Friday , November 22 2024
Breaking News

Information Security Exam Answers CS406 – Saylor Academy

  • Databases became the primary target of hackers
  • Hardware and software became cheaper and more standardized
  • Personal data was starting to be collected and stored on individuals
  • Systems became interconnected via the web and physical security was no longer as important
  • Data integrity
  • Physical security
  • System availability
  • Data confidentiality
  • Risk assessment
  • Threat assessment
  • Vulnerability assessment
  • Environmental assessment
  • Assess risks, control risks, identify controls, and identify hazards
  • Information systems view, mission view, organization view, and trustworthiness
  • Risk assessment, risk framing, risk monitoring, and risk response
  • Risk auditing, risk evaluation, risk identification, and risk reporting
  • Preparation
  • Post-incident activity
  • Detection and analysis
  • Containment, eradication, and recovery
  • Compensating
  • Detective
  • Deterrent
  • Preventive
  • Have information technology professionals read all email before the email is viewed by the employees
  • Provide security awareness training, install antivirus and antimalware email filters, and patch all company laptops
  • Provide security awareness training, password-lock all laptops when not in use, and provide privacy screens for monitors
  • Have the exchange mail server scan all incoming mail that passes the antivirus software and then have each department head review it before the mail is sent to employees
  • Encrypt all email that is authentic when addressing management
  • Send out an email to notify management that the email is a phishing email
  • Post a banner when the email application is opened that warns about phishing attacks
  • Provide security awareness training to educate management and to modify their behavior
  • How to mitigate risks identified in the risk management process
  • Standards and best practices for information technology functions
  • Processes for governance and management of information technology
  • The guidelines for information technology as required in NIST SP 800-39
  • Attacks
  • Threats
  • Threat agents
  • Vulnerabilities
  • This mitigates man-in-the-middle attacks that intercept the passwords in transit
  • This mitigates dictionary attacks that try all the words in a dictionary to try match or hack the password
  • This mitigates zero-day attacks that take new forms that are unknown to information security professionals
  • This mitigates denial of service attacks that will shut the system down if simple words are used as the password
  • greg@mit.edu
  • greg@yahoo.com
  • greg@irs.gmail.com
  • greg@bankofamerica.com
  • Whaling
  • Phishing
  • Tailgating
  • Shoulder surfing
  • Email addresses can be easily spoofed
  • Email can never be scanned for viruses
  • There is no way to verify the authenticity of an email
  • Attachments are automatically opened once the email is received
  • SQL injection
  • Brute force attack
  • Denial of service (DoS)
  • Cross-site scripting (XSS)
  • Adware
  • Spyware
  • Ransomware
  • A polymorphic virus
  • When the server shuts down due to a power failure
  • When data is lost because a log file has filled up a mount point on the server
  • When the server is flooded with requests that deny users access to the server
  • When the root password is breached, and the files are corrupted and deleted by an attacker
  • It was used to send secret messages to Caesar’s allies, and was based on hiding messages in plain sight
  • It was used to send military messages, and was based on substitution using a predetermined shift number
  • It was used to conceal the location of government officials, and was based on scrambled messages on a map
  • It was used to hide the location of gold reserves, and was based on the transposition or rearrangement of letters
  • The availability of information and the confidentiality of systems
  • The availability of information and the authentication of data and systems
  • The most highly compartmentalized, secure data in an information system
  • The confidentiality and integrity of information and provide a means for authentication
  • Symmetric key algorithms are slower than asymmetric key algorithms
  • Symmetric key algorithms were replaced by asymmetric key algorithms to provide for better security
  • Symmetric key algorithms are typically used for smaller amounts of data than are asymmetric key algorithms
  • Symmetric key algorithms provide for confidentiality and authenticity, while asymmetric key algorithms provide for confidentiality and non-repudiation
  • RC2 had a larger key size, which provided stronger encryption
  • DES had a variable key size, causing it to be weaker than RC2
  • DES was cracked and RC2 was not, proving that RC2 was the stronger cipher
  • RC2 had a smaller key size, which allowed it to encrypt more quickly than DES
  • simple to compute, cannot be reversed, small changes to the input produces large changes to the output
  • difficult to compute, cannot be reversed, small changes to the input produces large changes to the output
  • simple to compute and reversible
  • difficult to compute and reversible
  • To prevent authorized users from launching system attacks and stealing classified data
  • To guide black-hat hackers to honeypots to gather information about their intent and tactics
  • To allow white-hat hackers to perform penetration tests on systems to ensure system security
  • To prevent unauthorized use of data or to prevent data from being used in an unauthorized manner
  • Granting a user the privileges necessary only to accomplish assigned duties
  • Granting a user the minimum amount of privileges and then increasing privileges as needed
  • Granting a user maximum privileges and then removing privileges not in use by monitoring those privileges over time
  • Granting a user the minimum amount of privileges and then removing those privileges the user is not actively working
  • DAC provides for security discretion, while MAC does not
  • DAC uses discretionary file labels, while MAC uses mandatory file labels
  • DAC access is based on the discretion of the owner, while in MAC it is based on security labels
  • DAC is based on the discretion of the user, and MAC is based on predetermined rules that cannot be changed
  • RBAC is discretionary access while RB-RBAC is non-discretionary access
  • RBAC is based on assigned tasks of an employee, while RB-RBAC is based on specified parameters
  • RBAC is based on the employees security level, while RB-RBAC is based on the IP address of the user
  • RBAC is restricts access based on least privilege, and RB-RBAC provides access based on core work hours
  • Scanning an index finger for entry onto a machine room floor
  • Providing a facial recognition scan for access to an application on a cell phone
  • After entering identification information, an application sends a text with a verification code
  • Entering a username and password to log into an application after obtaining access to the computer system
  • Because it can be copied and reused
  • Because it is in the form of a token that can be lost
  • Because it is vulnerable to social engineering and brute-force attacks
  • Because it can result in either type I or type II errors that will cause authentication to fail
  • The password is kept secret and encrypted, which requires hackers to have a decryption key
  • Hackers must find where to enter the password not once, but twice to gain access to the system
  • It encrypts the password twice using two different algorithms, instead of once like in single-factor
  • If a password is discovered, the hacker cannot access the system unless another piece of information is obtained
  • Implement single sign-on (SSO) technology
  • Force an immediate password change on all systems
  • Allow employees to use one password for all applications
  • Report the employees to upper management for acceptable use policy infringement
  • The next session is not possible, since only one session is allowed
  • Subsequent sessions after the first session are faster and do not involve the KDC
  • Subsequent sessions after the first session authenticate using the same process involving the KDC
  • The next session after the first session is more complex, because a different authentication process must be used
  • Authenticate using a third-party server
  • Provide for authentication, authorization, and accounting
  • A downward categorization of pUse two parts, the authentication server and the ticket-granting server
  • Portray relationships between people, departments, and organizationsasswords and usernames
  • RADIUS encrypts passwords, while TACACS+ encrypts all communication
  • RADIUS is a proprietary protocol, while TACACS+ is an open standard protocol
  • RADIUS is used for device administration, while TACACS+ is used for network access
  • RADIUS separates authentication, authorization, and accountability, while TACACS+ combines all three
  • By using a public key to encrypt a message and a private key to decrypt the message
  • By the sender and receiver having trust that they are the appropriate sender and receiver
  • By using a digital certificate issued by a trusted third party known as a certificate authority (CA)
  • By verifying the email address of the sender for verification that ensures the message was from the expected sender
  • It protects the network from attack by creating an area between two firewalls
  • It prevents attacks from spreading by confining them to a part of the network
  • It ensures a user only accesses a single block of internet protocol (IP) addresses
  • It provides for network redundancy in the case of failure by creating identical network segments
  • Packets are filtered using the criteria of accept, deny, or reject
  • Groups of data are combined into a packet and filtered based on the state of the data
  • Traffic is filtered according to how the packet that contains the data was formed
  • Traffic is formed as packets with information about where and how it should be delivered in the header
  • Asymmetrical encryption
  • Wired Equivalent Privacy (WEP) using a key and the RC4 encryption algorithm
  • Wi-Fi Protected Access 2 (WPA2), using Advanced Encryption Standard (AES)
  • Wi-Fi Protected Access (WPA), using RC4 and Temporal Key Integrity Protocol (TKIP)
  • The sniffer can view what the attacker views
  • The sniffer can stop the attack on the honeypot
  • The sniffer provides the attackers username and password
  • The sniffer can identify the internet protocol (IP) address of the attacker
  • TLS is more cost-effective, while SSL is more secure
  • TLS is an open community protocol, while SSL is proprietary
  • TLS is technically sound, while SSL is more complex and difficult to configure
  • TLS is expensive and requires specialized knowledge, while SSL can be used by anyone
  • Only use the device when necessary, remove all applications, and remove all personal data
  • Turn Bluetooth on only when in use, do not jailbreak the device, and keep the device patched to the most current version
  • Never connect the device to Wi-Fi or to another Bluetooth device, keep the device in airplane mode when not in use, and turn off location settings
  • Avoid using the camera such as when using FaceTime, do not upload information into social networking sites, and lock the phone in a drawer when not in use
  • Destroy them
  • Send them to cloud storage
  • Quarantine them and allow the user to repair, delete, or keep the file
  • Place them in the trash folder and remove them when the folder is emptied
  • To open and close ports
  • To apply patching updates
  • To control traffic moving in and out of the network
  • To direct information traffic to the correct destination
  • Look for a backdoor to a system, and once they gain system access, look for username and password files
  • Probe a system like a pen test to find vulnerabilities, and then compare those vulnerabilities to a list of known vulnerabilities
  • Identify the operating system and services running on open ports, then check for vulnerabilities that are applicable to the specific service versions
  • Gain system access and run commands from a database of system vulnerabilities to determine if vulnerabilities exist on the system, then produce a vulnerability report
  • By modifying the header of a packet
  • By using packet fragmentation or end-to-end encryption
  • By using an application such as Snort to break the IDS code
  • By using signature-based packets that will not be noticed by IDS
  • Rule-based IDS
  • Host-based IDS
  • Anomaly-based IDS
  • Signature-based IDS
  • They can be used to replace iptables on a system
  • They are inexpensive and require little maintenance
  • They can verify the success of an attack and require no additional hardware
  • They are simple to use and can work on systems where the configuration consistently changes
  • They test the application while it is being used
  • They are always current as they are consistently being updated
  • They are always active, scanning the application whether the application is off or on
  • The scanner runs against every application on the system and not just the web application
  • Automatic traffic enforcement
  • Thwarting or monitoring illegal activity
  • Facial recognition and the movement of individuals
  • Filming wild animals to learn about their hunting habits
  • Individuals do not have to respond to requests for information and can block callers
  • An individual has the right in certain situations to have their personal data erased without delay
  • Individuals have the right to have their privacy data redacted from files so they can never be reviewed again
  • When the appropriate type of request is made, an individual can view information stored on a system and delete specific privacy information themselves

About Clear My Certification

Check Also

Certiprof Design Sprint Foundation Professional Certification Answers

Enroll Now : Certiprof Design Sprint Foundation Professional Certification In today’s fast-paced business environment, the …

Leave a Reply

Your email address will not be published. Required fields are marked *