Exam 1 - CSIS 3755 Information Assurance



Similar documents
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Introduction p. 2. Introduction to Information Security p. 1. Introduction

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

The Protection Mission a constant endeavor

Supplier Security Assessment Questionnaire

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Network Security Administrator

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

A Decision Maker s Guide to Securing an IT Infrastructure

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments

Network & Information Security Policy

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

An Introduction to Network Vulnerability Testing

How To Protect A Web Application From Attack From A Trusted Environment

ISO Controls and Objectives

Cisco Advanced Services for Network Security

Hacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking

Bellevue University Cybersecurity Programs & Courses

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Chapter 1 The Principles of Auditing 1

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

SECURITY. Risk & Compliance Services

Data Security Incident Response Plan. [Insert Organization Name]

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Critical Controls for Cyber Security.

Penetration Testing Service. By Comsec Information Security Consulting

Information Security Services

Managing IT Security with Penetration Testing

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Delphi Information 3 rd Party Security Requirements Summary. Classified: Public 5/17/2012. Page 1 of 11

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

CTS2134 Introduction to Networking. Module Network Security

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS

information security and its Describe what drives the need for information security.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Microsoft Technologies

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

Radware s Behavioral Server Cracking Protection

NETWORK PENETRATION TESTING

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

California State University, Chico. Information Security Incident Management Plan

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Security Type of attacks Firewalls Protocols Packet filter

WHITE PAPER. An Introduction to Network- Vulnerability Testing

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Basics of Internet Security

SANS Top 20 Critical Controls for Effective Cyber Defense

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

John Essner, CISO Office of Information Technology State of New Jersey

CS5008: Internet Computing

IBX Business Network Platform Information Security Controls Document Classification [Public]

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

Firewalls, Tunnels, and Network Intrusion Detection

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

INFORMATION TECHNOLOGY SECURITY STANDARDS

ISO 27002:2013 Version Change Summary

Principle of Information Security. Asst. Prof. Kemathat Vibhatavanij Ph.D.

Chapter 7 Information System Security and Control

Web Security School Final Exam

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

How To Protect A Network From Attack From A Hacker (Hbss)

INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS

Internet Security Firewalls

Data Management Policies. Sage ERP Online

INTRUSION DETECTION SYSTEMS and Network Security

MCSA Security + Certification Program

Network and Host-based Vulnerability Assessment

8. Firewall Design & Implementation

INFORMATION TECHNOLOGY ENGINEER V

IBM Managed Security Services Vulnerability Scanning:

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

BUDGET LETTER PEER-TO-PEER FILE SHARING , , EXECUTIVE ORDER S-16-04

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

Overview. Packet filter

Intro to Firewalls. Summary

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

CIS 4204 Ethical Hacking Fall, 2014

Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications

Introduction to Cyber Security / Information Security

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Office of Inspector General

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Transcription:

Name: Exam 1 - CSIS 3755 Information Assurance True/False Indicate whether the statement is true or false. 1. Antiquated or outdated infrastructure can lead to reliable and trustworthy systems. 2. Information Security is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information. 3. The Session layer is responsible for establishing,maintaining, and terminating communications sessions between two systems. 4. The Network layer is the primary layer for communications between networks. This layer has three key functions: packetizing, addressing, and routing. 5. Addresses are maintained by the Internet Assigned Numbers Authority (IANA) and issued on an as-needed basis. 6. Policies are organizational laws in that they dictate acceptable and unacceptable behavior within the organization. 7. Policies are put in place to support the organization s mission, vision, and strategic planning. 8. The ISSP guides the development, implementation, and management of the security program. 9. Once guidelines on use have been outlined and responsibilities have been assigned, the policy must specify the penalties for, and repercussions of, policy violation. 10. Redundancy can be implemented at a number of points throughout the security architecture, such as firewalls, proxy servers, and access controls. 11. Incident response planning includes the identification of, classification of, and response to an incident. 12. Incident response planning prepares an organization to reestablish critical business operations during a disaster that affects operations at the primary site. 13. A disaster recovery plan ensures that critical business functions continue, if a catastrophic incident or disaster occurs. 14. System-specific policies can not be developed at the same time as ISSPs. 15. Accuracy means that information is free from mistakes or errors and it has the value that the end user expects.

Name: 16. Personal Security requires the protection of the physical items, objects, or areas of an organization from unauthorized access and misuse. 17. Confidentiality enables authorized users - persons or computer systems - to access information without interference or obstruction, and to receive it in the required format. 18. A complete loss of power for a moment is known as a fault. 19. When a computer is the subject of an attack it is used as an active tool to conduct the attack. 20. Data custodians are responsible for the security and use of a particular set of information. 21. Networks can be categorized by components, size, layout or topology, or media. 22. A variable of the penetration test, whether performed internally or outsourced, is the amount of information provided to the red team. 23. To maintain secure networks, information security professionals must be prepared to identify system vulnerabilities, whether by hiring system assessment experts, or by conducting selfassessments using scanning and penetration tools. Multiple Choice Identify the choice that best completes the statement or answers the question. 24. requires the protection of the people who are authorized to access the organization and its operations. a. Physical Security c. Operations Security b. Personal Security d. Communications Security 25. When information gatherers employ techniques that cross the threshold of what is legal or ethical, they are conducting. a. software piracy c. competitive intelligence b. industrial espionage d. shoulder surfing 26. is used in public or semipublic settings when individuals gather information they are not authorized to have by looking over another individual s shoulder or viewing information from a distance. a. shoulder surfing c. software piracy b. industrial espionage d. competitive intelligence 27. A(n) hacks the public telephone network to make free calls or disrupt services. a. cracker c. packet monkey b. phreaker d. elite 28. The application of computing and network resources to try every possible combination of options of a password is called. a. brute force attack c. password attack b. cracking d. dictionary attack 29. A is a program or device that can monitor data traveling over a network. a. sniffer c. spam b. packet sniffer d. mail bomb

Name: 30. A is an identified weakness in a controlled system, where controls are not present or are no longer effective. a. vulnerability c. threat agent b. malicious code d. attack 31. is a suite of protocols used to facilitate communications across the Internet. a. TCP/IP c. XML b. HTML d. WWW 32. A is the geometric association of components of a network in relation to each other. a. router c. network layer b. topology d. ethernet 33. is the process of moving a Network layer packet across multiple networks. a. Transporting c. Routing b. Controlling d. Layering 34. The combination of Network layer address and port is referred to as a. a. router c. socket b. control d. layer 35. prepares an organization to reestablish critical business operations during a disaster that affects operations at the primary site. a. Incident Response Planning c. Developing Continuity b. Disaster Recovery Planning d. Business Continuity Planning 36. A(n) provides rules for the protection of the information assets of the organization. a. mission c. security policy b. vision d. information security policy 37. A is a set of guidelines or instructions that an organization s senior management implements to regulate the activities of the members of the organization who make decisions, take actions, and perform other duties. a. vision c. policy b. standards d. mission 38. The, which is an outline of the overall information security strategy and a roadmap for planned changes to the organization s information security environment. a. security structure c. security blueprint b. security framework d. security planning 39. is the set of activities taken to plan for, detect, and correct the impact of an incident on information assets. a. Disaster Recovery c. Incident Response b. Recovery Operations d. Business Continuity Planning 40. The includes a combination of tables and lists, such that organizational assets are listed along the column headers, while users are listed along the row headers. a. configuration rule policy c. access control matrix b. capability table d. access control list

Name: 41. A SysSP document is created by management to guide the implementation and configuration of technology as well as to regulate the behavior of people in the organization. a. technical specifications c. policy management b. managerial guidance d. configuration rule policy 42. planning is the process of preparing an organization to handle and recover from a disaster, whether natural or man-made. a. Incident Response c. Developing Continuity b. Disaster Recovery d. Business Continuity 43. are areas of trust within the security perimeter where users can freely communicate. a. Security Bubbles c. Security Neutral Zones b. Security Domains d. Security Safe Spots 44. A(n) is a detailed description of the activities that occur during an attack. a. plan classification c. damage assessment b. business unit analysis d. attack profile 45. provides detailed information and hands-on instruction to employees to prepare them to perform their duties securely. a. Security Training c. Security Awareness b. Security Education d. Security Tutoring 46. The first phase in the development of the contingency planning process is the. a. business impact analysis c. damage assessment b. attack profile d. plan classification 47. is a systematic survey of all of the target organization s Internet addresses. a. fingerprinting c. footprinting b. caching d. attack protocol 48. The helps to secure networks by detecting intrusions; the scanners and analyzers help secure networks by helping administrators identify where the network needs securing. a. intrusion detection/prevention systems c. intrusion prevention b. intrusion detection d. systems 49. is when information remains whole, complete, and uncorrupted. a. Authenticity c. Integrity b. Availability d. Utility 50. enables authorized users - persons or computer systems - to access information without interference or obstruction, and to receive it in the required format. a. Data Custodian c. Confidentiality b. Utility d. Availability

Name: 51. The layer is responsible for the basic capacity of transferring messages, including resolution of errors, managing necessary fragmentation, and the control of message flow, regardless of the underlying network. a. Network c. Session b. Transport d. Application 52. The serves to reinforce the position of the U.S. government and industry while helping to ensure the safety and the health of consumers and ensuring environmental protection. a. International Telecommunication Union c. American National Standards Institute b. Institute of Electrical and Electronics d. Telecommunications Industry Association Engineers 53. A(n) addresses the preparation for and recovery from a disaster, whether natural or man-made. a. disaster recovery plan c. business continuity plan b. contingency plan d. incident response plan 54. Implementing multiple types of technology and thereby preventing the failure of one system from compromising the security of information is referred to as. a. domain security c. layered security b. rotation d. redundancy 55. is the process of moving the organization towards its vision. a. Strategic Planning c. Vision b. Security Policy d. Mission 56. are tools used by both attackers and defenders to identify (or fingerprint) the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information. a. port scanners c. footprinting b. fingerprinting d. caching 57. A listens in on the network and identifies vulnerable versions of both server and client software. a. passive vulnerability scanner c. excited vulnerability scanner b. active vulnerability scanner d. reactive vulnerability scanner 58. verify that an organization s security policies are prudent and are being implemented correctly. a. Audits c. Profiles b. Checks d. Policies Completion Complete each statement. 59. of information is the ownership or control of some object or item. 60. of information is the quality or state of having value for some purpose or end. 61. means that information is free from mistakes or errors and it has the value that the end user expects.

Name: 62. A is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication. 63. A is an application error that occurs when more data is sent to a buffer than it can handle. 64. is a network containing a dedicated server that connects systems within or between a few buildings, over a small geographic space. 65. A(n) is prepared by the organization to anticipate, react to, and recover from events that threaten the security of information and information assets in the organization, and, subsequently, to restore the organization to normal modes of business operations. 66. One of the basic tenets of security architectures is the layered implementation of security which is called. 67. is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information. 68. is when information is protected from disclosure or exposure to unauthorized individuals or systems. 69., a network layer mechanism that helps systems manage addresses, uses a device like a router to segregate the external Internet from an internal intranet or network. 70. is the process of moving a Network layer packet across multiple networks. 71. The is the primary layer for communications between networks. This layer has three key functions: packetizing, addressing, and routing. 72. A(n) _ is also known as a general security policy, IT security policy, or information security policy. 73. The is a series of steps or processes used by an attacker, in a logical sequence, to launch an attack against a target system or network. 74. One of the preparatory parts of the attack protocol is the collection of publicly available information about a potential target, a process known as. 75. are tools used by both attackers and defenders to identify (or fingerprint) the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information. 76. A(n) is a network tool that collects copies of packets from the network and analyzes them

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information