Question 1

Security must be considered at the ________ level.

Accepted Answer

A)  information systems 
B)  organizational systems 
C)  both A and B 
D)  neither A nor B 
A)  information systems 
B)  organizational systems 
C)  both A and B 
D)  neither A nor B

Question 2

DMZs are places for ________.

Accepted Answer

A)  servers that are not accessible to clients outside the firm 
B)  servers that are freely accessible to clients outside the firm 
C)  servers that are freely accessible to clients inside the firm 
D)  servers that are inaccessible to any clients 
A)  servers that are not accessible to clients outside the firm 
B)  servers that are freely accessible to clients outside the firm 
C)  servers that are freely accessible to clients inside the firm 
D)  servers that are inaccessible to any clients

Question 3

Normal incidents usually require ________.

Accepted Answer

A)  constant rehearsal 
B)  frequent rehearsal 
C)  little or no rehearsal 
D)  emergency rehearsal 
A)  constant rehearsal 
B)  frequent rehearsal 
C)  little or no rehearsal 
D)  emergency rehearsal

Question 4

Major incidents are handled by the ________.

Accepted Answer

A)  on-duty staff 
B)  CSIRT 
C)  outside consultant 
D)  FBI 
A)  on-duty staff 
B)  CSIRT 
C)  outside consultant 
D)  FBI

Question 5

Which of the following is a normal incident?

Accepted Answer

A)  a false alarm 
B)  a major security breach 
C)  both A and B 
D)  neither A nor B 
A)  a false alarm 
B)  a major security breach 
C)  both A and B 
D)  neither A nor B

Question 6

Successful attacks are called ________.

Accepted Answer

A)  incidents 
B)  countermeasures 
C)  both A and B 
D)  neither A nor B 
A)  incidents 
B)  countermeasures 
C)  both A and B 
D)  neither A nor B

Question 7

Balancing threats against protection costs is called ________.

Accepted Answer

A)  economic justification 
B)  risk analysis 
C)  comprehensive security 
D)  The Illusion of Cost 
A)  economic justification 
B)  risk analysis 
C)  comprehensive security 
D)  The Illusion of Cost

Question 8

Which of the following MUST be followed?

Accepted Answer

A)  standards 
B)  guidelines 
C)  both A and B 
D)  neither A nor B 
A)  standards 
B)  guidelines 
C)  both A and B 
D)  neither A nor B

Question 9

Ideally,access control should be based on ________.

Accepted Answer

A)  individuals 
B)  roles 
C)  standard authorizations 
D)  a three-headed dog named Fluffy 
A)  individuals 
B)  roles 
C)  standard authorizations 
D)  a three-headed dog named Fluffy

Question 10

Policies are separated by implementation to take advantage of ________.

Accepted Answer

A)  implementer knowledge 
B)  the delegation of work principle 
C)  minimum permissions 
D)  segregation of duties 
A)  implementer knowledge 
B)  the delegation of work principle 
C)  minimum permissions 
D)  segregation of duties

Question 11

The rate of alarms in IDSs is usually ________.

Accepted Answer

A)  about right 
B)  somewhat more than desirable 
C)  much more than desirable 
D)  optimized for rapidly finding real incidents 
A)  about right 
B)  somewhat more than desirable 
C)  much more than desirable 
D)  optimized for rapidly finding real incidents

Question 12

Desktop (tabletop)rehearsals are important because they ________ compared to live rehearsals.

Accepted Answer

A)  are relatively inexpensive 
B)  get into specific details 
C)  both A and B 
D)  neither A nor B 
A)  are relatively inexpensive 
B)  get into specific details 
C)  both A and B 
D)  neither A nor B

Question 13

By changing credentials verification information on a(n)________,a firm can immediately cut off all access to corporate resources.

Accepted Answer

A)  authenticator 
B)  verifier 
C)  authentication server 
D)  border firewall 
A)  authenticator 
B)  verifier 
C)  authentication server 
D)  border firewall

Question 14

Servers in the DMZ should be freely accessible to clients ________.

Accepted Answer

A)  on the Internet 
B)  inside the firm 
C)  outside the DMZ 
D)  all of the above 
A)  on the Internet 
B)  inside the firm 
C)  outside the DMZ 
D)  all of the above

Question 15

Compliance with ________ is voluntary.

Accepted Answer

A)  guidelines 
B)  standards 
C)  both A and B 
D)  neither A nor B 
A)  guidelines 
B)  standards 
C)  both A and B 
D)  neither A nor B

Question 16

________ stop definite attack packets.

Accepted Answer

A)  Firewalls 
B)  IDSs 
C)  both A and B 
D)  neither A nor B 
A)  Firewalls 
B)  IDSs 
C)  both A and B 
D)  neither A nor B

Question 17

Implementation guidance is less specific than ________.

Accepted Answer

A)  policy 
B)  implementation 
C)  both A and B 
D)  neither A nor B 
A)  policy 
B)  implementation 
C)  both A and B 
D)  neither A nor B

Question 18

In movie theaters,having one person sell tickets and another collect them prevents ________.

Accepted Answer

A)  a single person from stealing on his own. 
B)  collusion 
C)  the crossing of security domains 
D)  all of the above 
A)  a single person from stealing on his own. 
B)  collusion 
C)  the crossing of security domains 
D)  all of the above

Question 19

Target received warnings during the attack.This happened ________.

Accepted Answer

A)  on the vendor server 
B)  when the POS download server was compromised 
C)  when the exfiltration server was compromised 
D)  none of the above 
A)  on the vendor server 
B)  when the POS download server was compromised 
C)  when the exfiltration server was compromised 
D)  none of the above

Question 20

Policies should drive ________.

Accepted Answer

A)  implementation 
B)  oversight 
C)  both A and B 
D)  neither A nor B 
A)  implementation 
B)  oversight 
C)  both A and B 
D)  neither A nor B

Security must be considered at the ________ level.

DMZs are places for ________.

Normal incidents usually require ________.

Major incidents are handled by the ________.

Which of the following is a normal incident?

Successful attacks are called ________.

Balancing threats against protection costs is called ________.

Which of the following MUST be followed?

Ideally,access control should be based on ________.

Policies are separated by implementation to take advantage of ________.

The rate of alarms in IDSs is usually ________.

Desktop (tabletop)rehearsals are important because they ________ compared to live rehearsals.

By changing credentials verification information on a(n)________,a firm can immediately cut off all access to corporate resources.

Servers in the DMZ should be freely accessible to clients ________.

Compliance with ________ is voluntary.

________ stop definite attack packets.

Implementation guidance is less specific than ________.

In movie theaters,having one person sell tickets and another collect them prevents ________.

Target received warnings during the attack.This happened ________.

Policies should drive ________.

Core Network Concepts and Terminology

Network Standards

Network Management

Network Security

Ethernet 802.3switched Lans

Wireless Lans I

Wireless Lans II

TCP/IP Internetworking I

TCP/IP Internetworking II

Carrier Wide Area Networks Wans

Networked Applications

Filters

Exam 12: Appendix: Managing the Security Process

Security must be considered at the ________ level.

DMZs are places for ________.

Normal incidents usually require ________.

Major incidents are handled by the ________.

Which of the following is a normal incident?

Successful attacks are called ________.

Balancing threats against protection costs is called ________.

Which of the following MUST be followed?

Ideally,access control should be based on ________.

Policies are separated by implementation to take advantage of ________.

The rate of alarms in IDSs is usually ________.

Desktop (tabletop)rehearsals are important because they ________ compared to live rehearsals.

By changing credentials verification information on a(n)________,a firm can immediately cut off all access to corporate resources.

Servers in the DMZ should be freely accessible to clients ________.

Compliance with ________ is voluntary.

________ stop definite attack packets.

Implementation guidance is less specific than ________.

In movie theaters,having one person sell tickets and another collect them prevents ________.

Target received warnings during the attack.This happened ________.

Policies should drive ________.

Core Network Concepts and Terminology

Network Standards

Network Management

Network Security

Ethernet 802.3switched Lans

Wireless Lans I

Wireless Lans II

TCP/IP Internetworking I

TCP/IP Internetworking II

Carrier Wide Area Networks Wans

Networked Applications

Filters