info sec part4

Disaster recovery plan (DR plan) Means The documented product. It focuses on restoring systems. TRUE. FALSE.

Disaster recovery planning (DRP) Means The actions taken. TRUE. FALSE.

Incident response plan (IR plan) Means The documented product. It focuses on immediate response- but if the attack is there. TRUE. FALSE.

Recovery time objective (RTO) Means An investigation and assessment of the various adverse events that can affect the organization. The BIA attempts to answer the question- “How will it affect us?”. TRUE. FALSE.

Business impact analysis (BIA) Means The total amount of time the system owner or authorizing official is willing to accept for a mission/business process outage or disruption- including all impact considerations. TRUE. FALSE.

Maximum tolerable downtime (MTD) Means The point in time prior to a disruption or system outage to which mission/business process data can be recovered after an outage (given the most recent backup copy of the data). TRUE. FALSE.

Recovery point objective (RPO) Means The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources- supported mission/business processes- and the MTD. TRUE. FALSE.

Work recovery time (WRT) Means The amount of effort (expressed as elapsed time) necessary to make the business function operational after the technology element is recovered (as identified with RTO). Tasks include testing and validation of the system. TRUE. FALSE.

Business Impact Analysis stage2 Means It is important to collect critical information about each business unit before prioritizing the business units. TRUE. FALSE.

Business Impact Analysis stage1 Means Identify Resource Requirements. Once the organization has created a prioritized list of its mission and business processes- it needs to determine which resources would be required to recover those processes and associated assets. TRUE. FALSE.

Business Impact Analysis stage3 Means Identify Recovery Priorities for System Resources To do so- it needs to understand the information assets used by those processes. TRUE. FALSE.

Loss of confidentiality Means The process of examining an incident candidate and determining whether it constitutes an actual incident (both host-based and network-based). TRUE. FALSE.

Incident classification Means Information or information systems become unavailable. TRUE. FALSE.

Loss of availability Means Users report corrupt data files- garbage where data should be- or data that looks wrong. TRUE. FALSE.

Loss of integrity Means You are notified of sensitive information leaks or informed that information you thought was protected has been disclosed. TRUE. FALSE.

Violation of policy Means Organizational policies that address information or information security have been violated. TRUE. FALSE.

Violation of law Means The law has been broken- and the organization’s information assets are involved. TRUE. FALSE.

Alert roster Means A scripted description of the incident that usually contains just enough information so that each person knows what portion of the IR plan to implement without slowing down the notification process. TRUE. FALSE.

Alert message Means A document that contains contact information for people to be notified in the event of an incident. TRUE. FALSE.

After-action review Means A detailed examination and discussion of the events that occurred- from first detection to final recovery. TRUE. FALSE.

Evidence Means The process of collecting- analyzing- and preserving computerrelated evidence. TRUE. FALSE.

Software as a Service (SaaS) Means A physical object or documented information entered into a legal proceeding that proves an action occurred or identifies the intent of a perpetrator. TRUE. FALSE.

Computer forensics Means in which applications are provided for a fee but hosted on third-party systems and accessed over the Internet and the Web. TRUE. FALSE.

Platform as a Service (PaaS) Means in which development platforms are available to developers for a fee and are hosted by third parties. TRUE. FALSE.

Disaster Recovery as a Service (DRaaS) Means which is informally known as Everything as a Service- provides hardware and operating systems resources to host whatever the organization wants to implement. Again- the service is hosted by a third party for a fee. TRUE. FALSE.

Full backup Means One of the newest options available as a specialized disaster recovery. TRUE. FALSE.

Infrastructure as a Service (IaaS) Means The duplication of all files that have changed or been added since the last full backup. TRUE. FALSE.

Disk duplexing Means The duplication of all files for an entire system- including all applications- operating systems components- and data. TRUE. FALSE.

Differential backup Means The duplication of only the files that have been modified since the previous incremental backup. TRUE. FALSE.

Disk mirroring L1 Means An approach to disk mirroring in which each drive has its own controller to provide additional redundancy. TRUE. FALSE.

Disk striping L0 Means It is where the computer records all data to twin drives simultaneously- providing a backup if the primary drive fails. TRUE. FALSE.

Incremental backup Means L1- It is where one logical volume is created by storing data across several available hard drives in segments called stripes. TRUE. FALSE.

Hot swap Means A hard drive feature that allows individual drives to be replaced without powering down the entire system and without causing a fault during the replacement. TRUE. FALSE.

Redundant array of independent disks (RAID) Means A system of drives that stores information across Multiple units to spread out data and minimize the impact of a single drive failure. TRUE. FALSE.

Database shadowing Means provided by mirroring entire servers to provide redundant capaA level of redundancy city for services. TRUE. FALSE.

Server fault tolerance Means A facility that provides only rudimentary serviceswith no computer hardware or peripherals. TRUE. FALSE.

Cold site Means A backup strategy to store duplicate online transaction data along with duplicate databases at the remote site on a redundant server. TRUE. FALSE.

Warm site Means A fully configured computing facility that includes all services communications links- and physical plant operations. TRUE. FALSE.

Hot site Means A facility that provides many of the same services and options as a hot site- but typically without installed and configured software applications. TRUE. FALSE.

Bonus Means Bonus. TRUE. FALSE.

competitive advantage Means That The adoption and implementation of an innovative business model- method- technique- resource- or technology in order to outperform the competition. TRUE. FALSE.

risk assessment Means That A determination of the extent to which an organization’s information assets are exposed to risk. TRUE. FALSE.

risk identification Means That The application of controls that reduce the risks to an organization’s information assets to an acceptable level. TRUE. FALSE.

risk control Means That The recognition- enumeration- and documentation of risks to an organization’s information assets. TRUE. FALSE.

risk management Means That The process of identifying risk- assessing its relative magnitude- and taking steps to reduce it to an acceptable level. TRUE. FALSE.

residual risk Means That The risk to information assets that remains even after current controls have been applied. TRUE. FALSE.

In Asset Identification - People Means That Position name- number- or ID (avoid using people’s names and stick to identifying positions- roles- or functions)- supervisor security clearance level- special skills. TRUE. FALSE.

Procedures Means That Description- intended purpose- relationship to software hardware- and networking elements- storage location for reference- storage location for update. TRUE. FALSE.

Name Means That Classification- owner- creator- and manager- size of data structure data structure used (sequential or relational)- online or offline- location- backup procedures employed. TRUE. FALSE.

Data Means That Make sure that the names you choose are meaningful to all the groups that use the information. You should adopt naming standards that do not convey information to potential system attackers. TRUE. FALSE.

IP address Means That This can be a useful identifier for network devices and servers but it does not usually apply to software. You can- however- use a relational database to track software instances on specific servers or networking devices. TRUE. FALSE.

Media access control (MAC) address Means That They are sometimes called electronic serial numbers or hardware addresses. TRUE. FALSE.

Element type Means That For hardware- you can develop a list of element types such as servers- desktops- networking devices- or test equipment. For software elements- you may develop a list of types that includes operating systems- custom applications by type (accounting- HR- or payroll- for example)- packaged applications and specialty applications- such as firewall programs. TRUE. FALSE.

Physical location Means That This information falls under asset inventory- which can be performed once the identification process is started. TRUE. FALSE.

Threats-vulnerabilities assets(TVA) Means That The logical location is most useful for networking devices and indicates the logical network where the device is connected. TRUE. FALSE.

Logical location Means That triples Apairing of an asset with a threat and an identification of vulnerabilities that exist between the two. TRUE. FALSE.

Loss Frequency Means That Likelihood ? Attack Success Probability. TRUE. FALSE.

Loss Magnitude Means That Asset Value ? Probable Loss. TRUE. FALSE.

single loss expectancy (SLE) Means That exposure factor (EF) * asset value (AV). TRUE. FALSE.

attack success probability Means That single loss expectancy (SLE) * annualized rate of occurrence (ARO). TRUE. FALSE.

annualized loss expectancy (ALE) Means That The number of successful attacks that are expected to occur within a specified time period. TRUE. FALSE.

loss frequency Means That The probability that a specific vulnerability within an organization will be the target of an attack. TRUE. FALSE.

Likelihood Means That The calculation of the likelihood of an attack coupled with the attack frequency to determine the expected number of losses within a specified time range. TRUE. FALSE.

transference risk control strategy Means That It attempts to shift risk to other assets other processes- or other organizations. TRUE. FALSE.

termination risk control strategy Means That It indicates the organization is willing to accept the current level of risk. TRUE. FALSE.

Acceptance Means That It eliminates all risk associated with an information asset by removing it from service or handling decision points. TRUE. FALSE.

access control Means That The selective method by which systems specify who may use a particular resource and how they may use it. TRUE. FALSE.

attribute-based access control (ABAC) Means That Specifications of authorization that govern the rights and privileges of users to a particular information asset. TRUE. FALSE.

access control list (ACL) Means That An access control approach whereby the organization specifies the use of objects based on some attribute of the user or system. TRUE. FALSE.

capabilities table Means That In a lattice-based access control- the row of attributes associated with a particular subject (such as a user). TRUE. FALSE.

discretionary access controls (DACs) Means That Access controls that are implemented at the discretion or option of the data user. TRUE. FALSE.

? lattice-based access control (LBAC) Means That A variation on the MAC form of access control- which assigns users a matrix of authorizations for particular areas of access- incorporating the information assets of subjects such as users and objects. TRUE. FALSE.

mandatory access control (MAC) Means That A required- structured data classification scheme that rates each collection of information as well as each user. TRUE. FALSE.

nondiscretionary access controls (NDACs) Means That They are implemented by a central authority. TRUE. FALSE.

role-based access control (RBAC) Means That An example of a nondiscretionary control where privileges are tied to the role a user performs in an organization- and are inherited when a user is assigned to that role. TRUE. FALSE.

task-based access control (TBAC) Means That An example of a nondiscretionary control where privileges are tied to a task a user performs in an organization and are inherited when a user is assigned to that task. TRUE. FALSE.

accountability Means That An integration of access control lists (focusing on assets) and capabilities tables (focusing on users) that results in a matrixwith organizational assets listed in the column headings and users listed in the row headings. TRUE. FALSE.

access control matrix Means That The access control mechanism that ensures all actions on a system—authorized or unauthorized—can be attributed to anauthenticated identity. Also known as auditability. TRUE. FALSE.

authentication Means That The access control mechanism that requires the validation and verification of an unauthenticated entity’s purported identity. TRUE. FALSE.

authorization Means That The access control mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels. TRUE. FALSE.

Access control Means That It is the method by which systems determine whether and how to admit a user into a trusted area of the organization—that is-information systems- restricted areas such as computer rooms- and the entire physical location. TRUE. FALSE.

identification Means That An authentication card that contains digital user data- such as a personal identification number (PIN)- against which user input is compared. TRUE. FALSE.

dumb card Means That The access control mechanism whereby unverified or unauthenticated entities who seek access to a resource provide a label by which they are known to the system. TRUE. FALSE.

passphrase Means That A plain-language phrase- typically longer than a password from which a virtual password is derived. TRUE. FALSE.

password Means That A secret word or combination of characters that only the user should know- a password is used to authenticate the user. TRUE. FALSE.

biometric access control Means That An authentication component similar to a dumb card that contains a computer chip to verify and validate several pieces of information instead of just a PIN. TRUE. FALSE.

smart card Means That The use of physiological characteristics to provide authentication for a provided identification. TRUE. FALSE.

minutiae Means That In biometric access controls- unique points of reference that are digitized and stored in an encrypted format when the user’s system access credentials are created. TRUE. FALSE.

address restrictions Means That Firewall rules designed to prohibit packets with certain addresses or partial addresses from passing through the device. TRUE. FALSE.

dynamic packet-filtering firewall Means That A firewall type that can react to network traffic and create or modify configuration rules to adapt. TRUE. FALSE.

firewall Means That In information security- a combination of hardware and software that filters or prevents specific information from moving between the outside network and the inside network. TRUE. FALSE.

application layer proxy firewall Means That A device capable of functioning both as a firewall and an application layer proxy server. TRUE. FALSE.

demilitarized zone (DMZ) Means That An intermediate area between two networks designed to provide servers and firewall filtering between a trusted internal network and the outside- untrusted network. TRUE. FALSE.

proxy server Means That A server that exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server- thus protecting and minimizing the demand on internal servers. Some proxy servers are also cache servers. TRUE. FALSE.

content filter Means That A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example- restricting user access to Web sites from material that is not related to business- such as pornography or entertainment. TRUE. FALSE.

data loss prevention Means That A strategy to gain assurance that the users of a network do not send high value information or other critical information outside the network. TRUE. FALSE.

virtual private network (VPN) Means That A private- secure network operated over a public and insecure network. TRUE. FALSE.

In authentication factors - Something You Know Means That This factor of authentication relies on what the unverified user or system knows and can recall—for example- a assword- passphrase- or other unique authentication code- such as a personal identification number (PIN). TRUE. FALSE.

In authentication factors - Something You Have Means That This authentication factor relies on something an unverified user or system has and can produce when necessary. TRUE. FALSE.

In authentication factors - Something You Are or Can Produce Means That This relies on individual characteristics- such as fingerprints- palm or prints. TRUE. FALSE.

intrusion Means That An adverse event in which an attacker attempts to gain entry into an information system or disrupt its normal operations- almost always with the intent to do harm. TRUE. FALSE.

intrusion detection and prevention system (IDPS) Means That The general term for a system that can both detect and modify its configuration and environment to prevent. TRUE. FALSE.

IDPS response technique Means That A system capable of automatically detecting an intrusion into an organization’s networks or host systems and notifying a designated authority. TRUE. FALSE.

intrusion detection system (IDS) Means That Terminating- Blocking- and Blocking all access. TRUE. FALSE.

Alarm filtering Means That A process of grouping almost identical alarms that occur nearly at the same time into a single higher-level alarm. TRUE. FALSE.

Alarm clustering and compaction Means That The process of classifying IDPS alerts so they can be more effectively managed. TRUE. FALSE.

Confidence value Means That The measure of an IDPS’s ability to correctly detect and identify certain types of attacks which is based on fuzzy logic. TRUE. FALSE.

False attack stimulus Means That The process by which attackers change the format and/or timing of their activities to avoid being detected by an IDPS. TRUE. FALSE.

Evasion Means That An event that triggers an alarm when no actual attack is in progress. Scenarios that test the configuration of IDPSs may use false attack stimuli to determine if the IDPSs can distinguish between these stimuli and real attacks. TRUE. FALSE.

False negative Means That The failure of an IDPS to react to an actual attack event. TRUE. FALSE.

False positive Means That An alert or alarm that occurs in the absence of an actual attack. TRUE. FALSE.

Tuning Means That The process of adjusting an IDPS to maximize its efficiency in detecting true positives while minimizing false positives and false negatives. TRUE. FALSE.

Noise Means That Alarm events that are accurate and noteworthy but do not pose significant threats to information security. TRUE. FALSE.

Site policy Means That The rules and configuration guidelines governing the implementation and operation of IDPSs within the organization. TRUE. FALSE.

Data Collection Means That In the process of analyzing data and network activity- IDPSs can be configured to log data for later analysis. TRUE. FALSE.

Attack Deterrence Means That Another reason to install an IDPS is that it serves as a deterrent by increasing the fear of detection among would be attackers. TRUE. FALSE.

application protocol verification Means That The process of examining and verifying the higher-order protocols (HTTP- FTP- and Telnet) in network traffic for unexpected packet behavior or improper use. TRUE. FALSE.

host-based IDPS (HIDPS) Means That An IDPS that resides on a particular computer or server- known as the host- and monitors activity only on that system. TRUE. FALSE.

monitoring port Means That Also known as a switched port analysis (SPAN) port or mirror port- a specially configured connection on a network device that can view all the traffic that moves through the device. TRUE. FALSE.

protocol stack verification Means That The process of examining and verifying network traffic for invalid data packets—that is- packets that are malformed under the rules of the TCP/IP protocol. TRUE. FALSE.

sensor Means That A hardware and/or software component deployed on a remote computer or network segment and designed to monitor network or system traffic for suspicious activities and report back to the host application. TRUE. FALSE.

Intrusion detection and prevention typically includes Means That Source IP addresses - Source and destination TCP - Number of packets and bytes transmitted in the session - Starting and ending timestamps for the session. TRUE. FALSE.

anomaly-based detection Means That Also known as behavior-based detection- an IDPS detection method that compares current data and traffic patterns to an established baseline of normalcy. TRUE. FALSE.

clipping level Means That A predefined assessment level that triggers a predetermined response when surpassed. TRUE. FALSE.

signature-based detection Means That Also known as knowledge-based detection or misuse detection- the examination of system or network data in search of patterns that match known attack signatures. TRUE. FALSE.

stateful protocol analysis (SPA) Means That The comparison of vendor-supplied profiles of protocol use and behavior against observed data and network patterns in an effort to detect misuse and attacks. TRUE. FALSE.

log file monitor (LFM) Means That An attack detection method that reviews the log files generated by computer systems- looking for patterns and signatures that may indicate an attack or intrusion is in process or has already occurred. TRUE. FALSE.

security information and event management (SIEM) Means That A software-enabled approach to aggregating- filtering- and managing the reaction to events- many of which are collected by logging activities of IDPSs and network management devices. TRUE. FALSE.

honeynet Means That A monitored network or network segment that contains multiple honeypot systems. TRUE. FALSE.

honeypot Means That An application that entices people who are illegally perusing the internal areas of a network by providing simulated rich content while the software notifies the administrator of the intrusion. TRUE. FALSE.

padded cell system Means That A protected honeypot that cannot be easily compromised. TRUE. FALSE.

back hack Means That The process of illegally attempting to determine the source of an intrusion by tracing it and trying to gain access to the originating system. TRUE. FALSE.

enticement Means That The act of attracting attention to a system by placing tantalizing information in key locations. TRUE. FALSE.

pen register Means That The act of luring a person into committing a crime in order to get a conviction. TRUE. FALSE.

entrapment Means That An application that records information about outbound communications. TRUE. FALSE.

attack protocol Means That An application that combines the function of honeypots or honeynets with the capability to track the attacker back through the network. TRUE. FALSE.

trap-and-trace application Means That A logical sequence of steps or processes used by anattacker to launch an attack against a target system or network. TRUE. FALSE.

fingerprinting Means That The systematic survey of a targeted organization’s Internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range. TRUE. FALSE.

footprinting Means That The organized research and investigation of Internet addresses owned or controlled by a target organization. TRUE. FALSE.

port scanners Means That It used both by attackers and defenders to identify fingerprint active computers on a network- the active ports and serviceson those computers- the functions and roles of the machines- and other useful information. TRUE. FALSE.