Download D430: Fundamentals of Information Security Questions with Accurate Answers and more Exams Organizational Development in PDF only on Docsity!
D430: Fundamentals of Information Security
Questions with Accurate Answers
acceptability (biometrics) correct answer a measure of how tolerable the characteristic is to the users of the system. ex; systems that are slow, difficult or awkward to use are less likely to be tolerable by users. access control lists (ACLs) correct answer lists containing information about what kind of access certain parties are allowed to have to a given system. access control model correct answer a way of determining who should be allowed access to what resources. the most common of THESE are: discretionary access control, mandatory access control, rule-based access control, role-based access control, attribute-based access control, and multilevel access control. access controls correct answer the tools and systems you use to deny or allow access; implementing authorization. ex; a key to lock or unlock doors, badge for entry at work, password to use a computer. m; THIS has four basic tasks: allowing access, denying access, limiting access, and revoking access.
accountability correct answer making sure individuals are responsible for their actions. THIS is done by using identification, authentication, and authorization processes so you can know who a given event is associated with and what permissions allowed them to carry it out. address space layout randomization (ASLR) correct answer a technique that shifts the contents of the memory in use around so that tampering with it is even more difficult. administrative controls/measures (mitigate risks) correct answer THIS dictates how the users of your environment should behave; the rules, laws, policies, procedures, guidelines, and other items that are "paper" in nature. m; an important aspect of THIS is the ability to enforce it. can cause threats and vulnerabilities if left unchecked. AES (symmetric algorithm) correct answer a set of symmetric block ciphers that uses three different ciphers: one with a 128-bit key, one with a 192-bit key, and one with a 256-bit key, all of which encrypt blocks of 128 bits. agented scans correct answer allows the scanning of a host as though it were an authenticated user on the system by having a small piece of software, called an agent, installed on the specific host.
present traffic against that baseline in order to detect patterns that aren't present in the traffic normally. application of countermeasures (operations security) correct answer the fifth and final step is putting measures in place to mitigate the risks to your critical information. m; must mitigate either the threat or the vulnerability at the bare minimum. removing either will make sure you no longer have a serious risk. application penetration testing correct answer a type of pentesting that focuses directly on an application or application environment. m; requires a more specialized set of tools and skills on the part of the tester and involves two approaches: static analysis and dynamic analysis. application scanning correct answer a scanning tool specific to web technologies and vulnerabilities. m; can search more deeply in the application for issues than a scanner intended strictly for hosts would be able to find. arbitrary code execution (or 'remote code execution' when conducted over the network) correct answer the ability for attackers to execute any command on a system that they choose, without restriction. m; security flaws related to the languages used to talk to databases allows this to happen.
assess risks (risk management process) correct answer once the threats and vulnerabilities are identified, THIS is done to have an overall idea of the risk so you can start to mitigate them. m; a vulnerability with no matching threat or a threat with no matching vulnerability does not constitute a risk. assess vulnerabilities (risk management process) correct answer assets can have millions of threats, but only a fraction will be relevant; THIS is done to see if those relevant threats pose a risk. ex; if data is exposed, it could lead to a breach. if your data is encrypted, this is not a risk. ex; if the system goes down, business operations will also go down, this is a risk. assessment of risks (operations security) correct answer the fourth step is deciding what issues you need to address in the rest of the operations security process. assessments (audit) correct answer the tests used to find and fix vulnerabilities before attackers discover them. ex; vulnerability assessments, penetration testing.
attribute-based access control (ABAC) (access control model) correct answer a model based on the specific attributes of an individual, resource, or environment. subject attributes belong to an individual. ex; height, "you must be this tall to ride." resource attributes belong to a resource, such as an operating system. ex; this type of access control requires someone to use specific software or protocols for communication. environmental attributes are based on environmental conditions. ex; time, "this can only be accessed during these times." audit correct answer the process of reviewing an organization's records or information. ensures that people comply with laws, policies, and other bodies of administrative control. ex; passwords must be company policy compliant, software licenses must be law compliant (not illegally using software unlicensed), internet traffic must be administratively compliant. authenticated scan correct answer a scan that is conducted using a valid set of credentials, generally administrative, for the system being scanned. m; gives a more thorough view of the device and its potential vulnerabilities, generating a more accurate picture of the device's security.
ex; internal information such as installed software, contents of configuration files, the permissions on files and directories, and the vulnerability patches that the system needs but doesn't currently have. authentication attacks correct answer attacks that attempt to gain access to resources without the proper credentials to do so. authentication correct answer a set of methods used to establish whether a claim of identity is true. THIS has several approaches, known as factors, when trying to prove a claim of identity; something you know, something you are, something you have, something you do, and where you are. authenticity (parkerian hexad) correct answer in the parkerian hexad, THIS allows you to say whether you've attributed the data in question to the proper owner or creator. ex; if something is altered to appear to have come from someone other than the proper owner or creator, then it violates THIS. authorization attacks correct answer attacks that attempt to gain access to resources without the appropriate authorization to do so. authorization correct answer the process of determining exactly what an authenticated party can do.
m; simulates a real-world attack, as presumably an outside attacker would start from this same place. block cipher (symmetric algorithm) correct answer takes a predetermined number of bits (or binary digits, which are either a 1 or a 0), known as a block, and encrypts that block. m; a majority of the encryption algorithms currently in use. slower than stream ciphers, though are more versatile. more susceptible to errors in the encryption process. works better with messages whose sizes are fixed or known in advance, such as files, or messages whose sizes are reported in protocol headers. ex; Twofish, Serpent, Blowfish, CAST5, RC6, and IDEA. botnet correct answer a network of compromised systems. bounds checking correct answer setting a limit on the amount of data that can be taken in. ex; a field requiring a maximum input of 8. m; can nullify buffer overflow attacks. Java and C+ implement THIS automatically.
buffer overflow (or buffer overrun) correct answer an attack that works by inputting more data than an application is expecting; too much data could overwrite other areas in memory that are used by other apps or the os. business continuity planning correct answer the plans put in place to ensure critical business functions can continue during an emergency. capability correct answer a user's token or key that grants whoever currently has possession of it access to the resources the token has the permissions for. ex; the badge you might use to open the door of a building. categories of physical threats correct answer extreme temperature, gases, liquids, living organisms, projectiles, movement, and energy anomalies. centrally managed (or mobile device management - MDM) correct answer when many devices used in organizational environments have well-established sets of tools and features under the control of one main system that maintains them. ex; allows auto patching of vulnerabilities and upgrade of software, force users to change their passwords regularly, regulate and track installed software, and adjusting settings to policy standards. chain of custody (admissibility of records) correct answer being able to track information such as the location of the evidence over time, how exactly it passed from one person to another, and how it was protected while it was stored.
clean desk policy correct answer states that sensitive information shouldn't be left unattended on a desk for any significant period of time. clickjacking (user interface redressing) correct answer when an attacker places an invisible layer over something a client would normally click, causing the client to execute unwanted activities that's different than the one they think they're performing. m; takes advantage of the page rendering features that are available in newer web browsers. the attacker must legitimately control or have taken control of some portion of a website to make this attack possible. client-side attacks correct answer takes advantage of weaknesses in the software on the user-side or relies on social engineering to fool the user. ex; cross-site scripting (XSS), cross-site request forgery, clickjacking. cloud models correct answer the cloud provider must take responsibility for the portions of the environment that the users can't control. collectability (biometrics) correct answer measures how easy it is to acquire a characteristic. ex; commonly used biometrics, such as fingerprints, are easy to acquire. dna samples are more difficult to authenticate with, again-and-again.
compensating controls correct answer controls that replace impractical or unfeasible key controls. competitive counterintelligence correct answer the practice of managing the range of intelligence-gathering activities directed at an organization. competitive intelligence correct answer the process of intelligence gathering and analysis to support business decisions. compliance correct answer adherence to the rules and regulations that govern the information you handle and the industry within which you operate. there are two types: regulatory and industry. confidentiality (CIA triad) correct answer refers to our ability to protect data from those who are not authorized to view it. m; can be compromised in a number of ways; losing laptop with data, someone looking over your shoulder while entering password, email attachments sent to wrong people, attackers could penetrate your system. confused deputy problem correct answer a category of attack when software is tricked into misusing its greater level of authority to carry out an attack. m; typically occurs when the software has a greater level of permission to access the resource than the user who is controlling the software.
cryptographic algorithm (cipher) correct answer a specific computational procedure to encrypt the plaintext or decrypt the ciphertext using a key or several keys (passwords, etc.). m; the length of the key determines the strength. three main kinds are: symmetric key cryptography, asymmetric key cryptography, and hash functions. cryptography correct answer the science of protecting the confidentiality and integrity of data; a key part of the vast set of transactions that take place over your devices daily. m; a system should not require secrecy; even if people know the encryption process, they should still not be able to break the encryption unless they have the key itself. provides a mechanism to protect data at rest, data in motion, and, to a certain extent, data in use. data at rest and in motion (and in use) correct answer data at rest is stored data not in the process of being moved; usually protected with encryption at the level of the file or the entire storage device. data in motion is data that is in the process of being moved; usually protected with encryption, but in this case the encryption protects the network protocol or the path of the data.
data in use is the data that is actively being accessed at the moment. protection includes permissions and authentication of users. could be conflated with data in motion. decryption correct answer the process of recovering the plaintext message from the ciphertext. deep packet inspection (firewall) correct answer capable of analyzing the content of traffic that flows through them; able to reassemble the contents of the traffic to see what it will deliver. m; raises privacy concerns. defense by layer correct answer the layers of your defense-in-depth strategy will vary depending on situation and environment. logical (nonphysical) layers: external network, network perimeter, internal network, host, application, and data layers as areas to place your defenses. m; defenses for layers can appear in more than one area. penetration testing, for example, can and should be used in all layers. defense in depth correct answer the basic concept is to formulate a multilayered defense; the goal is to place enough defensive measures between your truly important assets and the attacker so that you'll notice that an attack is in progress and have enough time to prevent it.
activity; including doors or windows opening, glass breaking, movement, and temperature changes. ex; burglar alarms, human or animal guards. deterrence (accountability) correct answer accountability causes THIS against misbehavior in your environments. m; the key to THIS is making it clear to people that they will be held accountable for their actions; achieved through auditing and monitoring. deterrent controls (physical security controls) correct answer are designed to discourage those seeking to violate security controls by indicating security measures. ex; security signs: beware of dog, cameras on premises, intruders will be shot, etc.. digital certificates correct answer an electronic document used to associate an individual, a server, or an organization with a public key; the purpose is to verify an identity. m; the receiver can check with a certificate authority to determine whether the certificate is legitimate. ex; think of THIS as a driver's license and a certificate authority as the DMV.
digital signature correct answer an extension of hash functions to guarantee a message has not been altered. m; encrypts the hash with the public key of an asymmetric algorithm to ensure that the message was sent by the expected party and to ensure nonrepudiation on the part of the sender. directory traversal attacks correct answer occurs when attackers gain access to files outside of the web server's structure by moving up one level of a directory using commands. m; can be stopped with careful validating of inputs allowed and filtering out certain characters. disaster recovery plan correct answer the plans put in place to prepare for a potential disaster, including what exactly to do during and after a disaster strikes. ex; evacuation routes or designated meeting places. discovery (penetration testing) correct answer the beginning of the active testing phase; running of and going over the results of the vulnerability assessment. discretionary access control (DAC) (access control model) correct answer a model where the owner of the resource determines who gets access to it and exactly what level of access they can have. dynamic analysis (application penetration) correct answer involves testing the application while it's in operation.
