Pages

UGRD-IT6205A Information Assurance and Security 1

 


Security architecture introduces its own normative flows through systems and among applications.

TRUE

Security architecture introduces unique, single-purpose components in the design

TRUE

Security architecture calls for its own unique set of skills and competencies of the enterprise and IT architects

TRUE

Security architecture composes its own discrete views and viewpoints.

TRUE

Security architecture addresses non-normative flows through systems and among applications

TRUE

During troubleshooting, the administrator notices the following entry: O*E2 0.0.0.0/0 [110/1] via 192.168.16.3, 00:20:22, Serial0/0/0 What information can be gathered from this output?

This route is a propagated default route.

At the start with the Cisco IOS Software Release 15.0, which license is a prerequisite for installing additional technology pack licenses?

IPBase

In Scaling Networks as discussed in chapter 8, If all router Ethernet interfaces in an EIGRP network are configured with the default EIGRP timers, how long(hold timer) will a router wait by default to receive an EIGRP packet from its neighbor before declaring the neighbor unreachable?

15 sec

The network engineer of RMS University has configured the hello interval to 15 seconds on an interface of a router that is running OSPFv2. By default, how will the dead interval on the interface be affected?

The dead interval will now be 60 seconds

Among the choices below which command would you use, If you want to disable STP on a port connected to a server?

spanning-tree portfast

In todays network technology which network design solution will best extend access layer connectivity to host devices?

I Implementing wireless connectivity

During the troubleshooting in RPN Radio/TV Network , there are 2 routers, R1 and R2, have established an EIGRP neighbor relationship, but still ip connectivity problem still persist. Which issue could be causing this problem?

An access list that is blocking the advertisements from othernetworks was configured in each or both routers

RMSRouter# show ip protocols Routing Protocol is “eigrp 109” Outgoing update filter list for all interfaces is not set  Incoming update filter list for all interfaces is not set  Default networks flagged in outgoing updates  Default networks accepted from incoming updates  EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0  EIGRP maximum hopcount 100  EIGRP maximum metric variance 1  Redistributing: eigrp 109 Automatic network summarization is in effect  Automatic address summarization: 20.0.0.0/0 for FastEthernet0/1 Summarizing with metric 28160 172.30.0.0/16 for FastEthernet0/0  Summarizing with metric 28160  Maximum path: 4  Routing for Networks:  20.0.0.0  172.30.0.0  192.160.1.0  Routing Information Sources: Gateway Distance Last Update 20.10.10.2 90 260796 172.30.10.2 90 454765 Distance: internal 90 external 170 How many paths can the EIGRP routing process use to forward packets from RMSRouter to a neighbor router?

4 equal-cost paths

In the understanding of dynamic routing protocol operations. A scenario where a router has learned three possible routes that could be used to reach a destination network. One route is from EIGRP and has a composite metric of 20514560. Another route is from OSPF with a metric of 782. The last is from RIPv2 and has a metric of 4. Which route or routes will the router will install in the routing table?

the EIGRP route

Among the listed network subnet below, which two networks are part of the summary route 192.168.32.0/22?  1. 192.168.36.0/24 2. 192.168.33.0/24 3. 192.168.35.0/24 4. 192.168.31.0/24 5. 192.168.37.0/24 6. 192.168.38.0/24

2 & 3

During the implementation what is the term used to express the thickness or height of a switch?

Rack Unit or RU

What wireless LAN technology that operates in the range of a few hundred feet?

WLAN

How long is the evaluation license period for Cisco IOS Release 15.0 software packages?

60 days

When a range of ports is being configured for EtherChannel, which mode will configure LACP so that it initiates the EtherChannel negotiation?

active

Among the listed below, Which is a characteristic of manual router summarization?

reduces total number of routes in routing tables

Standard Electric Company is planning the implementation of Rapid PVST+ on a production network. How are the Rapid PVST+ link types determined on the switch interfaces?

Link types are determined automatically.

What wireless LAN technology that is an IEEE 802.16 WWAN standard that provides wireless broadband access of up to 30mi (50km)?

WIMAX

A good example of our learning in chapter 9 is what code in the Cisco IOS 15 image filename C1900- UNIVERSALK9-MZ.SPA.153-3.M.BIN Indicates that the file is digitally signed by Cisco?

SPA

Which among the listed below are two types of spanning tree protocols can cause suboptimal traffic flows because they assume only one spanning-tree instance for the entire bridged network?

STP & RSTP

Which among the listed below is an advantage of PVST+?

PVST+ optimizes performance on the network through load sharing.

How much traffic for a 24port gigabit switch capable of generating when operating at full wire speed?

24 Gb/s, by providing full bandwidth to each port

In OSPFv2 operations which command can be used to verify the contents of the LSDB in an OSPF area?

show ip ospf database

Which among the listed below is the global configuration command is used to enable Rapid PVST+?

Spanning-tree mode rapid-pvst

What do you called the number of ports available on a single switch?

Port density

In configuring link aggregation an EtherChannel link using LACP was formed between two switches, S1 and S2. While verifying the configuration, which mode combination could be utilized on both switches?

S1-passive and S2-active

Referring to the sample result above, a network specialist has configured eigrp authentication between routers R! and R2. After there routing tables are received, it is noted that neither router is receiving eigrp updates. What is a possible cause for this failure?

The same autonomous system numbers must be used in the interface configurations of each router

As discussed in Chapter 2 of Scaling Networks , which non-proprietary protocol provides router redundancy for a group of routers which support IPv4 LANs?

VRRPv2

Which feature of EIGRP supports AppleTalk, IP version 4 (IPv4), IP version 6 (IPv6), and Novell Internetwork Packet Exchange (IPX)?

Multiple network layer support

In case a router is powered on, where will the router first search for a valid IOS image to load by default?

flash memory

In understanding link aggregation which protocol is an IEEE standard, it can be used to facilitate EtherChannels in multivendor environments?

LACP

What area interconnects with all other OSPF area types?

Backbone

Which statement is true regarding the use of PAgP to create EtherChannels?

It is Cisco proprietary.

Which two functional parts of the network are combined to form a collapsed core design as discussed in Cisco Enterprise Architecture?

distribution and core layer

As discussed in chapter 7, when an EIGRP-enabled router uses a password to accept routes from other EIGRP-enabled routers, which mechanism is used?

EIGRP authentication

Among the listed below, which command can be issued on a router to verify that automatic summarization is enabled?

Show ip protocols

What is the default hello timer value for STP BPDU frames?

2 seconds

Establish architecture artifact, design, and code reviews and define acceptance criteria for the successful implementation of the findings

: Phase G: Implementation governance

Determine who are the legitimate actors who will interact with the product/service/process

Phase B: Business Architecture

Assess and baseline current security-specific technologies

Phase D: Technology Architecture

Security policies and procedures also should help the organization implement the elements needed to support the architecture.

TRUE

Trusted Zone in User LAN Zone

Desktop Computers,Laptop Computers,Kioks

The architecture also should be strategic it must be structured in a way that supports the organization’s business goals.

TRUE

To align these components effectively, the se

TRUE

Untrusted Zone in General Internet Connection Zone

Proxy Servers, Mail Relay Servers, Forwarding DNS

Identity Management is an integrated system of company policies, processes, and technologies .

TRUE

Unclear security roles and responsibilities need to be established for all company users .

FALSE

Untrusted Zone in VPN Connection Zone

Internet Ingress, Private Network VPN Ingress,Authentication,Authorization,Administration Services

Is a measure of confidence that the security features,  practices, procedures, and architecture of a system accurately  mediates and enforces the security policy

Assurance

Semi Trusted Zone in Wireless Connectivity Zone

Access Points, Authentication, Authorization, Administration Services

Semi Trusted Zone in Dial up Connectivity Zone

Remote Access Servers, Terminal Services

Is it true or false. Encrypting all personal information when saved on different storage media is some basic steps in storing personal data.

TRUE

Is a collection of all the trust  mechanisms of a computer system which collectively enforce the  policy

TCB

Is the process by which an asset is managed from its  arrival or creation to its termination or destruction.

Lifecycle

Is it true or false. The use of complex, unique, hard to guess or break passwords, consisting of numbers, upper/lower case letters and special characters is some basic steps in storing personal data.

TRUE

Research, target identification and selection: it may be looking for e-mail addresses, social relationships, or data about a particular technology, information displayed on various websites;

Reconnaissance

Acceptance, avoidance, mitigation,  transfer—are with respect to a specific risk for a specific pary.

The risk treatment

Acronym for TCB?

Trusted Computing Base

These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Action on objective

Risk Management Procedure consists of six steps.

Assess assets, Assess threats, Assess vulnerabilities, Assess risks, Prioritize countermeasure options and Make risk management decisions

After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Action on Objective

What are the steps in intrusion model?

Recon, Weaponise, Deliver, Exploit, Install, C2 and Action

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;

Delivery

Shift the risk to someone else.

Risk Transfer

Taking actions to reduce the losses due to a risk;  many technical countermeasures fall into this  category

Risk mitigation

Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories: access security level and service security level.

Prevent Cyber-Attacks

Failure of the mechanism may destroy the basis for trust.

Trust

Is a generic term that implies a mechanism in place to  provide a basis for confidence in the reliability/security of the  system.

Trust

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access control.

Prevent Cyber-Attacks

Seven Stages of lifecycle model

Requirements, Design, Coding, Testing, Deployment, Production and Decommission

The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

Exploitation

Risks not avoided or transferred are retained by  the organization.

Risk Acceptance

Not performing an activity that would incur risk.

Risk Avoidance

Is it true or false. Storage the minimum required data online and maximum discretion in providing them to a third party (users, companies) is some basic steps in storing personal data.

TRUE

Infecting a victim system with a computer trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment;

Installation

Is it true or false. Using encrypted versions of protocols when sensitive information is exchanged so as to ensure data confidentiality and prevent identity theft is some basic steps in storing personal data.

TRUE

Are the security features of a system that  provide enforcement of a security policy.

Trust mechanism

Transmitting the weapon to the target environment. 

Delivery

Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

Command and Control

Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

Command and control

Is it true or false. An additional risk occurs when personal information is stored in client accounts on commercial websites, which may become the target of cyber-attacks anytime, so stored data becomes vulnerable is some basic steps in storing personal data.

TRUE

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

Exploitation

Making a malware application (for example, a computer trojan) that, combined with an exploitable security breach, allows remote access. Moreover, PDF (Portable Document Format) files or Microsoft Office suite-specific files can be regarded as weapons available to the attacker;

Weaponization

These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Action on objective

After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Action on objective

Assess and baseline current security-specific technologies. What phase is that?

Phase D: Technology Architecture

Are the security features of a system that  provide enforcement of a security policy

Trust mechanism

Risks not avoided or transferred are retained by  the organization

Risk Acceptance

Are applicable to ensuring that security requirements are addressed in subsequent phases of the ADM. What phase is that?

Phase A: Architecture Vision

Definition of relevant stakeholders and discovery of their concerns and objectives will require development of a high-level scenario. What phase is that?

Phase A: Architecture Vision

Assess and baseline current security-specific architecture elements. What phase is that?

Phase C: Information System Architecture

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

Exploitation

This refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.

cyber security

Identify existing security services available for re-use. What phase is that?

Phase E: Opportunities & Solutions

From the Baseline Security Architecture and the Enterprise Continuum, there will be existing security infrastructure and security building blocks that can be applied to the requirements derived from this architecture development engagement. What phase is that?

Phase E: Opportunities & Solutions

Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

Command and control

A full inventory of architecture elements that implement security services must be compiled in preparation for a gap analysis. What phase is that?

Phase C: Information System Architecture

Following a cyber risk assessment, develop and implement a plan to mitigate cyber risk and protect the “_____________” outlined in the assessment. 

crown jewels 

The ability to test and prove that the enterprise architecture has the security attributes required to uphold the stated security policies.

Assurance

True or False: Identify the security governance involved, including legal frameworks and geographies (enterprises)

TRUE

Combining sound cyber security measures with an educated and security-minded employee base provides the best defense against ________________attempting to gain access to your company’s sensitive data.

cyber criminals 

True or False: Identify soft enterprise (units) - those who will see change to their capability and work with core units but are otherwise not directly affected

TRUE

No organization can be considered "safe" for any time beyond the last verification of adherence to its policy.

security 

This is "the environment in which communication over computer networks occurs.“

cyberspace

Are applicable to ensuring that security requirements are addressed in subsequent phases of the ADM

Phase A: Architecture Vision

From the Baseline Security Architecture and the Enterprise Continuum, there will be existing security infrastructure and security building blocks that can be applied to the requirements derived from this architecture development engagement. What phase is that?

Phase E: Opportunities & Solutions

True or False: Risk analysis documentation

TRUE

Identify existing security services available for re-use

Phase E: Opportunities & Solutions

The organization's attitude and tolerance for risk.

Risk Management

Changes in security standards are usually less disruptive since the trade-off for their adoption is based on the value of the change. However, standards changes can also be mandated. What phase is that?

Phase H: Architecture Change Mana

This is not a type of application security. 

photo enhancement

Every system will rely upon resources that may be depleted in cases that may or may not be anticipated at the point of system design. What phase is that?

Phase D: Technology Architecture

True or False: Identify communities involved (enterprises) - those stakeholders who will be affected by security capabilities and who are in groups of communities

TRUE

Assess the impact of new security measures upon other new components or existing leveraged systems. What phase is that?

Phase F: Migration Planning

The ability to provide forensic data attesting that the systems have been used in accordance with stated security policies.

Audit

Revisit assumptions regarding interconnecting systems beyond project control, Identify and evaluate applicable recognized guidelines and standards and Identify methods to regulate consumption of resources. What phase is that?

Phase D: Technology Architecture

The ability to add and change security policies, add or change how policies are implemented in the enterprise, and add or change the persons or entities related to the systems.

Administration

In a phased implementation the new security components are usually part of the infrastructure in which the new system is implemented. The security infrastructure needs to be in a first or early phase to properly support the project. What phase is that?

Phase F: Migration Planning

Many security vulnerabilities originate as design or code errors and the simplest and least expensive method to locate and find such errors is generally an early review by experienced peers in the craft. What phase is that?

Phase G: Implementation Governance

True or False: Data classification policy documentation

TRUE

Development of the business scenarios and subsequent high-level use-cases of the project concerned will bring to attention the people actors and system actors involved. What phase is that?

Phase B: Business Architecture

Determine who are the legitimate actors who will interact with the product/service/process. What phase is that?

. Phase B: Business Architecture

True or False: Identify extended enterprise (units) - those units outside the scoped enterprise who will need to enhance their security architecture for interoperability purposes

TRUE

The definition and enforcement of permitted capabilities for a person or entity whose identity has been established.

Authentication

Establish architecture artifact, design, and code reviews and define acceptance criteria for the successful implementation of the findings. What phase is that?

Phase G: Implementation Governance

Security architecture introduces unique, single-purpose components in the design.

TRUE

Security architecture calls for its own unique set of skills and competencies of the enterprise and IT architects.

TRUE

True or False: Written and published security policy

TRUE

The following security specifics appropriate to the security architecture must be addressed within each phase in addition to the generic phase activities. What phase is that?

Phase A: Architecture Vision

True or False: Business rules regarding handling of data/information assets

TRUE

Security architecture addresses non-normative flows through systems and among applications.

TRUE

Security architecture composes its own discrete views and viewpoints

TRUE

Security architecture has its own discrete security methodology.

TRUE

A significant portion of data can be sensitive information, whether that be __________________, financial data, personal information, or other types of data for which unauthorized access or exposure could have negative consequences. 

intellectual property

True or False:  Identify core enterprise (units) - those who are most affected and achieve most value from the security work

TRUE

True or False: Codified data/information asset ownership and custody

TRUE

The substantiation of the identity of a person or entity related to the enterprise or system in some way

Authentication

These are all common examples of network security implementation except one. 

clean storage feature

Changes in security requirements are often more disruptive than a simplification or incremental change. Changes in security policy can be driven by statute, regulation, or something that has gone wrong. What phase is that?

Phase H: Architecture Change Management

The state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this. 

cyber security

The ability of the enterprise to function without service interruption or depletion despite abnormal or malicious events.

Availability

Negotiations are much more accessible over networks, causing the adoption of security measures during the development phase to be an imperative phase of the project

FALSE

Failure to protect sensitive information can result in __________ issued by regulatory agencies or lawsuits from other companies or individuals.

fines

This consists of the cyber-physical systems that modern societies rely on

critical infrastructure security 

This is not an example of critical infrastructure. 

agricultural farm

The organizations and the government have focused most of their cyber security resources on perimeter security to protect all the encrypted system components.

FALSE

The substantiation of the identity of a person or entity related to the enterprise or system in some way.

Authentication

The protection of information assets from loss or unintended disclosure, and resources from unauthorized and unintended use

Risk Management

As the volume and sophistication of cyber attacks grow, companies and organizations need to take steps to protect their sensitive business and personnel information.

TRUE

This advises that companies must be prepared to “respond to the inevitable cyber incident, restore normal operations, and ensure that company assets and the company’s reputation are protected.” 

NCSA

These are constantly creating and implementing new security tools to help enterprise users better secure their data.

cloud providers

This issued guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessment. 

National Institute of Standards and Technology

This ensures that internal networks are secure by protecting the infrastructure and inhibiting access to it.

network security 

_______________ should also consider any regulations that impact the way the company collects, stores, and secures data, such as PCI-DSS, HIPAA, SOX, FISMA. 

Cyber Risk Assessment 

This recommends a top-down approach to cyber security in which corporate management leads the charge in prioritizing cyber security management across all business practices

National Cyber Security Alliance

The data is more secure when stored on physical servers and systems the user owned and controlled.

FALSE

In addition to security, information assurance ensures the identified answers except one

enhanced visuals

This is an assurance that the systems responsible for delivering, storing, and processing information are accessible when needed, by those who need them.

availability 

Organizations transmit sensitive data across networks and to other devices in the course of doing businesses, and this describes the discipline dedicated to protecting that information and the systems used to process or store it.

cyber security 

In IA, this automatically happened as well as availability and reliable and timely access to information.

confidentiality

All are benefits of information protection except one. 

e-mailing the suppliers and partners with updated services

This assured that the information is authentic and complete. 

integrity 

IA is a protection of information and information systems from ______________ access, use, disclosure, disruption, modification, or destruction.

unauthorized

_____________ means that someone cannot deny having completed an action because there will be proof that they did it.

nonrepudiation

__________________ can be thought of as a sub-discipline or component of information assurance. 

information protection

Confidentiality means preserving authorized _______________ on access and disclosure, including means for protecting personal privacy and proprietary information.

restrictions

Information Assurance focuses on ensuring the quality, reliability, and ______________ of information in addition to keeping it protected.

retrievability

Availability means ensuring ____________and reliable access to and use of information.

timely

Maintaining _____________ with the regulatory standards is one of the most important benefits of information protection. 

compliance

_____________is the measure that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. 

IA

Integrity means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and _________________.

authenticity

Information protection employs security solutions, _______________, and other technologies, as well as policies and processes, to secure information

encryption

This means that only those authorized to view information are allowed access to it.

confidentiality

Protecting the authentication can involve protecting against malicious code, hackers, and any other threat that could block access to the information system.

FALSE

This involves ensuring that the users are who they say are and one of the most famous method to secure this is by using password.

authentication

Integrity is the most important character trait of Information Assurance. 

TRUE

An IA Specialist must have a thorough understanding of IT and how information systems work and are interconnected.

TRUE

IA takes steps to maintain integrity, such as having anti-virus software in place so that data will not be altered or destroyed, and having policies in place.

TRUE

Which one is not a character trait of information assurance?

communicability

Which one is not a security threat in the IT world?

cyber bullying

IA is a special subject under Information Technology program. 

FALSE

Information Assurance refers to the steps involved in protecting information systems - like reproducing three copies of uploaded articles and journals.

FALSE

Assurance that the information is authentic and complete.

Availability

Availability:Assurance that the systems responsible for delivering, storing and processing information are accessible when needed, by those who need them.

TRUE

Four Security Domains

The correct answers are: Physical Security, Personnel Security, IT Security, Operational Security

Consists of employees, former employees and contractors.

Insiders

Is a process, not an end state

Security

Type of Concept for Cybercrime

Digital Underground, Underground Economy, Phishing, Hacktivism, Cyberwar:Estonia Case and Stuxnet

Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.

TRUE

Raw facts with an unknown coding system

Noise

Is thestudy of how to protect your informationassets from destruction, degradation, manipulation and exploitation.

Information Assurance

Operational Security

Is the inherenttechnical features and functions that collectively contribute to an IT infrastructure achieving and sustaining confidentiality, integrity, availability, accountability,

IT Security

Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets.

TRUE

Security measures to establish the validity of a transmission, message, or originator.

Authentication

Assurancethat information is shared only among authorized persons or organizations.

Confidentiality

Availability: Availability of information refers to ensuring that authorized parties are able to access the information when needed

TRUE

Three distinct levels:

The correct answers are: Physical, Perceptual, Desired Effects

Is roughly equivalent to privacy

Confidentiality

Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.

TRUE

Cyberspace is "the environment in which communication over computer networks occurs.“

TRUE

Concept of Cybercrime

TRUE

Physical attack anddestruction, including: electromagnetic attack, visual spying, intrusion, scavenging and removal, wiretapping, interference, and eavesdropping.

Attacker's Operations

Is data endowed with relevance and purpose.

Information

Is the process of maintaining an acceptable level of perceived risk

Security

Converting data into information thus requires knowledge

Information

Three Features of Security

Confidentiality, Integrity and Availability

Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets.

TRUE

Assurance that information is shared only among authorized persons or organizations.

Confidentiality

Information

Information and data manipulation

Information Infrastructure

Availability:Assurance that the systems responsible for delivering, storing and processing information are accessible when needed, by those who need them.

TRUE

Cyberspace is "the environment in which communication over computer networks occurs.“

TRUE

Assurance that thesender is provided with proof of a datadelivery and recipient is provided with proof of the sender’s identity, so that neither can later deny having processed the data.

Non-repudiation

To affect the technical performance and the capability of physical systems, to disrupt the capabilities of the defender.

Desired Effects

Assurance that information is not disclosed to unauthorized persons

Confidentiality

In information security, data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle.

TRUE

Raw facts with a known coding system

Data

Cyber Crime Computer crime, or cybercrime, is any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target.

TRUE

(IA) is the study of how to protect your information assets from destruction, degradation, manipulation and exploitation.

TRUE

Assurance that the information is authentic and complete.

Availability

Processed data

Information

Refers to the protection of hardware, software, and data against physical threats to reduce or prevent disruptions to operations and services and loss of assets.”

Physical Security

variety of ongoing measures taken to reduce the likelihood and severity of accidental and intentional alteration, destruction, misappropriation, misuse, misconfiguration, unauthorized distribution, and unavailability of an organization’s logical and physical assets, as the result of action or inaction by insiders and known outsiders, such as business partners.”

Personnel Security

Six Concept of CyberCrime

Digital Underground, Underground Economy, Phishing, Hacktivism, Cyberwar:Estonia Case and Stuxnet

Availability: Availability of information refers to ensuring that authorized parties are able to access the information when needed

TRUE

Protection against unauthorized modification or destruction of information

Integrity

It should be: accurate, timely, complete, verifiable, consistent, available.

Knowledge

Is a process, not an end state

Security

Timely, reliable access to data and information services for authorized users;

Availability

In information security, data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle.

TRUE

Four Security Domain

Physical Security, Personnel Security, IT Security and Operational Security

Information security technical measures such as: encryption and key management, intrusion detection, anti-virus software, auditing, redundancy, firewalls, policies and standards.

Defender's Operations

Actions taken that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality

TRUE

Data and data processing activities in physical space;

Physical

Is the process of maintaining an acceptable level of perceived risk

Security

Three Features of Security

Confidentiality

Accepted facts, principles, or rules of thumb that are useful for specific domains.

Knowledge

 

No comments:

Post a Comment

Data Communications and Networking 3

  In case a router is powered on, where will the router first search for a valid IOS image to load by default? flash memo...