that is used in VPN
A. PPTP (Point-to-Point Tunneling Protocol)
B. L2F (Layer 2 Forwarding)
C. IPSec (Internet Protocol Security)
D. All of the above
===============================================
48. Developed by Microsoft and Uses PPP authentication
methods – PAP, CHAP, EAP
A. PPTP (Point-to-Point Tunneling Protocol)
B. L2F (Layer 2 Forwarding)
C. IPSec (Internet Protocol Security)
D. SSL (Secure Sockets Layer)
49. Developed by Cisco and Does not provide encryption,
relies on a higher-level protocol to do that
A. PPTP (Point-to-Point Tunneling Protocol)
B. L2F (Layer 2 Forwarding)
C. IPSec (Internet Protocol Security)
D. SSL (Secure Sockets Layer)
===============================================
50. Provides transport, not encryption , Commonly used
with IPSec , Supports PPP authentication, RADIUS,
TACACS, smart cards, and one-time passwords
A. PPTP (Point-to-Point Tunneling Protocol)
B. L2F (Layer 2 Forwarding)
C. L2TP (Layer 2 Tunneling Protocol)
D. SSL (Secure Sockets Layer)
===============================================
51. Open standard , Most popular and robust VPN ,
Considered very secure , Transport mode: only data is
encrypted , Tunnel mode: whole packet encrypted , AH
(Authentication Header) provides integrity,
authentication, and non-repudiation and Encapsulating
Security Payload (ESP) provides confidentiality and
limited authentication
A. PPTP (Point-to-Point Tunneling Protocol)
B. L2F (Layer 2 Forwarding)
C. IPSec (Internet Protocol Security)
D. SSL (Secure Sockets Layer)
52. SA (Security Association) is Each pair of hosts
communicating in an IPSec session must establish a SA ,
SA is a one-way connection between two parties , Two
SAs are required for two-way communication , Each SA
supports only one protocol (SA or ESP) An SA has three
parameters that uniquely identify it , Security Parameter
Index (SPI) – 32-bit string in the AH or ESP header ,
Destination IP Address and Security Protocol ID – AH or
ESP
True
False
===============================================
53. What are the Key Management that is used in IPSec
A. Internet Key Exchange (IKE), which uses three
protocols
B. Internet Security Association and Key Management
Protocol (ISAKMP)
C. Secure Key Exchange Mechanism (SKEME) and Oakley
Key Exchange Protocol
D. All of the above
===============================================
54. Operates on upper layers of the OSI model (layers 5,
6, or 7), require no client software, other than a normal
Web browser and User gets access to a single
application, not the whole private network
A. PPTP (Point-to-Point Tunneling Protocol)
B. L2F (Layer 2 Forwarding)
C. L2TP (Layer 2 Tunneling Protocol)
D. SSL (Secure Sockets Layer)
55. Access Points (APs) is an Omnidirectional, Parabolic
(dish antennas) and Sectorized and Yagi are other
directional antennas
True
False
===============================================
56. Default for most APs and aka Infrastructure mode
A. Root Mode
B. Repeater mode
C. Bridge mode
D. None of the above
===============================================
57. Doesn't connect directly to wired network and
Extends range of a WLAN
A. Root Mode
B. Repeater mode
C. Bridge mode
D. None of the above
===============================================
58. Connecting two wired LANS via a wireless link and
Rare
A. Root Mode
B. Repeater mode
C. Bridge mode
D. None of the above
===============================================
59. SSID (Service Set Identifier) Name of the network,
e.g. "CCSF Wireless" , Broadcast by AP in Beacon Frames
and Included in frames in cleartext
True
False
60. WEP (Wired Equivalent Privacy) Weak, broken,
encryption method , Uses 40-bit or 104-bit key & 24-bit
initialization vector and In common use but insecure
True
False
===============================================
61. WPA uses TKIP (Temporal Key Integrity Protocol)
True
False
===============================================
62. WPA & WPA2 support EAP extensions – EAP-TLS
(Transport Layer Security) , EAP-TTLS (Tunnelled
Transport Layer Security) –and PEAP (Protected EAP)
True
False
===============================================
63. WPA2 uses Counter Cipher Mode with Block Chaining
Message Authentication Code Protocol or CCMP instead
of TKIP
True
False
===============================================
65. WPA and WPA-2 are both strong, unless the
passphrase can be guessed
True
False
===============================================
66. SMTP (Simple Mail Transfer Protocol) servers send
email – Usually without verifying the sender's address
and This leads to Spam
True
False
67. Real-time Blackhole Lists – Block open relays and
other sources of spam – Every organization must protect
their email server from being used by spammers to keep
off the blackhole lists
True
False
===============================================
68. Risks from Spam can be
A. Missing important emails
B. Malware in attachments or links
C. Phishing and pharming scams
D. All of the above
===============================================
69. HTTP (Hypertext Transfer Protocol) is used to send
Web pages
True
False
===============================================
70. The pages are written in HTML (Hypertext Markup
Language) and can be Attacks by: Script injection ,Buffer
overflow and Denial of Service
True
False
===============================================
71. Fax Security Messages may be mishandled at
recipient station
True
False
===============================================
72. Fax Security practices: – Cover pages with proper
routing & classification markings , Place fax machines in
secure areas , Use secure phone lines and Encrypt fax
data
True
False
73. PBX (Private Branch Exchange) switches manage
phone calls within a company
True
False
===============================================
74. POTS (Plain Old Telephone Service)
True
False
===============================================
75. VoIP (Voice over Internet Protocol)
True
False
===============================================
76. PBX, POTS, & VoIP Security Attacks – Personal use of
company resources and Caller ID spoofing & hiding
True
False
===============================================
77. Bluejacking Sending spam bluetooth messages
True
False
===============================================
78. Bluesnarfing Stealing personal data, such as
contacts, from a bluetooth-enabled phone and Phone
serial numbers can be stolen this way and used to clone
your phone
True
False
===============================================
79. Smurf attack – Sends pings to a broadcast address –
Target is in source IP of pings – Target gets many ECHO
REPLY packets
True
False
80. Fraggle attack – Sends UDP packets to port 7 (Echo)
or 19 (Chargen) – Replies flood target, like the Smurf
attack
True
False
===============================================
81. What are the Packet Floods
A. SYN Flood
B. UDP Flood
C. ICMP Flood
D. All of the above
===============================================
82. SYN Flood – Most effective – Burdens server waiting
for SYN/ACK (half-open connections)
True
False
===============================================
83. – Predicting SEQ numbers and sending spoofed
packets to replace packets in a session after login is
complete
A. Traditional method
B. Modern method
C. None of the above
D. All of the above
84. – Sniff authentication cookies – Access to Facebook,
Gmail, etc.
A. Traditional method
B. Modern method
C. None of the above
D. All of the above
===============================================
85. Teardrop Attack Length and Fragmentation Offset
fields in IP packets , Intended to allow large packets to
be fragmented & re-assembled , Malicious values in
these packets cause fragments to overlap and Crashes
vulnerable systems
True
False
===============================================
86. SSL VPNs require no client software, other than a
normal Web browser.
True
False
===============================================
87. Finding your files as you keep it last night is an
example of.........
Availability
No correct answer
Confidentiality
Integrity
88. This type Can use UDP (User Datagram Protocol) for
communication :
RADIUS
TACACS+
all answers are correct
Diameter protocol
===============================================
89. Sends UDP packets to port 7:
Fraggle attack
Bluejacking
Bluesnarfing
Smurf attack
===============================================
90. Remote Access Server use point-to-point protocol to
encapsulate packets.
True
False
End of Ch 5b
===============================================
91. Balancing these three things creates security
A. Confidentiality
B. Integrity
C. Availability
D. All of the above
Start of Ch 6
===============================================
92. Other important concepts is Defense in depth and
Avoiding single points of failure
True
False
93. Prevents unauthorized use or disclosure of
information, Privacy and Personally Identifiable
Information (PII)
A. Confidentiality
B. Integrity
C. Availability
D. All of the above
===============================================
94. Accuracy and completeness of data Unauthorized
users don't modify data – Authorized users don't make
unauthorized modifications (insider threat)
A. Confidentiality
B. Integrity
C. Availability
D. All of the above
===============================================
96. Authorized users can access systems and data as
needed , Denial of Service attacks harm availability ,
Other threats to availability – Single points of failure –
Inadequate capacity planning – Malfunctions – Fail-safe
controls – Disasters
A. Confidentiality
B. Integrity
C. Availability
D. All of the above
===============================================
97. What are the layers in Defense in Depth
A. Security management principles
B. Security technologies
C. Vendor solutions
D. All of the above
98. Data Classification Assign value to information
assets , Determines proper level of protection and
Commercial data classification
True
False
===============================================
99. Government Data Classification is Protect national
interests or security , Comply with laws , Protect privacy
and DoD – Unclassified, Sensitive but Unclassified,
Confidential, Secret, and Top Secret
True
False
===============================================
100. Unclassified is the Lowest government data
classification , Disclosure won't harm national security ,
May once have been classified, but has been declassified
and May still be restricted by labels like
True
False
===============================================
101. SBU (Sensitive but Unclassified) – Disciplinary and
medical records
True
False
===============================================
102. Confidential – Could damage national security
True
False
===============================================
103. Secret – Could seriously damage national security –
Must be accounted for throughout its life cycle
True
False
===============================================
104. Top Secret – Highest level, may require additional
safeguards
True
False
105. Mission Statement is the Reason for an
organization's existence and Also called philosophy or
vision statement
True
False
===============================================
106. CCSF's Mission Statement is that Our primary
mission is to provide programs and services leading to
Transfer to baccalaureate institutions and Achievement
of Associate Degrees in Arts and Sciences;
True
False
===============================================
107. An organization strives to accomplish goals
True
False
===============================================
108. A milestone is a specific result that is expected and
indicates progress towards goals
True
False
===============================================
109. Policies, Standards, Guidelines, and Procedures All
work together to , Establish governance , Provide
guidance and decision support and Help establish legal
authority
True
False
===============================================
110. Governance collectively represents the system of
Policies, Standards, Guidelines, and Procedures that
steer an organization's operation and decisions
True
False
===============================================
111. Security Policy is Formal statement of rules
True
False
112. Security Policy has Four main types
A. Senior management
B. Regulatory
C. Informative and Advisory
D. All of the above
===============================================
113. Standards, guidelines, and procedures support
policy
True
False
===============================================
114. Standards is Specific mandatory requirements ,
Define and support higher-level policies
True
False
===============================================
115. Guidelines is Similar to standards and
Recommendations, not compulsory
True
False
===============================================
116. Procedures is Instructions on how to implement
policies and meet the criteria defined in standards and
Standard Operating Procedures
True
False
===============================================
117. Third-Party Governance IT functions are often
outsourced , Call-center and Application development
True
False
===============================================
118. Third-Party Governance Outsourcing security –
Access control – Maintenance hooks – Service-Level
Agreements (SLAs)
True
False
119. Service-Level Agreements (SLAs) is Establish
minimum performance standards , Internal SLAs , one
part of an organization to another and Outsourcing SLAs
specify what vendors must provide
True
False
===============================================
120. What are Identity Management include
A. Account provisioning and de-provisioning
B. Access control
C. Directory services and Public Key Infrastructure
D. All of the above
===============================================
121. Personnel Security Policies and Practices is
Background checks and security clearances – Reference
checks , Verification of data in employment applications
and resumes , Other records: court and law enforcement
,Credit records and Drug testing
True
False
===============================================
122. What are Employment Agreements include
A. Non-Disclosure Agreement
B. Non-Compete Agreement – Not legal in California
C. Acceptable Use Policies
D. All of the above
124. Hiring is Background checks , Employment agreements ,
Indoctrination and orientation and Creating user accounts,
assigning security badges
True
False
===============================================
125. Termination is Surrender of keys, badges, parking
permits – Exit interview Collect all company materials:
laptops, phones, etc. – Change locks and passwords, disable
network accounts
True
False
===============================================
126. What are Job Descriptions include
A. Reduce confusion and ambiguity
B. Provide legal basis for employee's authority or actions
C. Demonstrate negligence
D. All of the above
===============================================
127. Creating a corporate information security policy ,
Leading by example and Rewarding compliance
A. Management
B. Data Owner
C. Data Custodian
D. Users
128. Determining information classification levels ,
Policy for access and Maintaining inventories and
accounting
A. Management
B. Data Owner
C. Data Custodian
D. Users
===============================================
129. Backups and recovery –, Assigning directory and file
permissions and Assigning new users to appropriate
permission groups
A. Management
B. Data Owner
C. Data Custodian
D. Users
===============================================
130. Compliance with security requirements in policies,
standards, and procedures , Exercising due care and
Participating in training and awareness efforts
A. Management
B. Data Owner
C. Data Custodian
D. Users
+131. Separation of Duties Ensures that no single individual
has complete authority or control over a critical system or
process , Reduces opportunity for waste, fraud, or abuse and
Two-man control
True
False
===============================================
132. Job Rotation is Transferring key personnel to other
positions or departments , Reduce opportunity for waste,
fraud, and abuse –, Reduce dependence on individuals
,Promote professional growth and Reduce monotony and
fatigue
True
False
===============================================
133. Risk Management Terms Quantitative Risk Assessment –
Expressed in numbers, like dollars per year ,Qualitative Risk
Assessment – Vague: "Low", "Medium", "High" , Risk
Calculation and Safeguard selection criteria and objectives
True
False
===============================================
134. Something bad that might happen
A. Threat
B. Vulnerability
C. Asset
D. None of the above
135. A weakness that could be exploited
A. Threat
B. Vulnerability
C. Asset
D. None of the above
===============================================
136. Something valuable that should be protected
A. Threat
B. Vulnerability
C. Asset
D. None of the above
===============================================
137. What are Three Elements of Risk Analysis
A. Asset Identification
B. Threat Analysis
C. Risk treatment
D. All of the above
===============================================
138. Asset valuation Supports quantitative and qualitative
risk assessment, Business Impact Analysis (BIA), and security
auditing , Facilitates cost-benefit analysis and Supports
decisions re: safeguards
True
False
139. What are the Value of an Asset include
A. Initial and maintenance costs
B. Organizational value – Value internal to the company
C. Public value – Cost to the organization if asset is
compromised
D. All of the above
140. Threat Analysis 1. Determine the actual threat
2. Identify possible consequences
3. Determine probable frequency
4. Assess the probability that a threat will actually materialize
• Threats may be natural or man-made
True
False
===============================================
141. Vulnerability Assessment Measures weaknesses in
a company and Vulnerability scanner help to test
network defenses
True
False
===============================================
142. Threat: Laptops might be stolen , SLE: Replacing a stolen
laptop costs $2000 , ARO: Laptops have a 10% chance of being
stolen each year So ALE will be
A. $200 per year for each company laptop(10%X2000)
B. $2000 per year for each company laptop
C. $20 per year for each company laptop
D. None of the above
143. Threat: Laptops will become obsolete , SLE: Replacing an obsolete
laptop costs $2000 , ARO: Laptops are obsolete after three years, so
they lose 33% of their value each year So ALE will be
A. $660 per year for each company laptop(33%X2000)
B. $6660 per year for each company laptop
C. $60 per year for each company laptop
D. None of the above
===============================================
144. Qualitative Risk Analysis No numbers, based on
assumptions and guesswork and Cost-benefit analysis is
not possible
True
False
===============================================
145. Example: CCSF Emails Threat: Hackers might dump
CCSF emails on Wikileaks and embarrass us , Likelihood:
Low and Damage done: Medium loss of prestige, but it's
only a guess
True
False
===============================================
146. Implementing controls, policies, and procedures to
protect an asset
A. Risk Reduction
B. Risk transference
C. Risk Avoidance
D. Risk Acceptance
===============================================
147. Outsource, or purchase insurance
A. Risk Reduction
B. Risk transference
C. Risk Avoidance
D. Risk Acceptance
148. Stop doing the risky action altogether
A. Risk Reduction
B. Risk transference
C. Risk Avoidance
D. Risk Acceptance
===============================================
149. Do nothing: cure is worse than the disease
A. Risk Reduction
B. Risk transference
C. Risk Avoidance
D. Risk Acceptance
===============================================
150. CCSF Examples • Employees might make personal
copies on the copiers – Treatment: ACCEPT • Students
might park in the faculty lots – Treatment :REDUCE with
controls (campus police) • Employees might use social
networks like Twitter, and say things management
dislikes – Our ex-CTO wanted to AVOID this, but he was
removed and now we ACCEPT it
True
False
===============================================
151. Is the loss prevented by the safeguard greater than
the cost of the safeguard?
A. Cost-effectiveness
B. Legal liability
C. Operational impact
D. Technical factors
152. You may be required to implement controls
A. Cost-effectiveness
B. Legal liability
C. Operational impact
D. Technical factors
===============================================
153. Safeguard may interfere with business
A. Cost-effectiveness
B. Legal liability
C. Operational impact
D. Technical factors
===============================================
154. Safeguard may introduce new vulnerabilities
A. Cost-effectiveness
B. Legal liability
C. Operational impact
D. Technical factors
===============================================
155. Critical Factors Senior-level management support
Demonstrate that security supports business objectives
Demonstrate that security affects all individuals and jobs
True
False
===============================================
156. Awareness
A. Indoctrination and Orientation
B. Presentations
C. Printed materials
D. All of the above
157. Formal Training
• Classroom training
• On-the-job training
• Technical or vendor training
• Apprenticeship or qualification programs
True
False
===============================================
158. Education • Continuing education
• Certificate programs
• Formal education or degrees
True
False
===============================================
159. job rotation will increase dependency on individuals
True
False
===============================================
160. Can determine the information classification levels:
Data owner
Management
Data custodian
Users
===============================================
161. When hiring any candidate we should do
background check
True
False
162. match the correct definition with the correct word
Threat
A. something bad that
might happen
Vulnerability
B. determine the actual
threat
Asset
C. something valuable that
should be protected
Threat Analysis
D. implementing controls,
policies, and procedures to
protect an asset
Risk reduction
E. a weakness that could be
exploited
===============================================
163. to choose the right safeguard there are some criteria.
One of them is
which the safeguard may
interfere with business .
Technical factors
Legal liability
Operational impact
cost effectiveness
End of Ch 6
===============================================
164. Policies about People
• Job requirements and qualifications
• Background checks and verification
– Criminal convictions
– Citizenship
– Verify resumes
True
False
Start of Ch 10
165. Separation of Duties
• Require two people to approve critical acts, such as
signing checks, reducing
• Job rotation and mandatory vacations provide similar
benefits
True
False
===============================================
166. Least Privilege
• People should have only enough privileges to do their jobs
• One failure of least privilege is accumulation of privileges as
people move from job to job
True
False
===============================================
167. User Monitoring
• Direct observation
• Analyzing logs
• Attendance records
• Call logs
• Login warning
True
False
===============================================
168. Termination of Employment • Disable user account
immediately
True
False
169. Avoid Single Points of Failure
• Reliable systems design
• High-availability
• Clustering
• Mirroring
• Virtualization
• Protect systems, networks, and processes
True
False
===============================================
170. Handling sensitive information
• Data Labels: CONFIDENTIAL, SECRET, etc.
• Handling: transport, transmit, and use
• Storage and backup
• Destruction
• Records retention
True
False
===============================================
171. Doing something wrong
A. Error
B. Omission
C. None of the above
D. All of the above
172. Failure to perform an action
A. Error
B. Omission
C. None of the above
D. All of the above
===============================================
173. Many businesses require Errors and Omissions
Insurance
True
False
===============================================
174. Fraud is Deceptive or misrepresented activity that
results in illicit gain Controls attempt to confirm
information • Fraud detection system
True
False
===============================================
175. Loss of Physical and Infrastructure Support
• Fire, flood, power outage
True
False
===============================================
176. bypass authentication
A. Adware
B. Backdoors
C. Bootkits
D. Logic bombs
177. Kernel-mode rootkit, defeat full-disk encryption
A. Adware
B. Backdoors
C. Bootkits
D. Logic bombs
===============================================
178. triggered by a condition
A. Adware
B. Backdoors
C. Bootkits
D. Logic bombs
===============================================
179. Hide portions of a system
A. Adware
B. Backdoors
C. Bootkits
D. Rootkits
===============================================
180. collects information
A. Adware
B. Backdoors
C. Spyware
D. Rootkits
181. masquerades as legitimate program
A. Trojan
B. Virus
C. Bot
D. Botnet
===============================================
182. Attaches to executable file
A. Trojan
B. Virus
C. Bot
D. Botnet
===============================================
183. travels through network
A. Worm
B. Virus
C. Bot
D. Botnet
===============================================
184. controlled by a criminal via malware
A. Trojan
B. Virus
C. Bot
D. Botnet
185. A group of bots
A. Trojan
B. Virus
C. Bot
D. Botnet
===============================================
186. Targeted attack, long time-frame, often nation state
sponsored
A. APT (Advanced Persistent Threat)
B. Virus
C. Bot
D. Botnet
===============================================
187. Deliberate destruction of property
A. Sabotage
B. Theft
C. None of the above
D. All of the above
===============================================
188. Data theft is difficult to detect because original
copy remains
A. Sabotage
B. Theft
C. None of the above
D. All of the above
189. What are the types of controls
Preventive
Detective
Corrective or Recovery
Automatic v. Manual
True
False
===============================================
190. Processes and procedures
– Resource protection
– Privileged entity controls
– Change controls
– Media controls
– Administrative controls
– Trusted recovery
True
False
===============================================
191. Resource Protection
– Protect information assets and infrastructure
Communications hardware and software
True
False
===============================================
192. Privileged Entity Controls
• Restrict important actions to privileged users
• Part of the OS
True
False
193. Change Controls
• Formal process of proposal, design, review, approval,
implementation, recordkeeping
True
False
===============================================
194. Change management
– Assures that only approved changes are implemented
True
False
===============================================
195. Configuration management
– Records all the approved configuration changes to
settings and files that are made
True
False
===============================================
196. Patch Management
• Perform risk analysis on advisories
• Test patches • Deploy • Verify • Update
True
False
===============================================
197. Media Controls
• Mark storage media according to its sensitivity
• Control handling, storage, transmission, and disposal
True
False
198. Administrative Controls
• Least privilege • Separation of duties • Rotation of duties
True
False
===============================================
199. Trusted Recovery
• Protect confidentiality and integrity of stored data
• During recovery, system may be in single-user mode
True
False
===============================================
200. Auditing
• Examining systems and/or business processes to ensure
they are working properly
True
False
===============================================
201. Due Care
• Requires that an organization operates using good business
practices
True
False
===============================================
202. Audit Trails
– Records created which make audits easier
True
False
203. Reasons for audit trails
– Enforcement of accountability
– Investigation
– Event reconstruction
– Problem identification
True
False
===============================================
204. Types of Audit Trails
• Log files, such as send email and syslog files
• Often they lack consistency of format
• Difficult to combine and assemble into a coherent record
• Time synchronization makes audit trails easier to combine
True
False
===============================================
205. Looking for Trouble
• Difficult to tell normal activity from events that indicate real
trouble
• Random sampling can help
True
False
206. Protecting Audit Logs • Retaining audit logs – unclear
how long is required • Integrity of audit logs is essential DoS
on audit logs—create many false positives to cover tracks
True
False
===============================================
207. Penetration Testing
• Port scanning • Vulnerability scanning • Packet sniffing •
War dialing & wardriving • Emanation monitoring • Dumpster
diving • Eavesdropping & shoulder surfing • Social
engineering
True
False
===============================================
208. Intrusion Detection
• Network-based Intrusion Detection System (NIDS) – A
hardware device that protects a whole LAN • Host-based
Intrusion Detection System (HIDS) – Protects only a single host
True
False
===============================================
209. Signature-based
– Compares traffic with attack signatures
– Can be bypassed by altering attack
– Requires frequent update of signature files
True
False
210. Anomaly-based
– Detects deviations from normal traffic
– High volume of false positives
True
False
===============================================
211. Intrusion Detection System – Reports attacks but does
not stop them
True
False
===============================================
212. Intrusion Prevention System
– Stops attacks in progress
– Often by adjusting firewall rules
True
False
===============================================
213. Violation Analysis
• Examining activity and audit logs to find inappropriate
activities
• Clipping levels are thresholds that differentiate events from
non-events
True
False
214. Keystroke Monitoring Records every keystroke
True
False
===============================================
215. Traffic and Trend Analysis • Measures amount of data
sent & received
True
False
===============================================
216. Facilities Monitoring is a Physical monitoring
True
False
===============================================
217. Responding to Events Also called Incident management
or Problem management
True
False
===============================================
218. Responding to Events Advance planning should cover: –
Monitoring personnel detect an event – Initial response –
Confirmation – Notification – Escalation – Resolution – Event
reporting – Event review and Security violations should be
documented
True
False
219. failure to perform an action is a definition of:
Omission.
Fraud.
Error.
None of the answers are right.
===============================================
220. Hide portions of a system is
.
Bootkits.
Rootkits.
adware.
Spyware.
===============================================
221. People should have only enough privileges to do their
jobs .
True
False
===============================================
222. In Critical action we required two people to approve that
True
False
===============================================
223. Fraud is doing something wrong by mistake.
True
False
224. Due care is examining systems and/or business processes
to ensure they are working properly.
True
False
===============================================
225. Auditing often performed by the third party.
True
False
===============================================
226. Auditing requires that an organization operates using
good business practices.
True
False
===============================================
227. Records in Audit Trails that created to make audits
easier.
True
False
===============================================
228. Time synchronization makes audit trails easier to
combine.
True
False
229. Records every keystroke:
Keystroke Monitoring.
Violation Analysis.
Intrusion Detection.
Penetration Testing.
===============================================
230. In intrusion detection, detecting deviations from normal
traffic is a kind called:
Host-based Intrusion Detection System (HIDS).
Anomaly-based.
Network-based Intrusion Detection System (NIDS).
Signature-based.
===============================================
231. Measures amount of data sent & received:
Violation Analysis.
Penetration Testing.
Intrusion Detection.
Traffic and Trend Analysis.
232. Port scanning and vulnerability scanning kinds of:
Violation Analysis.
Intrusion Detection.
Keystroke Monitoring.
Penetration Testing.
===============================================
233. Examining activity and audit logs to find inappropriate
activities:
Penetration Testing.
Keystroke Monitoring.
Violation Analysis.
Intrusion Detection.
End of Ch 10
===============================================
234. Natural Disasters
A. Fires and explosions
B. Earthquakes
C. Storms
D. All of the above
Start of Ch 11
===============================================
235. Secondary Effects
A. Utility outages
B. Communications outages
C. Transportation outages
D. All of the above
236. Man-made Disasters
A. Accidents
B. Crime and mischief
C. Cyberattacks/cyberwarfare
D. All of the above
===============================================
237. How Disasters Affect Businesses Damage to
A. Business buildings
B. Records
C. Equipment
D. All of the above
===============================================
238. Keeps business running, often in a different
location, after the disaster
A. BCP
B. DRP
C. None of the above
D. All of the above
===============================================
239. Restores normal business operations later
A. BCP
B. DRP
C. None of the above
D. All of the above
===============================================
240. BCP & DRP Common Elements
A. Identification of critical business functions
B. Identification of possible disaster scenarios
C. Experts
D. All of the above
241. Continuity of Operations Planning (COOP) is A new
approach blending BCP and DRP together
True
False
===============================================
242. BCP Project Elements
A. Senior management support
B. Senior management involvement
C. Team must include representatives from all business
units
D. All of the above
===============================================
243. BCP Project Components
A. Scope Determination
B. BIA (Business Impact Assessment)
C. BCP (Business Continuity Plan) and Implementation
D. All of the above
===============================================
244. BCP Scope Determination
A. Difficult to choose which systems are vital and
therefore should be included in BCP
B. Scope creep occurs when a project grows beyond its
original intent
C. Strong leaders are needed to stay on target
D. All of the above
===============================================
245. BIA (Business Impact Assessment) Describes the impact a
disaster is expected to have on business operations
True
False
246. IA (Business Impact Assessment) Tasks
A. Vulnerability assessment
B. Criticality assessment—how important a business
function is to the viability of the organization
C. Determine resource requirements
D. All of the above
===============================================
247. Vulnerability assessment is Similar to Risk
Assessment and Quantitative parts
A. Personal liabilities
B. Increased expenses
C. Loss of revenue and capital
D. All of the above
===============================================
248. Vulnerability assessment Qualitative parts: Loss of
A. Service quality
B. Competitive advantages
C. Customer satisfaction
D. All of the above
===============================================
249. Criticality Assessment
A. Rank all business functions in order of criticality
B. Length of disaster affects criticality assessment
C. Identify key players
D. All of the above
===============================================
250. Determine MTD (Maximum Tolerable Downtime)
Also called Maximum Tolerable Period of Disruption
(MTPD) and For each critical business function
True
False
251. Recovery Time Objective (RTO) – Maximum period
of time required for restoration
True
False
===============================================
252. Recovery Point Objective (RPO)
– Amount of data that could be lost
– Amount of work that must be re-done
True
False
===============================================
253. Elements of a BCP
A. Emergency response teams
B. Damage assessment
C. Personnel safety and Personnel notification
D. All of the above
===============================================
254. Backups and Off-Site Storage
• Store backups in a secure location
• Far enough away to not experience the same disaster
True
False
255. Elements of a BCP
A. Software escrow agreements
B. External communications
C. Utilities, Logistics and supplies, Fire and water
protection
D. All of the above
===============================================
256. Documentation
• Must be available in a disaster
• Put a copy of DRP and BCP at remote facility where
backups are
True
False
===============================================
257. An empty room with power & HVAC but no computers
A. Cold site
B. Warm site
C. Hot Site
D. Reciprocal site
===============================================
258. An empty room with power & HVAC with computers and
communication
A. Cold site
B. Warm site
C. Hot Site
D. Reciprocal site
259. Duplicate computers from main system
A. Cold site
B. Warm site
C. Hot Site
D. Reciprocal site
===============================================
260. Another company agrees to share data center resources
during a disaster
A. Cold site
B. Warm site
C. Hot Site
D. Reciprocal site
===============================================
261. They don’t need any other company involved and No
additional cost
A. Cold site
B. Warm site
C. Hot Site
D. Multiple data centers
===============================================
262. Simplifying Critical Functions • Break them into
components
A. People
B. Facilities
C. Miscellaneous
D. All of the above
263. Documenting the Strategy
• Details of the continuity plan for each critical function
must be described in detail, step by step
• Hiring an expert consultant may help
True
False
===============================================
264. Implementing the BCP
A. Secure senior management approval
B. Promote awareness—every employee must know
about the BCP
C. Maintaining the BCP
D. All of the above
===============================================
265. Prepare for Emergency Response Specialized training to
deal with
A. Water and smoke damage
B. Structural damage
C. Flooding
D. All of the above
===============================================
266. Salvage which Damage assessment , Salvage assets
and Cleaning
True
False
===============================================
266. Recovery is Helping the BCP team get alternate sites
up and running
True
False
267. Financial Readiness
• Insurance • Cash reserves • Line of credit • Pre-purchased
assets
True
False
===============================================
268. Notifying Personnel
• Employees need to know if facilities are closed and where to
report for work , Audio conference bridges and Normal
communications may be down
True
False
===============================================
269. Testing the DRP
• Checklist • Structured walkthrough • Simulation• Parallel
test • Interruption or Cutover
True
False
===============================================
270. Creating Competitive Advantage
A. BCP and DRP can be seen as lost money
B. Real business benefits come two ways/Improved
products and services from a more mature company and
Opportunity to market superior reliability by telling
clients about the BCP and DRP
C. None of the above
D. All of he above
End of Ch 11
271. an empty room with power and HVAC with no computer
defined as Cold Site.
True
False
===============================================
272. Identifying critical business functions is an element for:
DRP
BCP and DRP
BCP
None of the answers are correct
===============================================
273.
assessment.
is a Quantitative part in Vulnerability
Personal Liabilities
Customer satisfaction
All answers are correct
Competitive Advantages
===============================================
274. Dos attacks and malware are kinds of natural disaster.
True
False
275. Match the correct definition with each of the following
terms:
Cold Site
A. Rank all business functions
in order of criticality.
Warm Site
B. A new Approach blending
BCP and DRP together.
Hot site
C. Difficult to choose which
systems are vital and
therefore should be included
in BCP should be included in
BCP.
Reciprocal Site
D. Another Company Agrees
to share data center resources
during a disaster.
COOP
E. An empty room with power
and HVAC with computers
and communication.
Scope Determination
F. An empty room with power
and HVAC but no computers.
BIA
G. Describing the impact a
disaster in expected to have
on business operations.
Criticality Assessment
H. Duplicate computers from
main system.
===============================================
276. Caller ID can not be spoofed
True
False
277. Password Authentication Protocol (PAP), Challenge
Handshake Protocol (CHAP), and Extensible Authentication
Protocol (EAP) are authentication protocol
True
False
===============================================
278. Connecting two wired LANS via a wireless link
Bridge mode
===============================================
279. An official letter cannot be edited is an example of
Integrity
===============================================
280. Sends pings to a broadcast address
Smurf attack
===============================================
281. The management can create an information security
policy that leads by example to reward employees
True
False
===============================================
282. Can stop doing the risky actions
Risk avoidance
===============================================
283. The management can create an information security policy that
leads by example to reward employees True
False