Chat with AI
Deck 12: Appendix: Managing the Security Process
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/69
Play
Full screen (f)
Deck 12: Appendix: Managing the Security Process
1
A building with some unlocked exterior doors most specifically violates the principle of ________.
A) network segmentation
B) protecting single points of takeover
C) comprehensive security
D) risk analysis
A) network segmentation
B) protecting single points of takeover
C) comprehensive security
D) risk analysis
C
2
The goal of security is to eliminate risk.
False
3
Vulnerabilities are occasionally found in even the best security products.Consequently,companies must specifically ________.
A) outsource security
B) have defense in depth
C) do risk analysis
D) only give minimum permissions
A) outsource security
B) have defense in depth
C) do risk analysis
D) only give minimum permissions
B
4
A central firewall management program that specifically pushes changes to firewalls is ________.
A) a weakest link
B) defense in depth
C) a single point of takeover
D) risk analysis thinking
A) a weakest link
B) defense in depth
C) a single point of takeover
D) risk analysis thinking
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
5
On sensitive resources,authenticated parties should get ________.
A) least permissions
B) standard permissions
C) no permissions
D) maximum permissions
A) least permissions
B) standard permissions
C) no permissions
D) maximum permissions
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
6
________ are actions people can take on a resource.
A) Provisions
B) Authorizations
C) Authentications
D) Risks
A) Provisions
B) Authorizations
C) Authentications
D) Risks
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
7
Balancing threats against protection costs is called ________.
A) economic justification
B) risk analysis
C) comprehensive security
D) The Illusion of Cost
A) economic justification
B) risk analysis
C) comprehensive security
D) The Illusion of Cost
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
8
Which phase of the plan-protect-respond cycle takes the largest amount of work?
A) plan
B) protect
C) respond
D) The phases require about equal amounts of effort.
A) plan
B) protect
C) respond
D) The phases require about equal amounts of effort.
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
9
If someone has been properly authenticated,they should receive ________ permissions.
A) all
B) no
C) maximum
D) minimum
A) all
B) no
C) maximum
D) minimum
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
10
In a kill chain,________.
A) stopping the attack at a single step stops the attack
B) stopping the attack at multiple steps stops the attack
C) stopping the attack at all steps stops the attack
D) none of the above
A) stopping the attack at a single step stops the attack
B) stopping the attack at multiple steps stops the attack
C) stopping the attack at all steps stops the attack
D) none of the above
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
11
An attacker must break through two firewalls to get to a host.This most specifically illustrates the ________ principle.
A) comprehensive security
B) risk assurance
C) weakest link protection
D) defense in depth
A) comprehensive security
B) risk assurance
C) weakest link protection
D) defense in depth
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
12
There is a single countermeasure in ________.
A) weakest links
B) defense in depth
C) both A and B
D) neither A nor B
A) weakest links
B) defense in depth
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
13
Another term for authorization is ________.
A) permission
B) authentication
C) scope
D) establishing the creator of a file
A) permission
B) authentication
C) scope
D) establishing the creator of a file
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
14
Allowing a user access to edit files in a specific directory is an example of ________.
A) authentication
B) authorizations
C) defense in depth
D) network segregation
A) authentication
B) authorizations
C) defense in depth
D) network segregation
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
15
Companies should ________ single points of takeover.
A) eliminate
B) give special attention to
C) minimize
D) authorize
A) eliminate
B) give special attention to
C) minimize
D) authorize
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
16
Target received warnings during the attack.This happened ________.
A) on the vendor server
B) when the POS download server was compromised
C) when the exfiltration server was compromised
D) none of the above
A) on the vendor server
B) when the POS download server was compromised
C) when the exfiltration server was compromised
D) none of the above
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
17
The Target attackers probably first broke into Target using the credentials of a(n)________.
A) low-level Target employee
B) Target IT employee
C) Target security employee
D) employee in a firm outside Target
A) low-level Target employee
B) Target IT employee
C) Target security employee
D) employee in a firm outside Target
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
18
Security is primarily about ________.
A) technology
B) planning
C) management
D) none of the above
A) technology
B) planning
C) management
D) none of the above
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
19
Firewall operation takes place during the ________ phase.
A) plan
B) protect
C) response
D) none of the above
A) plan
B) protect
C) response
D) none of the above
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
20
Attackers only need to find a single weakness to break in.Consequently,companies must ________.
A) have comprehensive security
B) have insurance
C) do risk analysis
D) only give minimum permissions
A) have comprehensive security
B) have insurance
C) do risk analysis
D) only give minimum permissions
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
21
Companies should have ________ for each site.
A) multiple security domains
B) a single security domain
C) at least two DMZs
D) multiple DMZs
A) multiple security domains
B) a single security domain
C) at least two DMZs
D) multiple DMZs
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
22
If a person knows his or her role in an organizational system,________.
A) they are dangerous
B) they are likely to report security violations
C) they are likely to act appropriately in unexpected circumstances
D) all of the above
A) they are dangerous
B) they are likely to report security violations
C) they are likely to act appropriately in unexpected circumstances
D) all of the above
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
23
It is hardest to create good security ________.
A) policies
B) procedures
C) processes
D) culture
A) policies
B) procedures
C) processes
D) culture
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
24
In movie theaters,having one person sell tickets and another collect them prevents ________.
A) a single person from stealing on his own.
B) collusion
C) the crossing of security domains
D) all of the above
A) a single person from stealing on his own.
B) collusion
C) the crossing of security domains
D) all of the above
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
25
Policies are separated by implementation to take advantage of ________.
A) implementer knowledge
B) the delegation of work principle
C) minimum permissions
D) segregation of duties
A) implementer knowledge
B) the delegation of work principle
C) minimum permissions
D) segregation of duties
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
26
A policy specifies ________.
A) what should be done
B) how to do it
C) both A and B
D) neither A nor B
A) what should be done
B) how to do it
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
27
Errors in assigning permission are reduced if assignments are based on ________.
A) individuals
B) roles
C) standard authorizations
D) none of the above
A) individuals
B) roles
C) standard authorizations
D) none of the above
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
28
Ideally,access control should be based on ________.
A) individuals
B) roles
C) standard authorizations
D) a three-headed dog named Fluffy
A) individuals
B) roles
C) standard authorizations
D) a three-headed dog named Fluffy
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
29
Security must be considered at the ________ level.
A) information systems
B) organizational systems
C) both A and B
D) neither A nor B
A) information systems
B) organizational systems
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
30
Servers in the Demilitarized Zone (DMZ)are rarely attacked by clients on the Internet.
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
31
If the security principles in this chapter are implemented in organizational systems,an organizational system is likely to work securely without substantial active management.
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
32
Compared to ________,________ are more structured.
A) procedures; processes
B) processes; procedures
C) both A and B
D) neither A nor B
A) procedures; processes
B) processes; procedures
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
33
By changing credentials verification information on a(n)________,a firm can immediately cut off all access to corporate resources.
A) authenticator
B) verifier
C) authentication server
D) border firewall
A) authenticator
B) verifier
C) authentication server
D) border firewall
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
34
Servers in the DMZ should be freely accessible to clients ________.
A) on the Internet
B) inside the firm
C) outside the DMZ
D) all of the above
A) on the Internet
B) inside the firm
C) outside the DMZ
D) all of the above
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
35
There should be relatively free access ________.
A) between the Internet and the DMZ
B) between the DMZ and the firm's internal network
C) both A and B
D) neither A nor B
A) between the Internet and the DMZ
B) between the DMZ and the firm's internal network
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
36
Policies should drive ________.
A) implementation
B) oversight
C) both A and B
D) neither A nor B
A) implementation
B) oversight
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
37
Oversight activities include ________.
A) vulnerability testing
B) creating guidelines
C) both A and B
D) neither A nor B
A) vulnerability testing
B) creating guidelines
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
38
DMZs are places for ________.
A) servers that are not accessible to clients outside the firm
B) servers that are freely accessible to clients outside the firm
C) servers that are freely accessible to clients inside the firm
D) servers that are inaccessible to any clients
A) servers that are not accessible to clients outside the firm
B) servers that are freely accessible to clients outside the firm
C) servers that are freely accessible to clients inside the firm
D) servers that are inaccessible to any clients
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
39
Which of the following specifies what should be done?
A) policies
B) implementation
C) both A and B
D) neither A nor B
A) policies
B) implementation
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
40
To address uniformity of credentials verification throughout a large company,credentials verification information is usually stored in a single ________.
A) authenticator
B) verifier
C) authentication server
D) directory server or synchronized directory servers
A) authenticator
B) verifier
C) authentication server
D) directory server or synchronized directory servers
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
41
The policy server creates ________.
A) DMZs
B) policies
C) ACLs for individual firewalls
D) standards that firewalls must follow
A) DMZs
B) policies
C) ACLs for individual firewalls
D) standards that firewalls must follow
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
42
Compliance with ________ is voluntary.
A) guidelines
B) standards
C) both A and B
D) neither A nor B
A) guidelines
B) standards
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
43
Normal incidents usually require ________.
A) constant rehearsal
B) frequent rehearsal
C) little or no rehearsal
D) emergency rehearsal
A) constant rehearsal
B) frequent rehearsal
C) little or no rehearsal
D) emergency rehearsal
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
44
Which of the following is a normal incident?
A) a false alarm
B) a major security breach
C) both A and B
D) neither A nor B
A) a false alarm
B) a major security breach
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
45
Which of the following is easiest to understand?
A) firewall policies
B) firewall ACLs
C) Firewall procedures
D) Firewall processes
A) firewall policies
B) firewall ACLs
C) Firewall procedures
D) Firewall processes
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
46
CSIRT leaders should come from ________.
A) an outside crisis vendor
B) a business department
C) the security department
D) the IT department
A) an outside crisis vendor
B) a business department
C) the security department
D) the IT department
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
47
Which of the following is true?
A) Guidelines must be followed.
B) Guidelines must be considered.
C) both A and B
D) neither A nor B
A) Guidelines must be followed.
B) Guidelines must be considered.
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
48
Which department will almost always be involved in a CSIRT?
A) the IT department
B) the legal department
C) the human resources department
D) all of the above
A) the IT department
B) the legal department
C) the human resources department
D) all of the above
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
49
Major incidents are handled by the ________.
A) on-duty staff
B) CSIRT
C) outside consultant
D) FBI
A) on-duty staff
B) CSIRT
C) outside consultant
D) FBI
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
50
Communication with the media should be restricted which of the following?
A) the public relations department
B) the legal department
C) the IT department
D) the security department
A) the public relations department
B) the legal department
C) the IT department
D) the security department
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
51
Successful attacks are called ________.
A) breaches
B) compromises
C) both A and B
D) neither A nor B
A) breaches
B) compromises
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
52
Attacking your own firm occurs in ________.
A) vulnerability testing
B) auditing
C) both A and B
D) neither A nor B
A) vulnerability testing
B) auditing
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
53
CSIRTs rehearse an incident by talking about what should be done without actually doing it in ________.
A) simulations
B) live rehearsals
C) desktop rehearsals (also called tabletop rehearsals)
D) none of the above
A) simulations
B) live rehearsals
C) desktop rehearsals (also called tabletop rehearsals)
D) none of the above
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
54
The statement that people in quality control should have access to robots on the shop floor is an example of a firewall ________.
A) policy
B) DMZ
C) ACL rule
D) procedure
A) policy
B) DMZ
C) ACL rule
D) procedure
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
55
Normal incidents are handled by the ________.
A) on-duty staff
B) CSIRT
C) outside consultant
D) FBI
A) on-duty staff
B) CSIRT
C) outside consultant
D) FBI
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
56
A key to fast and effective response is ________
A) speed
B) quality
C) both A and B
D) neither A nor B
A) speed
B) quality
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
57
Compliance with ________ is mandatory.
A) standards
B) guidelines
C) both A and B
D) neither A nor B
A) standards
B) guidelines
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
58
Which of the following MUST be followed?
A) standards
B) guidelines
C) both A and B
D) neither A nor B
A) standards
B) guidelines
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
59
Successful attacks are called ________.
A) incidents
B) countermeasures
C) both A and B
D) neither A nor B
A) incidents
B) countermeasures
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
60
Implementation guidance is less specific than ________.
A) policy
B) implementation
C) both A and B
D) neither A nor B
A) policy
B) implementation
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
61
________ log provable attack packets.
A) Firewalls
B) IDSs
C) both A and B
D) neither A nor B
A) Firewalls
B) IDSs
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
62
Live rehearsals are important because they ________ compared to desktop rehearsals.
A) are relatively inexpensive
B) get into specific details
C) both A and B
D) neither A nor B
A) are relatively inexpensive
B) get into specific details
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
63
Device IDSs typically send log files to the central IDS log file using the ________ protocol.
A) FTP
B) HTTP
C) TFTP
D) SysLog
A) FTP
B) HTTP
C) TFTP
D) SysLog
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
64
________ focus on suspicious packets.
A) Firewalls
B) IDSs
C) both A and B
D) neither A nor B
A) Firewalls
B) IDSs
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
65
The rate of alarms in IDSs is usually ________.
A) about right
B) somewhat more than desirable
C) much more than desirable
D) optimized for rapidly finding real incidents
A) about right
B) somewhat more than desirable
C) much more than desirable
D) optimized for rapidly finding real incidents
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
66
Real-time fail-over with synchronized data centers ________.
A) is expensive
B) minimizes downtime
C) both A and B
D) neither A nor B
A) is expensive
B) minimizes downtime
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
67
Desktop (tabletop)rehearsals are important because they ________ compared to live rehearsals.
A) are relatively inexpensive
B) get into specific details
C) both A and B
D) neither A nor B
A) are relatively inexpensive
B) get into specific details
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
68
________ stop definite attack packets.
A) Firewalls
B) IDSs
C) both A and B
D) neither A nor B
A) Firewalls
B) IDSs
C) both A and B
D) neither A nor B
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
69
In IDS log files,relevant events are ________.
A) usually clustered tightly together
B) usually spread out in the log file
C) usually only available in log files for individual devices
D) usually found in the log files of routers
A) usually clustered tightly together
B) usually spread out in the log file
C) usually only available in log files for individual devices
D) usually found in the log files of routers
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 69 flashcards in this deck.
