Advertisement Upgrade to remove ads

Network Security Final

False Attack Stimulus

An event that triggers alarms and causes a false positive when no actual attacks are in progress.

Footprinting

Involves activities that gather information about the organization and its network activities and assets.

Centralized IDPS control strategy

All IDPS control functions are inplemneted and managed in a central location

Honey Pots

A decoy system designed to lure potential attackers away from critical systems.

Footprinting

is the organized research of the internet address owned or controlled by a target organization

Packet Sniffer

is a network tool that collects copies of packets form the network and analyzes them

TRUE

a wireless security toolkit should include the ability to sniff wireless traffic, scan wirelss hosts, and assess the levl of privacy or confidentiality afforded on the wireless network.

FALSE

the use of biometric based authentication is expected to have little impact in the future because of technical and ethical issues

Minutiae

are unique points of reference that are digitized and stored in an encrypted format when the user's system access credentials are created.

False reject rate

the percentage of identification instances in which authorized users are denied access a result of a failure in the bio metric device

TRUE

many biometric systems that are highly reliable and effective are considered somewhat intrusive to users

False

Corporate security addresses the design, implementation, and maintenance of counter measures that protect the physical resources of an organization.

General Management

Is responsible for the security of the facility in which the organization is housed and the policies and standards for secure operations

Information Technology management Professionals

are responsible for environmental and accesss security in technology equipment locations and for the policies and standards of secure equipement

Information Security Management professionals

Perform risk assesments and implementation reviews for the physical security controls implemented by other groups

Secure Facility

A physical location that has been engineered with conrols designed to minimize the risk of attacks from physical threats

Proximity reader

reader does not requires the insertion of the keycard into the reader but relies on the placement of the card within the locks range to be recognized

Biometric Locks

Finger, palm, and hand readers, iris and retena scanners, and voice and signature readers are examples of

TRUE

to record events within a specific area that guards and dogs might miss, or to record events in areas where other types of physical controls are not practical, is called electronic monitoring.

Alarm

why type of control notes the occurance of some condition and then performs some type of notification activity

Flame point

the temperature at which a type of material will ignite is known as the

Photoelectric detection

use infrared light to detect an object or person passing through a beam.

Class A materials

fires that involve the ordinary combustibale fuel, such as wood, paper, textiles, rubber, cloth, and trash, belong to

Class B materials

Fires fueled by combustible liquids or gases, such as solvents, gasoline, paint, lacquer, and oil. Use carbon dioxide, multipurpose dry chemical, and halon fire extinguishers

Class C materials

Fires with energized electrical equipment or appliances. Use carbon dioxide, multi-purpose dry chemical, and halon fire extinguishers

Class D materials

Fires fueled by combustible metals, such as magnesium, lithium, and sodium. Use special extinguishing agents and techniques

Dry pipe

Fire suppression system is designed to work in areas where electrical equipmetn is used. instead of the system containing water it contains pressurized air

Preaction

fire suppression system employs a 2 phase response to a fire. the system is normally maintained with nothing in the delievery pipes. when a fire has been detected the first phase is initiated and valves allow water to enter the system

Clean agent

a fire suppression agent that does not leave a residue when dry, nor does it interfere with operation of electrical or electronic equipment

Standby or offline UPS

when the power stops flowing to the equipment, what type of UPS activates a transfer switch, which provides power from the batteries through a DC-to-AC converter until the power is restored or the computer is shut down

True online UPS

Type of ups, the primary power source is the battery and the power feed from the utility constantly recharges this battery.

Telecommuting

Off site computing that uses internet connections, dial up connections, conections over leased point to point links between offices and other connections mechanisms

TRUE

Like other organizational resources computing equipment should be inventoried and inspected on a regular basis

False

Encryption is a process of hiding information and has been in use for a long time

True

Julius caesar was associated with an early version of the substitution chipher

Encryption

process of converting an aoriginal message into a form that is unreadable to unauthorized individuals

Key

is the information used in conjucntion with an algorithm to create the cipher text from the plain text or derive the plain text from cipher text

Cryptology

Is the Science of encryption

Cryptography

is the process of making and using codes to secure the transmission of information

False

Hashing functions require the use of keys

Message Digest

is a fingerprint of the authors message that is to be compared with the reciever's locally calculated hash of the same message

True

285 computers could crack a 56 bit key in one year, where as 10 times as many could do it in little over a month

Key Space

is the entire range of values that can possibly used to construct a individual key

RSA algorithm

was the first public key encryption algorithm developed in 1977 and published for commercial use

true

popular cryptosystems use a hybrid combination of symmetric and asymmetric algorithms

true

PKI systems are based on public key crypto systems and include digitial certificates and certificate athorities

TRUE

Non repudation means that customers or partners can be held accountable for transactions such as online purchases which they cannot later deny

Stenography

Process of hiding a message

PGP

is a hybrid cryptosystem originally designed in 1991 by phil zimmerman

Timing Attack

the attacker usually eaves drops during the victims session and uses statistical analysis of teh users typing patterns and inter key stroke timings to discern sensitive session information

True

if an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program can continue to work well

constant review

and effective information security governance program requires

Interconnecting systems

defined as the direct connection of 2 or more infromation systems for sharing data and other information resourses

FALSE

indformation security technical controls are not affected by the same factors as most computer based technologies

Contingency planning

consists of a process for recovery and documentation of proceddures for conducting recovery

True

the first clue that an attack is underway often comes from reports by the observant users

Patching

repairing known vulnerabilities in any of the network system environment

false

the objective of the internal monotoring domain is to provide the early awareness of new and emerging threats, threat agents, vulnerabilities and attacks that is needed to mount an effective and timely defense

Internal Monitoring Domain

maintain an informed awareness of the state of all of the organizations network, information systems and informations security defenses

Planning Risk Assesment

Primary objective is to keep a look out over the entire information security program

Vulnerability assessments and remediation

identifies specific documented vulnerabilities and thier timely remediation

readiness and review

keeps the information security program functioning as designed and to keep it continuously improving over time

Platform security validation

process is designed to find and document the vulnerabilities that may be present because of misconfigured systems in use within the organization

forensics

is the coherent application of methodical investigatory techniques, to present evidence in crimes in a court or court like setting

evidentiary material

any information that could potentiall support the organizations legal or policy based case against a suspect

Offline Model

data aquisition is where the investigator removes the power source and then uses a utility or special device to make a bit streams sector by sector copy of the hard drives contained in the system

policies

in information security most operations focus on

behavioral

during the analysis phase a ___________ feasibility study should have been conducted that addressed the impact of the changes necessary for implementation

the best balance between compliance and security needs

whre should organizations place the infromation security organization

build administer define

according t schwartz erwin weafer and briney positions can be classified into one of three areaas those that ____ those that _____ and those that ______

CISO

Chief information security officer. typically the top information security employee in the organization

Security Manager

accountable for day to day operations of the infrormation security program

Security Technician

qualified individual who are tasked to configure firewalls deploy IDS implement security software, diagnose and troubleshoot problems and coordinate with systems and network administrators to ensure that security technology is operating to protect the organization

Security consultant

is typically an expert in some aspect of information security and may have been the CISO and have CISSP credentials

FALSE

Personal secuirty addresses the isssues needed to protect items objects or areas

Personnel security

addresss the protection of individuals or groups authorized to access an organization

Communications security

emcompasses the protection of an organization communications media technology and content

possesion

ownership or control of information is called the characteristic of

True

if information has a state of being genuine or original and is not a fabrication is has the the characteristic of authenticty

Confidentiality

characteristic of information that deals with preventing disclosure

CISSP

is one of 2 certificates offered by the international information systems

GIAC

Global Information Assurance Certification . Certifications require the applicant to complete a written practical assignment

CISA certification

Certified information systems auditor while not specifically a security certification contains many information security componants

Security consultant

can determine the level of trust the business places in the individual

contract

once a candidate has accepted the job offer, the employment _______ becomes an inportant security instrument

Job descriptions, training sessions, performance evaluations

to heighten information security awareness and change workplace behavior organizations should incorporate information security components into employee ____

contract

employees are typically hired usually under the arrangements with another company to perform specific services for the organization

Seperation of duties

is a control used to reduce the chance of an individual violation information security and breaching the confidentiality, integrity or availibility of the information

collusion

when 2 or more people comspire to steal

Job rotation

is the requirement that every employee be able to perform the work of another employee

Least priviliage

employees should be provided access to the minimal amount of information for the minimal amount of time necessary for them to perform thier duties

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set