Deck 12: Appendix: Managing the Security Process

A) outsource security
B) have defense in depth
C) do risk analysis
D) only give minimum permissions

A) a weakest link
B) defense in depth
C) a single point of takeover
D) risk analysis thinking

A) least permissions
B) standard permissions
C) no permissions
D) maximum permissions

A) Provisions
B) Authorizations
C) Authentications
D) Risks

A) economic justification
B) risk analysis
C) comprehensive security
D) The Illusion of Cost

A) plan
B) protect
C) respond
D) The phases require about equal amounts of effort.

A) all
B) no
C) maximum
D) minimum

A) stopping the attack at a single step stops the attack
B) stopping the attack at multiple steps stops the attack
C) stopping the attack at all steps stops the attack
D) none of the above

A) comprehensive security
B) risk assurance
C) weakest link protection
D) defense in depth

A) weakest links
B) defense in depth
C) both A and B
D) neither A nor B

A) permission
B) authentication
C) scope
D) establishing the creator of a file

A) authentication
B) authorizations
C) defense in depth
D) network segregation

A) eliminate
B) give special attention to
C) minimize
D) authorize

A) on the vendor server
B) when the POS download server was compromised
C) when the exfiltration server was compromised
D) none of the above

A) low-level Target employee
B) Target IT employee
C) Target security employee
D) employee in a firm outside Target

A) technology
B) planning
C) management
D) none of the above

A) plan
B) protect
C) response
D) none of the above

A) have comprehensive security
B) have insurance
C) do risk analysis
D) only give minimum permissions

A) multiple security domains
B) a single security domain
C) at least two DMZs
D) multiple DMZs

A) they are dangerous
B) they are likely to report security violations
C) they are likely to act appropriately in unexpected circumstances
D) all of the above

A) policies
B) procedures
C) processes
D) culture

A) a single person from stealing on his own.
B) collusion
C) the crossing of security domains
D) all of the above

A) implementer knowledge
B) the delegation of work principle
C) minimum permissions
D) segregation of duties

A) what should be done
B) how to do it
C) both A and B
D) neither A nor B

A) individuals
B) roles
C) standard authorizations
D) none of the above

A) individuals
B) roles
C) standard authorizations
D) a three-headed dog named Fluffy

A) information systems
B) organizational systems
C) both A and B
D) neither A nor B

A) procedures; processes
B) processes; procedures
C) both A and B
D) neither A nor B

A) authenticator
B) verifier
C) authentication server
D) border firewall

A) on the Internet
B) inside the firm
C) outside the DMZ
D) all of the above

A) between the Internet and the DMZ
B) between the DMZ and the firm's internal network
C) both A and B
D) neither A nor B

A) implementation
B) oversight
C) both A and B
D) neither A nor B

A) vulnerability testing
B) creating guidelines
C) both A and B
D) neither A nor B

A) servers that are not accessible to clients outside the firm
B) servers that are freely accessible to clients outside the firm
C) servers that are freely accessible to clients inside the firm
D) servers that are inaccessible to any clients

A) policies
B) implementation
C) both A and B
D) neither A nor B

A) authenticator
B) verifier
C) authentication server
D) directory server or synchronized directory servers

A) DMZs
B) policies
C) ACLs for individual firewalls
D) standards that firewalls must follow

A) guidelines
B) standards
C) both A and B
D) neither A nor B

A) constant rehearsal
B) frequent rehearsal
C) little or no rehearsal
D) emergency rehearsal

A) a false alarm
B) a major security breach
C) both A and B
D) neither A nor B

A) firewall policies
B) firewall ACLs
C) Firewall procedures
D) Firewall processes

A) an outside crisis vendor
B) a business department
C) the security department
D) the IT department

A) Guidelines must be followed.
B) Guidelines must be considered.
C) both A and B
D) neither A nor B

A) the IT department
B) the legal department
C) the human resources department
D) all of the above

A) on-duty staff
B) CSIRT
C) outside consultant
D) FBI

A) the public relations department
B) the legal department
C) the IT department
D) the security department

A) breaches
B) compromises
C) both A and B
D) neither A nor B

A) vulnerability testing
B) auditing
C) both A and B
D) neither A nor B

A) simulations
B) live rehearsals
C) desktop rehearsals (also called tabletop rehearsals)
D) none of the above

A) policy
B) DMZ
C) ACL rule
D) procedure

A) on-duty staff
B) CSIRT
C) outside consultant
D) FBI

A) speed
B) quality
C) both A and B
D) neither A nor B

A) standards
B) guidelines
C) both A and B
D) neither A nor B

A) standards
B) guidelines
C) both A and B
D) neither A nor B

A) incidents
B) countermeasures
C) both A and B
D) neither A nor B

A) policy
B) implementation
C) both A and B
D) neither A nor B

A) Firewalls
B) IDSs
C) both A and B
D) neither A nor B

A) are relatively inexpensive
B) get into specific details
C) both A and B
D) neither A nor B

A) FTP
B) HTTP
C) TFTP
D) SysLog

A) Firewalls
B) IDSs
C) both A and B
D) neither A nor B

A) about right
B) somewhat more than desirable
C) much more than desirable
D) optimized for rapidly finding real incidents

A) is expensive
B) minimizes downtime
C) both A and B
D) neither A nor B

A) are relatively inexpensive
B) get into specific details
C) both A and B
D) neither A nor B

A) Firewalls
B) IDSs
C) both A and B
D) neither A nor B

A) usually clustered tightly together
B) usually spread out in the log file
C) usually only available in log files for individual devices
D) usually found in the log files of routers