How can we help?

You can also find more resources in our Help Center.

266 terms

POIS Study

Principles of Information Security-Final
STUDY
PLAY
Software
_________carries the lifeblood of information through an organization.
Enterprise
A(n) __________ information security policy outlines the implementation of a security program within the organization
Information
The senior technology officer is typically the chief __________ officer
confidentiallity
In an organization, the value of _____________ of information is especially high when it involves personal information about employees, customers, or patients.
possesion
The _____________of information is the quality or state of ownership or control of some object or item
Cache.
The timing attack explores the contents of a Web browser's _______
buffer-overrun or buffer-overflow
A(n) _____-________ or _____-_______ is an application error that occurs when more data is sent to a program buffer than it is designed to handle.
elite
The expert hacker sometimes is called elite hacker.
sag
A momentary low voltage is called a(n) _____
espionage
When information gatherers employ techniques that cross the threshold of what is legal or ethical, they are conducting industrial _________
1978
A famous study entitled "Protection Analysis: Final Report" was published in ______
MULTICS
________ was the first operating system to integrate security as its core functions
Physical
___________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse
Hash
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a _____ value
physical design
During the ________ ________ phase, specific technologies are selected to support the alternatives identified and evaluated in the logical design
systems development life cycle
The most successful kind of top-down approach involves a formal development strategy referred to as a ________ _______ _______ _______
security
Organizations are moving toward more _______-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product.
SDLC
The ______ is a methodology for the design and implementation of an information system in an organization
waterfall
The _________ model consists of six general phases
System Administrators
People with the primary responsibility for administering the systems that house the information used by the organization perform the ________ __________ role.
Yes
Is Happy99.exe an example of a Trojan horse program?
social engineering
"4-1-9" fraud is an example of a _______ ________ attack.
256
Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) which is longer than ____ characters in Internet Explorer 4.0, the browser will crash.
Trogan Horses
________ _______ are software programs that hide their true nature, and reveal their designed behavior only when activated
fault
Complete loss of power for a moment is known as a _______
Hacktivist
One form of online vandalism is ________operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
Spyware
________ is any technology that aids in gathering information about a person or organization without their knowledge
distributed denial-of-service
A _______ _____ __ _______ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
denial-of-service
In a ________-___-_______ attack, the attacker sends a large number of connection or information requests to a target.
clean
A(n) _____ desk policy requires that employees secure all information in appropriate storage containers at the end of each day.
external
All information that has been approved by management for public release has a(n) _________ classification.
assessment
You can assess the relative risk for each of the vulnerabilities by a process called risk __________.
technologies
Security ____________ are the technical implementations of the policies defined by the organization.
feasability
Operational ___________ analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.
screened subnet
The architecture of a(n) _______ ________ firewall provides a DMZ
Kerberos
.The ___________ authentication system is named after the three-headed dog of Greek mythology, that guards the gates to the underworld.
dynamic
The _________ packet-filtering firewall allows only a particular packet with a particular source, destination, and port address to enter through the firewall.
transport
The circuit gateway firewall operates at the_______ layer.
Hybrid
______ firewalls combine the elements of other types of firewalls — that is, the elements of packet filtering and proxy services, or of packet filtering and circuit gateways.
five
The military uses a ____-level classification scheme
confidential
In the U.S. military classification scheme, __________ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.
Risk
_____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.
general
The ___________security policy is an executive-level document that outlines the organization's approach and attitude towards information security and relates the strategic value of information security within the organization.
program
The ________ security policy is a planning document that outlines the process of implementing security in the organization.
defend control
The _______ ________strategy attempts to prevent the exploitation of the vulnerability.
transfer control
The ________ ________strategy attempts to shift risk to other assets, other processes, or other organizations
DR
___ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede.
accept control
The ________ _______strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
standard of due care
When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) _________ __ ____ _______
packet-filtering
1. IP source and destination address 2.Direction (inbound or outbound) 3.TCP or UDP source and destination port request are all restrictions most commonly implemented in ______-_______ firewalls
Static
______ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall.
Statful
_______ inspection firewalls keep track of each network connection between internal and external systems.
demiliterized
The proxy server is often placed in an unsecured area of the network or is placed in the _____________ zone.
SOCKS
______ is the protocol for handling TCP traffic through a proxy server.
23
Telnet protocol packets usually go to TCP port ___.
rating and filtering
In most common implementation models, the content filter has two components:
RADIUS
____________ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection.
TACACS, Extended TACACS, and TACACS+
Which of the following is a valid version of TACACS? _________,________ ___________ and __________.
Transport
In ___________ mode, the data within an IP packet is encrypted, but the header information is not.
clustering
Alarm _________ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm
rattling
The initial estimation of the defensive state of an organization's networks and systems is called doorknob ________.
knowledge
A signature-based IDPS is sometimes called a(n) _________-based IDPS.
application
In _________ protocol verification, the higher-order protocols are examined for unexpected packet behavior, or improper use.
smart
A(n) ______ IDPS can adapt its reactions in response to administrator guidance over time and circumstances of the current local environment.
False Attack Stimulus
________ __________ __________ is an event that triggers an alarm when no actual attack is in progress.
signatures
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base.
passive
Most NBA sensors can be deployed in _______ mode only, using the same connection methods as network-based IDPSs.
Inline
______ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall
Honeypots
___________ are decoy systems designed to lure potential attackers away from critical systems.
Trap and trace
______ ____ _______ applications use a combination of techniques to detect an intrusion and then trace it back to its source.
suplicant
A(n) __________ is a proposed systems user.
Entrapment
___________ is the action of luring an individual into committing a crime to get a conviction.
Biometric access control
_________ _______ __________ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user.
CER
The ____ is the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate.
digest
A message ________ is a fingerprint of the author's message that is compared with the recipient's locally calculated hash of the same message.
encipher
To ________ means to encrypt, encode, or convert plaintext into the equivalent ciphertext.
advanced
The successor to 3DES is the __________Encryption Standard.
certificates
Digital ___________ are public-key container files that allow computer programs to validate the key and identify to whom it belongs.
Keyspace
_________ is the entire range of values that can possibly be used to construct an individual key
Polyalphabetic
More advanced substitution ciphers use two or more alphabets, and are referred to as ______________ substitutions.
Hash
______ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.
MAC
A ______ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
PKI
_____ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.Digital Certificates.
Digital Signatures
________ ___________ are encrypted messages that can be mathematically proven to be authentic.
distinguished
An X.509 v3 certificate binds a _____________ name , which uniquely identifies a certificate entity, to a user's public key.
PGP
_____ was developed by Phil Zimmermann and uses the IDEA Cipher for message encoding.
AH
The ____ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication.
Correlation
__________ attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem.
salami
In information security, ________theft occurs when an employee steals a few pieces of information at a time, knowing that taking more would be noticed — but eventually the employee gets something complete or useable.
bottom-up
Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, which is often referred to as a ____________ approach.
worm
A _______ can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected
Dos
_____ attacks can be launched against routers.
mail bomb
One form of e-mail attack that is also a DoS is called a ______ _______, in which an attacker routes large quantities of connection or information to the target.
cookie
A(n) ________ can allow an attacker to collect information on how to access password-protected sites
Know yourself
______ __________ means identifying, examining, and understanding the information and systems currently in place within the organization.
naming
You should adopt __________ standards that do not convey information to potential system attackers.
Mutually exclusive
____________ means that an information asset should fit in only one category
Comprehensive
____________ means that an information asset should fit in the list somewhere
Programs
__________ are activities performed within the organization to improve security
software
One method of protecting the residential user is to install a __________ firewall directly on the user's system
bastion
The DMZ can be a dedicated port on the firewall device linking a single _______ host
configuration
Good policy and practice dictates that each firewall device, whether a filtering router, bastion host, or other firewall implementation, must have its own set of _____________ rules.
1
Firewall Rule Set __ states that responses to internal requests are allowed.
firewalls
Some ________ can filter packets by protocol name.
Statful inspection
A ________ ________ firewall keeps track of each network connection between internal and external systems
State table
A _________ ___________ the state and contect of each packet by recording which station sent the packet and when.
Proxy server
The Application Gateway,Application-level firewall or simply the Application firewall is most commonly called a ________ __________.
false positive
A ________ _________ is when the IDPS system mistakes normal system activity for an attack.
HIDPS
A _______ is not optimized to detect multihost scanning, nor it is able to detect the scanning of non-host network devices, such as routers or switches
IDPS
Your organization's operational goals, constraints, and culture affect the selection of the _____and other security tools and technologies to protect your systems.
Intrusion detection and prevention systems
___________ ___________ and _________ __________ perform monitoring and analysis of system events and user behaviors.
sniffer
A ________ can be used to eavesdrop on network traffic.
XOR
You can combine the____ operation with a block cipher operation
Hashing
_________ functions don't require the use of keys.
128
DES uses a ____-bit key
encapsulating security payload protocol
The __________ __________ ________ _________ provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification.
Confidenciallity,Integrity and Availability
What does CIA stand for?
Layers os security:Physical, Personal, Operational, Communication,Network and Informational security.
What does P.P.O.C.N.I represent?
A robot Network
What is a Botnet?
Commitee on National Security Systems
What does CNSS stand for?
inside
The biggest security risks are from_______.
Mosaic
____________ was the first internet Browser.
asset
An ________ is the Organizational resource being protected.
exploit
____________ is a technique used to compromise a system.
Loss
______ is a single instance of an information asset suffering damage
Exposure
__________ is a condition or state of being vulnerable to an attacker.
Risk
______ is the probability that something unwanted will happen.
threat
A ______ is a category or objects, persons,or other entities that presents a danger to an asset.
Threat agent
A _______ _______ is a specific instance or a component of a threat.
Computer Security Institute
What does CSI stand for?
Malicious code attack
includes execution of viruses, worms, Trojan horses, and active Web scripts with intent to destroy or steal information.
Hoaxes
transmission of a virus hoax with a real virus attached; more devious form of attack
Back door attacks
gaining access to system or network using known or previously unknown/newly discovered access mechanism.
Password crack
attempting to reverse calculate a password.
Brute force attack
trying every possible combination of options of a password.
Dictionary attack
selects specific accounts to attack and uses commonly used passwords (i.e., the dictionary) to guide guesses
Denial-of-service attack
attacker sends large number of connection or information requests to a target.
Distributed denial-of-service attack
coordinated stream of requests is launched against target from many locations simultaneously.
Spoofing
technique used to gain unauthorized access; intruder assumes a trusted IP address
Man-in-the-middle attack
attacker monitors network packets, modifies them, and inserts them back into network
Spam
unsolicited commercial e-mail; more a nuisance than an attack, though is emerging as a vector for some attacks.
Mail bombing
also a DoS; attacker routes large quantities of e-mail to target.
Sniffers
program or device that monitors data traveling over network
Phishing
an attempt to gain personal/financial information from individual
Pharming
redirection of legitimate Web traffic (e.g., browser requests) to illegitimate site for the purpose of obtaining private information.
Social engineering
using social skills to convince people to reveal access credentials
Timing attack
relatively new; works by exploring contents of a Web browser's cache to create malicious cookie.
Script Kitty
Hackers of limited skill using expert software to attack.
Packet monkey
Script Kitty's using automated exploits to engage in distributed Dos attacks
Risk Management
process of identifying and controlling risks facing an organization. It involves identifying, classifying, and prioritizing an organization's assets.
Risk Identification
process of examining an organization's current information technology security situation
Risk controls
applying controls to reduce risks to an organization's data and information systems
Risk Assessment
Determines the extent to which an organization's information assests are exposed or at risk.
final risk assessment
A ______ _______ __________ worksheet shows asset, asset impact, vulnerability, vulnerability likelihood, and risk-rating factor
Information asset classification worksheet
A __________ _______ _________ worksheet assembles information about information assets and their impact.
Weighted criteria analysis
A ___________ ________ ________ worksheet assigns ranked value or impact weight to each information asset.
Ranked vulnerability risk
A ________ ___________ _____ worksheet assigns ranked value of risk rating for each uncontrolled asset-vulnerability pair.
Defend risk control strategy
A control strategy that attempts to prevent exploitation of the vulnerability
Tranfer risk control strategy
A control strategy that attempts to shift risk to other assets, processes, or organizations
Mitigate risk control strategy
A control strategy that attempts to reduce impact of vulnerability exploitation through planning and preparation
Accept risk control strategy
A control strategy that attempts to do nothing to protect a vulnerability and accepting the outcome of its exploitation
Terminate risk control strategy
A control strategy that directs the organization to avoid those business activities that introduce uncontrollable risks
Annualized loss expectancy
What does ALE stand for?
Single loss expectancy
What does SLE stand for?
annualized rate of occurrence
What does ARO stand for?
SLE = asset value × exposure factor (EF)
What is the equation for Expected loss per risk ?
CBA = ALE(prior) - ALE(post) - ACS
What is the equation for the Cost Benefit Analysis (CBA) Formula
It is annualized loss expectancy of risk before implementation of control
What is the ALE (prior)?
It is estimated ALE based on control being in place for a period of time
What is the ALE (post)?
Annualized Cost of the Safeguard
What is the ACS?
quantitative assessment
Using actual values or estimates is known as __________ ____________.
Qualitative assessment
_______________ ____________ is using evaluation process based on characteristics using nonnumerical measures
scales
Utilizing _______ rather than specific estimates relieves organization from difficulty of determining exact values
Benchmarking and Best Practices
An alternative approach to risk management is ______________ and _________ _____________.
Benchmarking
_______________ is a process of seeking out and studying practices in other organizations that one's own organization desires to duplicate
Metrics-based measures
and Process-based measures
________ and ______based measures are two measures typically used to compare practices:
Best business practices
_______ _________ __________ are security efforts that provide a superior level of information protection
baselining
__________ is the analysis of measures against established standards
Organizational
A ___________ feasability study examines how well proposed IS alternatives will contribute to organization's efficiency, effectiveness, and overall operation
Operational
A ___________ feasability study examines user and management acceptance and support, and the overall requirements of the organization's stakeholders
Technical
A ___________ feasability study examines if organization has or can acquire the technology necessary to implement and support the control alternatives
Political
A ___________ feasability study defines what can/cannot occur based on consensus and relationships
level of risk
Organization must define the _____ __ ____ it can live with.
Residual
_________risk that has not been completely removed, shifted, or planned for.
Access Control
________ ________ is a method by which systems determine whether and how to admit a user into a trusted area of the organization
MAC
_____use data classification schemes
Non-discretionary controls
_____-_____________ ________ are strictly-enforced versions of MACs that are managed by a central authority
Supplicant
A ________ is an entity that seeks a resource
Authentication
___________ is the process of validating a supplicant's purported identity
Authorization
_____________ is the matching of an authenticated entity to a list of information assets and corresponding access levels
Accountability (auditability)
_____________ensures that all actions on a system—authorized or unauthorized—can be attributed to an authenticated identity
Packet filtering firewalls
_________ __________ ___________ examine header information of data packets
Static filtering
_______ __________ firewalls require that filtering rules governing how the firewall decides which packets are allowed and which are denied are developed and installed
Dynamic filtering
________ _________firewalls allow the firewall to react to emergent event and update or create rules to deal with event
Stateful inspection
_________ ________firewalls keep track of each network connection between internal and external systems using a state table
Application gateway
An _________ __________ is frequently installed on a dedicated computer; also known as a proxy server
filtering routers
___________ ___________can be implemented behind the proxy server, further protecting internal systems
Circuit gateway
A _______ ________firewall ,like filtering firewalls, do not usually look at data traffic flowing between two networks, but prevent direct connections between one network and another using tunnels to direct specific traffic.
MAC layer firewalls
_________ __________ firewalls use MAC addresses of specific host computers are linked to access control list (ACL) entries that identify specific types of packets that can be sent to each host; all other traffic is blocked
Application Gateway
An ___________ ________ protects Appl,Presentation and Session layers of ISO
Circuit Gateway
A ___________ ________protects Transport layer of ISO
Packet Filtering
_________ ________ protects Network layer of ISO
MAC layer Firewall
A ________ ________ ________ protects the Data-Link layer of ISO
Hybrid firewalls
Combine elements of other types of firewalls
First
_______ generation Firewalls are static packet filtering firewalls
Second
_______ generation Firewalls are application-level firewalls or proxy servers
Third
_______ generation Firewalls are stateful inspection firewalls
Forth
_______ generation Firewalls are dynamic packet filtering firewalls; allow only packets with particular source, destination, and port addresses to enter
Fifth
_______ generation Firewalls are kernel proxies; specialized form working under kernel of Windows NT
Screened host firewall
A ________ ________ ___________combines packet filtering router with separate, dedicated firewall
bastion (also known as a sacrificial host)
Separate host is often referred to as __________.
Dual-homed host firewall
______-________ _____ firewall is a Bastion host contains two network interface cards one connected to external network, one connected to internal network
Screened subnet firewall
A _________ ________ firewall consists of two or more internal bastion hosts behind packet filtering router, with each host protecting trusted network
War dialer
Attacker can use device called a ____ ______ to locate connection points
Diameter
__________ is an emerging alternative derived from RADIUS
Secure European System for Applications in a Multivendor Environment (SESAME) is similar to Kerberos
What does Sesame stand for?
Intrusion
when an attacker attempts to gain entry into or disrupt the normal operations of an information system, almost always with the intent to do harm
NIDPS signature matching
detects an attack by using special implementation of TCP/IP stack , looks for invalid data packets
Honeypots
decoy systems designed to lure potential attackers away from critical systems and encourage attacks against the themselves
Honeynets
collection of honeypots connecting several honey pot systems on a subnet
Padded cell
A _________ ______ is a honeypot that has been protected so it cannot be easily compromised such as with traditional IDPS's
Trap and Trace
Use combination of techniques to detect an intrusion and trace it back to its source
Port Scanners
Tools used by both attackers and defenders to identify computers active on a network
Active and Passive vulnerability scanners
2 types of Vulnerability Scanners are?
IDPS
An _______ detects violation of its configuration and activates alarm
Centralized Control strategy
The _________ ________ ________is when all IDPS control functions are implemented and managed in a central location
Fully distributed Control strategy
The _________ ________ ________ _______is when all control functions are applied at the physical location of each IDPS component
Partially distributed Control strategy
The _________ ________ ________ _______is when combines Centralized & Fully distributed control strategies.
Enticement:
_____________ is the process of attracting attention to system by placing tantalizing bits of information in key locations Enticement is legal and ethical, entrapment is not
Entrapment
___________ is the action of luring an individual into committing a crime to get a conviction
Footprinting
_________ is the organized research of Internet addresses owned or controlled by a target organization
Fingerprinting
_____________ is a systematic survey of all of target organization's Internet addresses collected during the footprinting phase
Active vulnerability
________ _________ scanners scan networks for highly detailed information; initiate traffic to determine holes
Passive vulnerability
_________ __________ scanners listen in on network and determine vulnerable versions of both server and client software
Cryptography
process of making and using codes to secure transmission of information
Cryptanalysis
process of obtaining original message from encrypted message without knowing algorithms
Encryption
converting original message into a form unreadable by unauthorized individuals
Decryption
the process of converting the ciphertext message back into plaintext
bit stream or block cipher method
Plaintext can be encrypted through ___ _________ or ________ _______ method
Bit stream
each plaintext bit transformed into cipher bit one bit at a time
Block cipher
message divided into blocks (e.g., sets of 8- or 16-bit blocks) and each is transformed into encrypted block of cipher bits using algorithm and key
Substitution Cipher
Substitute one value for another
Monoalphabetic substitution
uses only one alphabet
Simple Polyalphabetic substitution
more advanced; uses two or more alphabets
Vigenère cipher
advanced cipher type that uses simple polyalphabetic code; made up of 26 distinct cipher alphabets
Transposition Cipher
Rearranges values within a block to create ciphertext
Vernam Cipher
Uses set of characters once per encryption process
Book or Running Key Cipher
Uses text in book as key to decrypt a message
Hash Functions
Mathematical algorithms that generate message summary/digest to confirm message identity and confirm no content has changed
Symmetric Encryption
Uses same "secret key" to encipher and decipher message
Data Encryption Standard -DES
one of most popular symmetric encryption cryptosystems
- 64-bit block size; 56-bit key
Triple DES - 3DES
created to provide security far beyond DES
Advanced Encryption Standard (AES):
developed to replace both DES and 3DES
Asymmetric Encryption
Also known as public-key encryption
- Uses two different but related keys,
RSA algorithm
algorithm
For cryptosystems, security of encrypted data is not dependent on keeping encrypting ________ secret
Secure Hash Standard as defined by NIST
What is SHS?
PKI
Integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services enabling users to communicate securely
ciphertext
The encrypted message from plaintext
Link Encryption
A series of encryptions and Decryptions between a number of systems.
Steganography
The hidding of Messages i.e. within a picture or graphic ,Wav. mps
Workfactor
the amount of effort (usually hours) to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are known
Caesar Cipher
A substitution cipher that shifts each letter to the right by 3 letters.
Transposion Cipher or permutation Cipher
simply rearranges the values within a block to create the ciphertext.
Hash algorithms
public functions that create a hash value or message digest
Message digest
a fingerprint of the authors message that is compared with the recipients locally calculated hash of the same message.
Message authentication Code
a key dependent one way hash function that allows only specific recipients the access the message digest.