Chat with AI
Deck 14: On-Going Security Management
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 14: On-Going Security Management
1
An operational audit looks for accounts that have weak or blank passwords.
True
2
Which of the following is a security-related reason for monitoring and evaluating network traffic?
A) to determine if your IDPS signatures are working well
B) to create substantial data to analyze
C) to optimize your router and switch protocols
D) to see how many files employees download form the Internet
A) to determine if your IDPS signatures are working well
B) to create substantial data to analyze
C) to optimize your router and switch protocols
D) to see how many files employees download form the Internet
A
3
Which aspect of strengthening the performance of IDPS may involve degaussing?
A) managing memory
B) managing bandwidth
C) managing storage
D) managing processors
A) managing memory
B) managing bandwidth
C) managing storage
D) managing processors
C
4
Change management should be used before making changes to firewall or IDPS rules that affect users.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
One of the events you should continually monitor is logins.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
The process of testing a network defense system is referred to as which of the following?
A) security auditing
B) change management
C) IDPS evaluation
D) distributed data collection
A) security auditing
B) change management
C) IDPS evaluation
D) distributed data collection
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
How much space is typically needed to store IDPS data?
A) a few hundred Kilobytes
B) a gigabyte or more
C) a megabyte or two
D) at least a terabyte
A) a few hundred Kilobytes
B) a gigabyte or more
C) a megabyte or two
D) at least a terabyte
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
Which of the following is NOT a type of event that you would normally monitor?
A) user account creation
B) e-mail attachment handling
C) antivirus scanning
D) access to shared folders
A) user account creation
B) e-mail attachment handling
C) antivirus scanning
D) access to shared folders
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
Since system intrusions take place over a very short period of time,there is no need to maintain IDPS log data for more than a few hours.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
An IDPS must have enough memory to maintain connection state information.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
What should an outside auditing firm be asked to sign before conducting a security audit?
A) subpoena
B) nondisclosure agreement
C) search and seizure contract
D) social engineering covenant
A) subpoena
B) nondisclosure agreement
C) search and seizure contract
D) social engineering covenant
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
Security auditing is the process of documenting countermeasures put in place due to attacks on the network.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
In centralized data collection,data from sensors go to security managers at each corporate office.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following is a benefit of using centralized data collection to manage sensor data?
A) less network traffic
B) less administrative time
C) data stays on the local network
D) must use a VPN to transport data
A) less network traffic
B) less administrative time
C) data stays on the local network
D) must use a VPN to transport data
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
Most IDPSs use random ports to transfer security data,thereby making it difficult for attackers to exploit.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
Nonrepudiation is the use of encryption methods to ensure the confidentiality of data.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following is NOT typically an aspect of a security event management program?
A) monitoring events
B) managing IDPS firmware
C) managing data from sensors
D) managing change
A) monitoring events
B) managing IDPS firmware
C) managing data from sensors
D) managing change
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Which type of change does NOT typically require the use of change management procedures?
A) new VPN gateways
B) changes to ACLs
C) changing a manager's permissions to a file
D) new password systems or procedures
A) new VPN gateways
B) changes to ACLs
C) changing a manager's permissions to a file
D) new password systems or procedures
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Network protection is something you should implement initially and then only make changes if there is a serious security breach.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
What approach to security calls for security through a variety of defensive techniques that work together?
A) DOA
B) WoL
C) DiD
D) PoE
A) DOA
B) WoL
C) DiD
D) PoE
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a system in which data from security devices goes to a management console on its own local network
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a system in which data from security devices goes to a management console on its own local network
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
an audit in which an outside firm inspects audit logs to ensure that an organization is collecting the information it needs
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
an audit in which an outside firm inspects audit logs to ensure that an organization is collecting the information it needs
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
With ___________________ data collection,data from security devices goes to a management console on its own local network.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a technique of tricking employees into divulging passwords or other information
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a technique of tricking employees into divulging passwords or other information
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
A(n)____________________ audit should look for accounts assigned to employees who have left the company or user group.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
The ________________ command reviews the current connections and reports which ports a server is listening to.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
an audit by an organization's own staff that examines system and security logs
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
an audit by an organization's own staff that examines system and security logs
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
You should review the logs and alerts created by your security devices,a process called _________ monitoring.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
Each IDPS has _____________ that gather data passing through the gateway.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
To manage the security information from the devices in a large network,you should establish a security incident _________________ team.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a program that gathers and consolidates events from multiple sources so that the information can be analyzed to improve network security
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a program that gathers and consolidates events from multiple sources so that the information can be analyzed to improve network security
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a system in which an organization's event and security data is funneled to a management console in the main office
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a system in which an organization's event and security data is funneled to a management console in the main office
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
You monitor and evaluate network traffic to gather evidence that indicates whether your IDPS _________________ are working well or need to be updated.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a program in which network connections are scanned and alerts are generated when logons are attempted from a suspicious IDPS
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a program in which network connections are scanned and alerts are generated when logons are attempted from a suspicious IDPS
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
Groups known as ______________ teams are assembled to actively test a network.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
_______________ management involves modifying equipment,systems,software,or procedures in a sequential,planned way.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
One way to consolidate the data from several network and security devices is to transfer the information to a central _______________.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
the process of magnetically erasing an electronic device,such as a monitor or a disk
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
the process of magnetically erasing an electronic device,such as a monitor or a disk
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a strong implementation of the DiD concept in which security personnel expect that attacks will occur and try to anticipate them
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
a strong implementation of the DiD concept in which security personnel expect that attacks will occur and try to anticipate them
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
MATCHING
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
the number of target computers on a network managed by a single command console
a.active defense in depth
b.centralized data collection
c.degaussing
d.distributed data collection
e.independent audit
f.operational audit
g.security event management program
h.social engineering
i.target-to-console ratio
j.Tinkerbell program
the number of target computers on a network managed by a single command console
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
How does distributed data collection work when collecting data from multiple sensors?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
Discuss the process of IDPS signature evaluation.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
How can change adversely affect your network?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
List three types of changes for which you should use change management.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
Discuss operational auditing.Include in your discussion what should be looked for in an operational audit and what methods might be used in the audit.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
If you determine that a Trojan program has been installed and is initiating a connection to a remote host and you suspect passwords have been compromised,what steps should you take? List three of them.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
What is security auditing and what type of information should be analyzed?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
List and define the areas for which DiD calls for maintenance.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
List the advantages of centralized data collection.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
List four type of events you should monitor as part of a security event management program.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
