|
Security architecture
introduces its own normative flows through systems and among applications. |
TRUE |
|
Security architecture
introduces unique, single-purpose components in the design |
TRUE |
|
Security architecture
calls for its own unique set of skills and competencies of the enterprise and
IT architects |
TRUE |
|
Security architecture
composes its own discrete views and viewpoints. |
TRUE |
|
Security architecture
addresses non-normative flows through systems and among applications |
TRUE |
|
During
troubleshooting, the administrator notices the following entry: O*E2
0.0.0.0/0 [110/1] via 192.168.16.3, 00:20:22, Serial0/0/0 What information
can be gathered from this output? |
This route is a propagated
default route. |
|
At the start with the
Cisco IOS Software Release 15.0, which license is a prerequisite for
installing additional technology pack licenses? |
IPBase |
|
In Scaling Networks as
discussed in chapter 8, If all router Ethernet interfaces in an EIGRP network
are configured with the default EIGRP timers, how long(hold timer) will a
router wait by default to receive an EIGRP packet from its neighbor before
declaring the neighbor unreachable? |
15 sec |
|
The network engineer
of RMS University has configured the hello interval to 15 seconds on an
interface of a router that is running OSPFv2. By default, how will the dead
interval on the interface be affected? |
The dead interval will now
be 60 seconds |
|
Among the choices
below which command would you use, If you want to disable STP on a port
connected to a server? |
spanning-tree portfast |
|
In todays network
technology which network design solution will best extend access layer
connectivity to host devices? |
I Implementing wireless
connectivity |
|
During the
troubleshooting in RPN Radio/TV Network , there are 2 routers, R1 and R2,
have established an EIGRP neighbor relationship, but still ip connectivity
problem still persist. Which issue could be causing this problem? |
An access list that is
blocking the advertisements from othernetworks was configured in each or both
routers |
|
RMSRouter# show ip
protocols Routing Protocol is “eigrp 109” Outgoing update filter list for all
interfaces is not set Incoming update filter list for all interfaces is
not set Default networks flagged in outgoing updates Default
networks accepted from incoming updates EIGRP metric weight K1=1, K2=0,
K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric
variance 1 Redistributing: eigrp 109 Automatic network summarization is
in effect Automatic address summarization: 20.0.0.0/0 for
FastEthernet0/1 Summarizing with metric 28160 172.30.0.0/16 for
FastEthernet0/0 Summarizing with metric 28160 Maximum path:
4 Routing for Networks: 20.0.0.0 172.30.0.0
192.160.1.0 Routing Information Sources: Gateway Distance Last Update
20.10.10.2 90 260796 172.30.10.2 90 454765 Distance: internal 90 external 170
How many paths can the EIGRP routing process use to forward packets from
RMSRouter to a neighbor router? |
4 equal-cost paths |
|
In the understanding
of dynamic routing protocol operations. A scenario where a router has learned
three possible routes that could be used to reach a destination network. One
route is from EIGRP and has a composite metric of 20514560. Another route is
from OSPF with a metric of 782. The last is from RIPv2 and has a metric of 4.
Which route or routes will the router will install in the routing table? |
the EIGRP route |
|
Among the listed
network subnet below, which two networks are part of the summary route
192.168.32.0/22? 1. 192.168.36.0/24 2. 192.168.33.0/24 3.
192.168.35.0/24 4. 192.168.31.0/24 5. 192.168.37.0/24 6. 192.168.38.0/24 |
2 & 3 |
|
During the
implementation what is the term used to express the thickness or height of a
switch? |
Rack Unit or RU |
|
What wireless LAN
technology that operates in the range of a few hundred feet? |
WLAN |
|
How long is the
evaluation license period for Cisco IOS Release 15.0 software packages? |
60 days |
|
When a range of ports
is being configured for EtherChannel, which mode will configure LACP so that
it initiates the EtherChannel negotiation? |
active |
|
Among the listed
below, Which is a characteristic of manual router summarization? |
reduces total number of
routes in routing tables |
|
Standard Electric
Company is planning the implementation of Rapid PVST+ on a production
network. How are the Rapid PVST+ link types determined on the switch
interfaces? |
Link types are determined
automatically. |
|
What wireless LAN
technology that is an IEEE 802.16 WWAN standard that provides wireless
broadband access of up to 30mi (50km)? |
WIMAX |
|
A good example of our
learning in chapter 9 is what code in the Cisco IOS 15 image filename C1900-
UNIVERSALK9-MZ.SPA.153-3.M.BIN Indicates that the file is digitally signed by
Cisco? |
SPA |
|
Which among the listed
below are two types of spanning tree protocols can cause suboptimal traffic
flows because they assume only one spanning-tree instance for the entire
bridged network? |
STP & RSTP |
|
Which among the listed
below is an advantage of PVST+? |
PVST+ optimizes
performance on the network through load sharing. |
|
How much traffic for a
24port gigabit switch capable of generating when operating at full wire
speed? |
24 Gb/s, by providing full
bandwidth to each port |
|
In OSPFv2 operations
which command can be used to verify the contents of the LSDB in an OSPF area? |
show ip ospf database |
|
Which among the listed
below is the global configuration command is used to enable Rapid PVST+? |
Spanning-tree mode
rapid-pvst |
|
What do you called the
number of ports available on a single switch? |
Port density |
|
In configuring link
aggregation an EtherChannel link using LACP was formed between two switches,
S1 and S2. While verifying the configuration, which mode combination could be
utilized on both switches? |
S1-passive and S2-active |
|
Referring to the
sample result above, a network specialist has configured eigrp authentication
between routers R! and R2. After there routing tables are received, it is
noted that neither router is receiving eigrp updates. What is a possible cause
for this failure? |
The same autonomous system
numbers must be used in the interface configurations of each router |
|
As discussed in
Chapter 2 of Scaling Networks , which non-proprietary protocol provides
router redundancy for a group of routers which support IPv4 LANs? |
VRRPv2 |
|
Which feature of EIGRP
supports AppleTalk, IP version 4 (IPv4), IP version 6 (IPv6), and Novell
Internetwork Packet Exchange (IPX)? |
Multiple network layer
support |
|
In case a router is
powered on, where will the router first search for a valid IOS image to load
by default? |
flash memory |
|
In understanding link
aggregation which protocol is an IEEE standard, it can be used to facilitate
EtherChannels in multivendor environments? |
LACP |
|
What area
interconnects with all other OSPF area types? |
Backbone |
|
Which statement is
true regarding the use of PAgP to create EtherChannels? |
It is Cisco proprietary. |
|
Which two functional
parts of the network are combined to form a collapsed core design as
discussed in Cisco Enterprise Architecture? |
distribution and core
layer |
|
As discussed in
chapter 7, when an EIGRP-enabled router uses a password to accept routes from
other EIGRP-enabled routers, which mechanism is used? |
EIGRP authentication |
|
Among the listed
below, which command can be issued on a router to verify that automatic
summarization is enabled? |
Show ip protocols |
|
What is the default
hello timer value for STP BPDU frames? |
2 seconds |
|
Establish architecture
artifact, design, and code reviews and define acceptance criteria for the
successful implementation of the findings |
: Phase G: Implementation
governance |
|
Determine who are the
legitimate actors who will interact with the product/service/process |
Phase B: Business
Architecture |
|
Assess and baseline
current security-specific technologies |
Phase D: Technology
Architecture |
|
Security policies and
procedures also should help the organization implement the elements needed to
support the architecture. |
TRUE |
|
Trusted Zone in User
LAN Zone |
Desktop Computers,Laptop
Computers,Kioks |
|
The architecture also
should be strategic it must be structured in a way that supports the
organization’s business goals. |
TRUE |
|
To align these
components effectively, the se |
TRUE |
|
Untrusted Zone in
General Internet Connection Zone |
Proxy Servers, Mail Relay
Servers, Forwarding DNS |
|
Identity Management is
an integrated system of company policies, processes, and technologies . |
TRUE |
|
Unclear security roles
and responsibilities need to be established for all company users . |
FALSE |
|
Untrusted Zone in VPN
Connection Zone |
Internet Ingress, Private
Network VPN Ingress,Authentication,Authorization,Administration Services |
|
Is a measure of
confidence that the security features, practices, procedures, and
architecture of a system accurately mediates and enforces the security
policy |
Assurance |
|
Semi Trusted Zone in
Wireless Connectivity Zone |
Access Points,
Authentication, Authorization, Administration Services |
|
Semi Trusted Zone in
Dial up Connectivity Zone |
Remote Access Servers,
Terminal Services |
|
Is it true or
false. Encrypting all personal information when saved on different
storage media is some basic steps in storing personal data. |
TRUE |
|
Is a collection of all
the trust mechanisms of a computer system which collectively enforce
the policy |
TCB |
|
Is the process by
which an asset is managed from its arrival or creation to its
termination or destruction. |
Lifecycle |
|
Is it true or false.
The use of complex, unique, hard to guess or break passwords, consisting of
numbers, upper/lower case letters and special characters is some basic steps
in storing personal data. |
TRUE |
|
Research, target
identification and selection: it may be looking for e-mail addresses, social
relationships, or data about a particular technology, information displayed
on various websites; |
Reconnaissance |
|
Acceptance, avoidance,
mitigation, transfer—are with respect to a specific risk for a specific
pary. |
The risk treatment |
|
Acronym for TCB? |
Trusted Computing Base |
|
These actions
typically consist of collecting information, modifying data integrity, or
attacking the availability of services and devices, but the victim system can
also be used as a starting point for infecting other systems or for expanding
access to the local network. |
Action on objective |
|
Risk Management
Procedure consists of six steps. |
Assess assets, Assess
threats, Assess vulnerabilities, Assess risks, Prioritize countermeasure
options and Make risk management decisions |
|
After the first six
phases, an attacker can act to achieve the goals. These actions typically
consist of collecting information, modifying data integrity, or attacking the
availability of services and devices, but the victim system can also be used
as a starting point for infecting other systems or for expanding access to
the local network. |
Action on Objective |
|
What are the steps in
intrusion model? |
Recon, Weaponise, Deliver,
Exploit, Install, C2 and Action |
|
The main ways of
transport are e-mails (attachment of infected files), web platforms (running
malware scripts), or removable USB memories; |
Delivery |
|
Shift the risk to
someone else. |
Risk Transfer |
|
Taking actions to
reduce the losses due to a risk; many technical countermeasures fall
into this category |
Risk mitigation |
|
Logical
security consists in software that are necessary to control the access
to information and services of a system. The logical level is divided into
two categories: access security level and service security level. |
Prevent Cyber-Attacks |
|
Failure of the
mechanism may destroy the basis for trust. |
Trust |
|
Is a generic term that
implies a mechanism in place to provide a basis for confidence in the
reliability/security of the system. |
Trust |
|
Physical
security consist in the closure of IT equipment in a dedicated space and
the provision of access control. |
Prevent Cyber-Attacks |
|
Seven Stages of
lifecycle model |
Requirements, Design, Coding, Testing,
Deployment, Production and Decommission |
|
The infected file can
be used by the self-execution facility to launch the malware code, or it can
be executed by the user himself; |
Exploitation |
|
Risks not avoided or
transferred are retained by the organization. |
Risk Acceptance |
|
Not performing an
activity that would incur risk. |
Risk Avoidance |
|
Is it true or
false. Storage the minimum required data online and maximum discretion
in providing them to a third party (users, companies) is some basic
steps in storing personal data. |
TRUE |
|
Infecting a victim
system with a computer trojan, backdoor or other malware application of this
type that ensures the attacker’s presence in the target environment; |
Installation |
|
Is it true or
false. Using encrypted versions of protocols when sensitive information
is exchanged so as to ensure data confidentiality and prevent identity
theft is some basic steps in storing personal data. |
TRUE |
|
Are the security
features of a system that provide enforcement of a security policy. |
Trust mechanism |
|
Transmitting the
weapon to the target environment. |
Delivery |
|
Usually an infected
host must be accessible outside of the local network to establish a command
and control channel between the victim and the attacker. Once this
bidirectional communication has been made, an attacker has access inside the
target environment and can usually control the activity by manually launching
commands; |
Command and Control |
|
Once this
bidirectional communication has been made, an attacker has access inside the
target environment and can usually control the activity by manually launching
commands; |
Command and control |
|
Is it true or
false. An additional risk occurs when personal information is stored in
client accounts on commercial websites, which may become the target of
cyber-attacks anytime, so stored data becomes vulnerable is some basic steps
in storing personal data. |
TRUE |
|
After the weapon is
delivered to the victim, follows the targeting of an application or
vulnerability of the operating system. The infected file can be used by the
self-execution facility to launch the malware code, or it can be executed by
the user himself; |
Exploitation |
|
Making a malware
application (for example, a computer trojan) that, combined with an
exploitable security breach, allows remote access. Moreover, PDF (Portable
Document Format) files or Microsoft Office suite-specific files can be
regarded as weapons available to the attacker; |
Weaponization |
|
These actions
typically consist of collecting information, modifying data integrity, or
attacking the availability of services and devices, but the victim system can
also be used as a starting point for infecting other systems or for expanding
access to the local network. |
Action on objective |
|
After the first six
phases, an attacker can act to achieve the goals. These actions typically
consist of collecting information, modifying data integrity, or attacking the
availability of services and devices, but the victim system can also be used
as a starting point for infecting other systems or for expanding access to
the local network. |
Action on objective |
|
Assess and baseline
current security-specific technologies. What phase is that? |
Phase D: Technology
Architecture |
|
Are the security
features of a system that provide enforcement of a security policy |
Trust mechanism |
|
Risks not avoided or
transferred are retained by the organization |
Risk Acceptance |
|
Are applicable to
ensuring that security requirements are addressed in subsequent phases of the
ADM. What phase is that? |
Phase A: Architecture
Vision |
|
Definition of relevant
stakeholders and discovery of their concerns and objectives will require
development of a high-level scenario. What phase is that? |
Phase A: Architecture
Vision |
|
Assess and baseline
current security-specific architecture elements. What phase is that? |
Phase C: Information
System Architecture |
|
After the weapon is
delivered to the victim, follows the targeting of an application or
vulnerability of the operating system. The infected file can be used by the
self-execution facility to launch the malware code, or it can be executed by
the user himself; |
Exploitation |
|
This refers to the
body of technologies, processes, and practices designed to protect networks,
devices, programs, and data from attack, damage, or unauthorized access. |
cyber security |
|
Identify existing
security services available for re-use. What phase is that? |
Phase E: Opportunities
& Solutions |
|
From the Baseline
Security Architecture and the Enterprise Continuum, there will be existing
security infrastructure and security building blocks that can be applied to
the requirements derived from this architecture development engagement. What
phase is that? |
Phase E: Opportunities
& Solutions |
|
Usually an infected
host must be accessible outside of the local network to establish a command
and control channel between the victim and the attacker. Once this
bidirectional communication has been made, an attacker has access inside the
target environment and can usually control the activity by manually launching
commands; |
Command and control |
|
A full inventory of
architecture elements that implement security services must be compiled in
preparation for a gap analysis. What phase is that? |
Phase C: Information
System Architecture |
|
Following a cyber risk
assessment, develop and implement a plan to mitigate cyber risk and protect
the “_____________” outlined in the assessment. |
crown jewels |
|
The ability to test
and prove that the enterprise architecture has the security attributes
required to uphold the stated security policies. |
Assurance |
|
True or
False: Identify the security governance involved, including legal
frameworks and geographies (enterprises) |
TRUE |
|
Combining sound cyber
security measures with an educated and security-minded employee base provides
the best defense against ________________attempting to gain access to your
company’s sensitive data. |
cyber criminals |
|
True or
False: Identify soft enterprise (units) - those who will see change to
their capability and work with core units but are otherwise not directly
affected |
TRUE |
|
No organization can be
considered "safe" for any time beyond the last verification of
adherence to its policy. |
security |
|
This is "the
environment in which communication over computer networks occurs.“ |
cyberspace |
|
Are applicable to
ensuring that security requirements are addressed in subsequent phases of the
ADM |
Phase A: Architecture
Vision |
|
From the Baseline
Security Architecture and the Enterprise Continuum, there will be existing
security infrastructure and security building blocks that can be applied to
the requirements derived from this architecture development engagement. What
phase is that? |
Phase E: Opportunities
& Solutions |
|
True or
False: Risk analysis documentation |
TRUE |
|
Identify existing
security services available for re-use |
Phase E: Opportunities
& Solutions |
|
The organization's
attitude and tolerance for risk. |
Risk Management |
|
Changes in security
standards are usually less disruptive since the trade-off for their adoption
is based on the value of the change. However, standards changes can also be
mandated. What phase is that? |
Phase H: Architecture
Change Mana |
|
This is not a type of
application security. |
photo enhancement |
|
Every system will rely
upon resources that may be depleted in cases that may or may not be
anticipated at the point of system design. What phase is that? |
Phase D: Technology
Architecture |
|
True or
False: Identify communities involved (enterprises) - those stakeholders
who will be affected by security capabilities and who are in groups of
communities |
TRUE |
|
Assess the impact of
new security measures upon other new components or existing leveraged
systems. What phase is that? |
Phase F: Migration
Planning |
|
The ability to provide
forensic data attesting that the systems have been used in accordance with
stated security policies. |
Audit |
|
Revisit assumptions
regarding interconnecting systems beyond project control, Identify and
evaluate applicable recognized guidelines and standards and Identify methods
to regulate consumption of resources. What phase is that? |
Phase D: Technology
Architecture |
|
The ability to add and
change security policies, add or change how policies are implemented in the
enterprise, and add or change the persons or entities related to the systems. |
Administration |
|
In a phased
implementation the new security components are usually part of the
infrastructure in which the new system is implemented. The security
infrastructure needs to be in a first or early phase to properly support the
project. What phase is that? |
Phase F: Migration
Planning |
|
Many security
vulnerabilities originate as design or code errors and the simplest and least
expensive method to locate and find such errors is generally an early review
by experienced peers in the craft. What phase is that? |
Phase G: Implementation
Governance |
|
True or False: Data
classification policy documentation |
TRUE |
|
Development of the
business scenarios and subsequent high-level use-cases of the project
concerned will bring to attention the people actors and system actors
involved. What phase is that? |
Phase B: Business
Architecture |
|
Determine who are the
legitimate actors who will interact with the
product/service/process. What phase is that? |
. Phase B: Business
Architecture |
|
True or False:
Identify extended enterprise (units) - those units outside the scoped
enterprise who will need to enhance their security architecture for
interoperability purposes |
TRUE |
|
The definition and
enforcement of permitted capabilities for a person or entity whose identity
has been established. |
Authentication |
|
Establish architecture
artifact, design, and code reviews and define acceptance criteria for the
successful implementation of the findings. What phase is that? |
Phase G: Implementation
Governance |
|
Security architecture
introduces unique, single-purpose components in the design. |
TRUE |
|
Security architecture
calls for its own unique set of skills and competencies of the enterprise and
IT architects. |
TRUE |
|
True or
False: Written and published security policy |
TRUE |
|
The following security
specifics appropriate to the security architecture must be addressed within
each phase in addition to the generic phase activities. What phase is
that? |
Phase A: Architecture
Vision |
|
True or False:
Business rules regarding handling of data/information assets |
TRUE |
|
Security architecture
addresses non-normative flows through systems and among applications. |
TRUE |
|
Security architecture
composes its own discrete views and viewpoints |
TRUE |
|
Security architecture
has its own discrete security methodology. |
TRUE |
|
A significant portion
of data can be sensitive information, whether that be __________________,
financial data, personal information, or other types of data for which
unauthorized access or exposure could have negative consequences. |
intellectual property |
|
True or
False: Identify core enterprise (units) - those who are most
affected and achieve most value from the security work |
TRUE |
|
True or
False: Codified data/information asset ownership and custody |
TRUE |
|
The substantiation of
the identity of a person or entity related to the enterprise or system in
some way |
Authentication |
|
These are all common
examples of network security implementation except one. |
clean storage feature |
|
Changes in security
requirements are often more disruptive than a simplification or incremental
change. Changes in security policy can be driven by statute, regulation, or
something that has gone wrong. What phase is that? |
Phase H: Architecture
Change Management |
|
The state of being
protected against the criminal or unauthorized use of electronic data, or the
measures taken to achieve this. |
cyber security |
|
The ability of the
enterprise to function without service interruption or depletion despite
abnormal or malicious events. |
Availability |
|
Negotiations are much
more accessible over networks, causing the adoption of security measures
during the development phase to be an imperative phase of the project |
FALSE |
|
Failure to protect
sensitive information can result in __________ issued by regulatory agencies
or lawsuits from other companies or individuals. |
fines |
|
This consists of the
cyber-physical systems that modern societies rely on |
critical infrastructure
security |
|
This is not an example
of critical infrastructure. |
agricultural farm |
|
The organizations and
the government have focused most of their cyber security resources on
perimeter security to protect all the encrypted system components. |
FALSE |
|
The substantiation of
the identity of a person or entity related to the enterprise or system in
some way. |
Authentication |
|
The protection of
information assets from loss or unintended disclosure, and resources from
unauthorized and unintended use |
Risk Management |
|
As the volume and
sophistication of cyber attacks grow, companies and organizations need to
take steps to protect their sensitive business and personnel information. |
TRUE |
|
This advises that
companies must be prepared to “respond to the inevitable cyber incident,
restore normal operations, and ensure that company assets and the company’s
reputation are protected.” |
NCSA |
|
These are constantly
creating and implementing new security tools to help enterprise users better
secure their data. |
cloud providers |
|
This issued guidelines
in its risk assessment framework that recommend a shift toward
continuous monitoring and real-time assessment. |
National Institute of
Standards and Technology |
|
This ensures that
internal networks are secure by protecting the infrastructure and inhibiting
access to it. |
network security |
|
_______________ should
also consider any regulations that impact the way the company collects,
stores, and secures data, such as PCI-DSS, HIPAA, SOX, FISMA. |
Cyber Risk
Assessment |
|
This recommends a top-down
approach to cyber security in which corporate management leads the charge in
prioritizing cyber security management across all business practices |
National Cyber Security
Alliance |
|
The data is more
secure when stored on physical servers and systems the user owned and
controlled. |
FALSE |
|
In addition to
security, information assurance ensures the identified answers except one |
enhanced visuals |
|
This is an assurance
that the systems responsible for delivering, storing, and processing
information are accessible when needed, by those who need them. |
availability |
|
Organizations transmit
sensitive data across networks and to other devices in the course of doing
businesses, and this describes the discipline dedicated to protecting that
information and the systems used to process or store it. |
cyber security |
|
In IA, this
automatically happened as well as availability and reliable and timely
access to information. |
confidentiality |
|
All are benefits of
information protection except one. |
e-mailing the suppliers
and partners with updated services |
|
This assured that the
information is authentic and complete. |
integrity |
|
IA is a protection of
information and information systems from ______________ access, use,
disclosure, disruption, modification, or destruction. |
unauthorized |
|
_____________ means
that someone cannot deny having completed an action because there will be
proof that they did it. |
nonrepudiation |
|
__________________ can
be thought of as a sub-discipline or component of information
assurance. |
information protection |
|
Confidentiality means
preserving authorized _______________ on access and disclosure, including
means for protecting personal privacy and proprietary information. |
restrictions |
|
Information Assurance
focuses on ensuring the quality, reliability, and ______________ of
information in addition to keeping it protected. |
retrievability |
|
Availability means
ensuring ____________and reliable access to and use of information. |
timely |
|
Maintaining
_____________ with the regulatory standards is one of the most important
benefits of information protection. |
compliance |
|
_____________is the
measure that protects and defends information and information systems by
ensuring their availability, integrity, authentication, confidentiality, and
non-repudiation. |
IA |
|
Integrity means
guarding against improper information modification or destruction, and
includes ensuring information nonrepudiation and _________________. |
authenticity |
|
Information protection
employs security solutions, _______________, and other technologies, as well
as policies and processes, to secure information |
encryption |
|
This means that only
those authorized to view information are allowed access to it. |
confidentiality |
|
Protecting the
authentication can involve protecting against malicious code, hackers, and
any other threat that could block access to the information system. |
FALSE |
|
This involves ensuring
that the users are who they say are and one of the most famous method to
secure this is by using password. |
authentication |
|
Integrity is the most
important character trait of Information Assurance. |
TRUE |
|
An IA Specialist must
have a thorough understanding of IT and how information systems work and are
interconnected. |
TRUE |
|
IA takes steps to
maintain integrity, such as having anti-virus software in place so that data
will not be altered or destroyed, and having policies in place. |
TRUE |
|
Which one is not a
character trait of information assurance? |
communicability |
|
Which one is not a
security threat in the IT world? |
cyber bullying |
|
IA is a special
subject under Information Technology program. |
FALSE |
|
Information Assurance
refers to the steps involved in protecting information systems - like
reproducing three copies of uploaded articles and journals. |
FALSE |
|
Assurance that the
information is authentic and complete. |
Availability |
|
Availability:Assurance
that the systems responsible for delivering, storing and processing
information are accessible when needed, by those who need them. |
TRUE |
|
Four Security Domains |
The correct answers are:
Physical Security, Personnel Security, IT Security, Operational Security |
|
Consists of employees,
former employees and contractors. |
Insiders |
|
Is a process, not an
end state |
Security |
|
Type of Concept for
Cybercrime |
Digital Underground,
Underground Economy, Phishing, Hacktivism, Cyberwar:Estonia Case and Stuxnet |
|
Cyber security, also
referred to as information technology security, focuses on protecting
computers, networks, programs and data from unintended or unauthorized
access, change or destruction. |
TRUE |
|
Raw facts with an
unknown coding system |
Noise |
|
Is thestudy of how to
protect your informationassets from destruction, degradation, manipulation
and exploitation. |
Information Assurance |
|
Operational Security |
|
|
Is the
inherenttechnical features and functions that collectively contribute to an
IT infrastructure achieving and sustaining confidentiality, integrity,
availability, accountability, |
IT Security |
|
Cybersecurity is the
collection of tools, policies, security concepts, security safeguards,
guidelines, risk management approaches, actions, training, best practices,
assurance and technologies that can be used to protect the cyber environment
and organization and user’s assets. |
TRUE |
|
Security measures to
establish the validity of a transmission, message, or originator. |
Authentication |
|
Assurancethat
information is shared only among authorized persons or organizations. |
Confidentiality |
|
Availability:
Availability of information refers to ensuring that authorized parties are
able to access the information when needed |
TRUE |
|
Three distinct levels: |
The correct answers are:
Physical, Perceptual, Desired Effects |
|
Is roughly equivalent
to privacy |
Confidentiality |
|
Cyber security, also
referred to as information technology security, focuses on protecting
computers, networks, programs and data from unintended or unauthorized
access, change or destruction. |
TRUE |
|
Cyberspace is
"the environment in which communication over computer networks occurs.“ |
TRUE |
|
Concept of Cybercrime |
TRUE |
|
Physical attack
anddestruction, including: electromagnetic attack, visual spying, intrusion,
scavenging and removal, wiretapping, interference, and eavesdropping. |
Attacker's Operations |
|
Is data endowed with
relevance and purpose. |
Information |
|
Is the process of
maintaining an acceptable level of perceived risk |
Security |
|
Converting data into
information thus requires knowledge |
Information |
|
Three Features of
Security |
Confidentiality, Integrity
and Availability |
|
Cybersecurity is the
collection of tools, policies, security concepts, security safeguards,
guidelines, risk management approaches, actions, training, best practices,
assurance and technologies that can be used to protect the cyber environment
and organization and user’s assets. |
TRUE |
|
Assurance that
information is shared only among authorized persons or organizations. |
Confidentiality |
|
Information |
|
|
Information and data
manipulation |
Information Infrastructure |
|
Availability:Assurance
that the systems responsible for delivering, storing and processing
information are accessible when needed, by those who need them. |
TRUE |
|
Cyberspace is
"the environment in which communication over computer networks occurs.“ |
TRUE |
|
Assurance that
thesender is provided with proof of a datadelivery and recipient is provided
with proof of the sender’s identity, so that neither can later deny having
processed the data. |
Non-repudiation |
|
To affect the
technical performance and the capability of physical systems, to disrupt the
capabilities of the defender. |
Desired Effects |
|
Assurance that
information is not disclosed to unauthorized persons |
Confidentiality |
|
In information
security, data integrity means maintaining and assuring the accuracy and
consistency of data over its entire life-cycle. |
TRUE |
|
Raw facts with a known
coding system |
Data |
|
Cyber Crime Computer
crime, or cybercrime, is any crime that involves a computer and a network.
The computer may have been used in the commission of a crime, or it may be
the target. |
TRUE |
|
(IA) is the study of
how to protect your information assets from destruction, degradation,
manipulation and exploitation. |
TRUE |
|
Assurance that the
information is authentic and complete. |
Availability |
|
Processed data |
Information |
|
Refers to the
protection of hardware, software, and data against physical threats to reduce
or prevent disruptions to operations and services and loss of assets.” |
Physical Security |
|
variety of ongoing
measures taken to reduce the likelihood and severity of accidental and
intentional alteration, destruction, misappropriation, misuse,
misconfiguration, unauthorized distribution, and unavailability of an organization’s
logical and physical assets, as the result of action or inaction by insiders
and known outsiders, such as business partners.” |
Personnel Security |
|
Six Concept of
CyberCrime |
Digital Underground,
Underground Economy, Phishing, Hacktivism, Cyberwar:Estonia Case and Stuxnet |
|
Availability:
Availability of information refers to ensuring that authorized parties are
able to access the information when needed |
TRUE |
|
Protection against
unauthorized modification or destruction of information |
Integrity |
|
It should be:
accurate, timely, complete, verifiable, consistent, available. |
Knowledge |
|
Is a process, not an
end state |
Security |
|
Timely, reliable
access to data and information services for authorized users; |
Availability |
|
In information
security, data integrity means maintaining and assuring the accuracy and
consistency of data over its entire life-cycle. |
TRUE |
|
Four Security Domain |
Physical Security,
Personnel Security, IT Security and Operational Security |
|
Information security
technical measures such as: encryption and key management, intrusion
detection, anti-virus software, auditing, redundancy, firewalls, policies and
standards. |
Defender's Operations |
|
Actions taken that
protect and defend information and information systems by ensuring their
availability, integrity, authentication, confidentiality |
TRUE |
|
Data and data
processing activities in physical space; |
Physical |
|
Is the process of
maintaining an acceptable level of perceived risk |
Security |
|
Three Features of
Security |
Confidentiality |
|
Accepted facts,
principles, or rules of thumb that are useful for specific domains. |
Knowledge |
No comments:
Post a Comment