Cybersecurity and Network Security: Key Concepts and Protocols

What security measure should be used to block HTTP traffic from internal networks when Web services are offered?

A firewall should be used to block HTTP traffic from internal networks when web services are offered.

What is a VPN?

A Virtual Private Network (VPN) allows communication across the Internet as if it were a private network.

What is access control?

Access control is the method by which systems determine whether and how to admit a user into a trusted area of the organization.

What is authentication?

Authentication is the process of validating and verifying an unauthenticated entity's purported identity.

What are best practices in firewall rule configuration?

Best practices state that a firewall should never allow administrative access directly from external networks.

What is a stateful firewall?

A stateful firewall scans network data packets looking for compliance with or violations of the rules in its database.

What is a dynamic filtering firewall?

A dynamic filtering firewall can react to an emergent event and update or create rules to deal with it.

What is role-based access control?

Role-based access control is a form of access control in which users are assigned a matrix of authorizations for particular resources.

What is the primary benefit of a VPN that uses tunnel mode?

The primary benefit is that it encrypts the data being transmitted, providing confidentiality and security.

What is the false rejection rate?

The false rejection rate describes the number of legitimate users who are denied access because of a failure in a biometric device.

What is ICMP?

Known as the ping service, ICMP (Internet Control Message Protocol) is a common method for hacker reconnaissance and should be turned off to prevent attacks.

What is a bastion host?

A bastion host can be a dedicated port on a firewall device linking a single bastion host.

What is a Gantt chart?

A Gantt chart is a simple project management tool used to break a project plan into smaller steps.

What is the design phase of an SDLC methodology?

The design phase is implementation-independent, containing no reference to specific technologies.

Which phase is often considered the longest and most expensive in the systems development life cycle (SDLC)?

The maintenance phase is often considered the longest and most expensive in the SDLC.

What is the primary drawback to the direct changeover implementation approach?

The primary drawback is that it can lead to significant downtime if the new system fails.

What constrains a project plan?

A lack of availability of skilled project personnel can constrain a project plan.

What is a pilot implementation?

In a pilot implementation, the entire security system is put in place in a single office or department before organization-wide deployment.

What is a change management process?

A change management process guides how frequently technical systems are updated and how these updates are approved and funded.

What are action steps in a project plan?

Tasks or action steps that come after the task at hand are called successor tasks.

What is DevOps?

DevOps is an emerging methodology to integrate the efforts of development and operations teams to improve application functionality.

When can a task or subtask be considered an action step?

A task or subtask can be considered an action step when it is a specific activity that contributes to project completion.

Which implementation approach is usually the best for security projects?

The phased implementation approach is usually the best for security projects.

What is the principle of least privilege?

The principle of least privilege is considered a cornerstone in protecting information assets and preventing financial loss.

How do the responsibilities of a security manager differ from those of a CISO?

A security manager focuses on day-to-day security operations, while a CISO is responsible for the overall security strategy and governance.

What roles transition into information security?

Many technical professionals, such as programmers and network engineers, often transition into the information security field.

What does the acronym ISSAP stand for?

ISSAP stands for Information Systems Security Architecture Professional.

What is the primary daily function of security administrators?

The primary daily function of security administrators is to monitor and manage security systems and protocols.

What is the SSCP certification?

The SSCP (Systems Security Certified Practitioner) certification is considered more applicable to a security practitioner than to a security manager.

What does the ISSEP concentration for CISSP holders demonstrate?

The ISSEP concentration demonstrates expert knowledge in all areas except security management.

What is a temporary worker in information security called?

A temporary worker in information security is often referred to as a contractor or consultant.

What is an IDPS?

An Intrusion Detection and Prevention System (IDPS) can be configured to take action when an intrusion is detected, such as blocking the attack.

What are dangerous vulnerability scanners called?

Some vulnerability scanners feature a class of attacks called 'exploits,' which are so dangerous they should only be used in controlled environments.

What is a collection of connected honeypot systems called?

A collection of connected honeypot systems on a subnet may be called a honeynet.

What are alarm events that are accurate but not significant threats called?

Alarm events that are accurate and noteworthy but do not pose significant threats to information security are called informational alerts.

Which port is not used in TCP/IP networking?

Port 0 is not used in TCP/IP networking.

What is the process of intrusion detection?

The process of intrusion detection consists of procedures and systems that identify system intrusions and take steps to limit them.

Which port is commonly used for the HTTP protocol?

Port 80 is commonly used for the HTTP protocol.

What is a fully distributed IDPS control strategy?

A fully distributed IDPS control strategy involves multiple sensors distributed across the network to monitor for intrusions.

What is a security alarm?

A security alarm works like a burglar alarm, detecting a violation and activating an alarm.

What are decoy systems designed to do?

Decoy systems are designed to lure potential attackers away from critical systems.

What do file integrity checkers do?

File integrity checkers benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes them.

What were the primary threats to security during the early years of computing?

The primary threats included unauthorized access, data theft, and system failures.

Who administers the systems that house an organization's information?

System administrators perform the role of administering the systems that house an organization's information.

What did the famous study 'Protection Analysis: Final Report' focus on?

The study focused on understanding and detecting vulnerabilities in operating systems.

What document first identified the role of management in computer security?

The 'Orange Book' (Trusted Computer System Evaluation Criteria) first identified the role of management and policy issues in computer security.

What is an organizational resource being protected called?

An organizational resource that is being protected, whether logical or physical, is known as an asset.

What network project preceded the Internet?

The ARPANET project preceded the Internet.

Define 'information security'.

Information security is the practice of protecting information by mitigating information risks.

What was the first operating system to integrate security as a core function?

The first operating system to integrate security as one of its core functions was Multics.

What is the community of interest in IT?

The community of interest is made up of IT managers and skilled professionals in systems design, programming, and security.

What is the risk treatment strategy of acceptance?

The acceptance risk treatment strategy is the choice to do nothing to protect a vulnerability and accept the outcome.

What does competitive disadvantage refer to?

The concept of competitive disadvantage refers to falling behind the competition.

What is risk treatment (or risk control)?

Risk treatment (or risk control) involves the processes of mitigating risks to an acceptable level.

What is a risk assessment matrix?

In a risk assessment matrix, assets or threats can be prioritized by assigning and summing scores for various criteria.

What is the enumeration and documentation of risks called?

The enumeration and documentation of risks to an organization's information assets is called a risk assessment.

What is the expected percentage of loss from an attack?

The expected percentage of loss that would occur from a particular attack is known as the loss expectancy.

What is the first phase of the risk management process?

The first phase of the risk management process is risk identification.

What is a resumption location?

A resumption location is a fully configured computer facility capable of establishing operations at a moment's notice.

What is a fundamental difference between a BIA and risk management?

A fundamental difference is that a Business Impact Analysis (BIA) focuses on the effects of disruptions, while risk management focuses on identifying and mitigating risks.

What is the rapid determination of the scope of a breach?

It refers to the quick assessment of the extent to which confidentiality, integrity, and availability of information have been compromised.

What is a testing strategy involving contingency plans?

It is a method where copies of contingency plans are distributed to individuals assigned roles during an incident response.

What is the process of examining an adverse event?

It involves analyzing an incident to determine whether it constitutes an actionable event requiring a response.

What is a preparatory activity common to contingency planning and risk management?

The activity is known as risk assessment, which identifies potential risks and prepares for their impact.

What does the recovery point objective (RPO) define?

RPO defines the maximum acceptable amount of data loss measured in time, indicating how often data backups should occur.

What is a crime involving digital media and computer technology called?

Such a crime is referred to as cybercrime.

What principle ensures accountability for transactions?

The principle of non-repudiation ensures that customers or partners cannot deny their involvement in a transaction.

What is the block size used by DES (Data Encryption Standard)?

DES uses a 64-bit block size.

What was the first public-key encryption algorithm published for commercial use?

The RSA algorithm, developed in 1977, was the first public-key encryption algorithm.

What are hash functions?

Hash functions create a message digest by converting variable-length messages into a fixed-length output.

What is the process of converting a message into an unreadable form?

This process is known as encryption.

Which IPSec protocol provides secrecy for network communications?

The Encapsulating Security Payload (ESP) protocol provides confidentiality and authentication for network communications.

What is the current federal information processing standard for cryptographic algorithms?

The Advanced Encryption Standard (AES) is the current federal standard for cryptographic algorithms.

What does a Certificate Authority (CA) distribute in PKI?

The CA periodically distributes a Certificate Revocation List (CRL) that identifies all revoked certificates.

What e-mail security standard uses digital signatures?

Secure Multipurpose Internet Mail Extensions (S/MIME) is the e-mail security standard that uses digital signatures.

What is the process of identifying flaws in an organization's information systems?

This process is known as vulnerability assessment.

What is an essential part of effective remediation?

An essential part is maintaining a vulnerability management program to track vulnerabilities as they are reported and resolved.

What is a vulnerability assessment?

A vulnerability assessment is a process designed to find and document vulnerabilities in an organization's internal and external systems.

What do guards have that help them act decisively?

Guards have clear Standard Operating Procedures (SOPs) that guide their actions in unfamiliar situations.

What is a type of rehearsal known as a simulation exercise?

It is called a tabletop exercise, which tests plans in a realistic scenario.

Which website is home to several security tools including Nmap?

The website insecure.org is known for hosting various security tools, including Nmap.

What security breach occurs when an authorized person opens a door?

This breach is known as tailgating, where unauthorized individuals follow authorized personnel into a secure area.

What is a short-term interruption in electrical power called?

It is referred to as a brownout.

What is a distributed denial-of-service (DDoS) attack?

A DDoS attack is an attack where multiple systems coordinate to flood a target with requests, overwhelming it.

What is the average time until the next hardware failure known as?

This is known as the Mean Time Between Failures (MTBF).

What is pharming?

Pharming is the redirection of legitimate user web traffic to illegitimate websites to collect personal information.