Professional Documents
Culture Documents
ch12 TB
ch12 TB
ch12 TB
TRUE/FALSE
1. If an organization deals successfully with change and has created procedures and systems that can be
adjusted to the environment, the existing security improvement program will probably continue to
work well.
2. Digital forensics helps the organization understand what happened and how.
3. Over time, policies and procedures may become inadequate because of changes in agency mission and
operational requirements, threats, or the environment.
4. An effective security program demands comprehensive and continuous understanding of program and
system configuration.
6. When the amount of data stored on a particular hard drive averages 30-40% of available capacity for a
prolonged period, consider an upgrade for the hard drive.
7. Documentation procedures are not required for configuration and change management processes.
8. A maintenance model such as the ISO model deals with methods to manage and operate systems.
9. External monitoring entails collecting intelligence from various data sources and then giving that
intelligence context and meaning for use by decision makers within the organization.
10. Often, US-CERT is viewed as the definitive authority for computer emergency response teams.
11. Many publicly accessible information sources, both mailing lists and Web sites, are available to those
organizations and individuals who have the time, expertise, and finances to make use of them.
ANS: F PTS: 1 REF: 538
12. Over time, external monitoring processes should capture information about the external environment
in a format that can be referenced both across the organization as threats emerge and for historical use.
13. The value of internal monitoring is low when the resulting knowledge of the network and systems
configuration is fed into the vulnerability assessment and remediation maintenance domain.
14. The characteristics concerned with manufacturer and software versions are about technical
functionality, and they should be kept highly accurate and up-to-date.
15. The target selection step involves using the external monitoring intelligence to configure a test engine
(such as Nessus) for the tests to be performed.
17. All systems that are mission critical should be enrolled in PSV measurement.
18. All telephone numbers controlled by an organization should be tested for modem vulnerability, unless
the configuration of the phone equipment on premises can assure that no number can be dialed from
the worldwide telephone system.
19. The vulnerability database, like the risk, threat, and attack database, both stores and tracks information.
20. Remediation of vulnerabilities can be accomplished by accepting or transferring the risk, removing the
threat, or repairing the vulnerability.
21. In some instances, risk is acknowledged as being part of an organization’s business process.
24. Major planning components should be reviewed on a periodic basis to ensure that they are current,
accurate, and appropriate.
25. Rehearsal adds value by exercising the procedures, identifying shortcomings, and providing security
personnel the opportunity to improve the security plan before it is needed.
MODIFIED TRUE/FALSE
ANS: F, review
2. ISO 27001 Information Security Handbook: A Guide for Managers provides managerial guidance for
the establishment and implementation of an information security program.
_________________________
3. Each phase of the SDLC includes a(n) maximum set of information security–related activities required
to effectively incorporate security into a system. _________________________
ANS: F, minimum
4. For configuration management (CM) and control, it is important to document the proposed or actual
changes in the security plan of the system. _________________________
5. Tracking awareness involves assessing the status of the program as indicated by the database
information and mapping it to standards established by the agency. _________________________
ANS: F, compliance
ANS: F, opened
PTS: 1 REF: 532
7. In some organizations, facilities management is the identification, inventory, and documentation of the
current information systems status—hardware, software, and networking configurations.
_________________________
ANS: F, configuration
8. CM assists in streamlining change management processes and prevents changes that could
detrimentally affect the security posture of a system before they happen.
_________________________
ANS: F, response
10. UN-CERT is a set of moderated mailing lists full of detailed, full-disclosure discussions and
announcements about computer security vulnerabilities. _________________________
ANS: F, Bugtraq
11. Specific routine bulletins are issued when developing threats and specific attacks pose a measurable
risk to the organization. _________________________
ANS: F, warning
12. The basic function of the external monitoring process is to monitor activity, report results, and escalate
warnings. _________________________
13. The primary goal of the external monitoring domain is to maintain an informed awareness of the state
of all of the organization’s networks, information systems, and information security defenses.
_________________________
ANS: F, internal
14. Organizations should have a carefully planned and fully populated inventory of all their network
devices, communication channels, and computing devices. _________________________
ANS: F, maintenance
16. An example of the type of vulnerability exposed via traffic analysis occurs when an organization is
trying to determine if all its device signatures have been adequately masked.
_________________________
17. The process of identifying and documenting specific and provable flaws in the organization’s
information asset environment is called VA. _________________________
18. The internal vulnerability assessment is usually performed against all public-facing addresses, using
every possible penetration testing approach. _________________________
ANS: F, Internet
19. You can document the results of the verification by saving a(n) profile. _________________________
ANS: F, trophy
ANS: F, wireless
21. The final process in the vulnerability assessment and remediation domain is the exit phase.
_________________________
ANS: F, remediation
22. The optimum solution in most cases is to repair a(n) vulnerability. _________________________
23. The CISO uses the results of maintenance activities and the review of the information security
program to determine if the status quo can adequately meet the threats at hand.
_________________________
25. A(n) war game puts a subset of plans in place to create a realistic test environment.
_________________________
MULTIPLE CHOICE
2. When the memory usage associated with a particular CPU-based system averages ____% or more over
prolonged periods, consider adding more memory.
a. 30 c. 90
b. 60 d. 100
ANS: B PTS: 1 REF: 521
3. To evaluate the performance of a security system, administrators must establish system performance
____.
a. baselines c. maxima
b. profiles d. means
ANS: A PTS: 1 REF: 522
4. ____ baselines are established for network traffic and also for firewall performance and IDPS
performance.
a. System c. Performance
b. Application d. Environment
ANS: C PTS: 1 REF: 522
5. A(n) ____ item is a hardware or software item that is to be modified and revised throughout its life
cycle.
a. revision c. change
b. update d. configuration
ANS: D PTS: 1 REF: 532
6. A ____ is the recorded state of a particular revision of a software or hardware configuration item.
a. state c. configuration
b. version d. baseline
ANS: B PTS: 1 REF: 532
7. The primary mailing list, called simply ____, provides time-sensitive coverage of emerging
vulnerabilities, documenting how they are exploited, and reporting on how to remediate them.
Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists.
a. Bug c. Buglist
b. Bugfix d. Bugtraq
ANS: D PTS: 1 REF: 539
8. The ____ is a center of Internet security expertise and is located at the Software Engineering Institute,
a federally funded research and development center operated by Carnegie Mellon University.
a. Bug/CERT c. CC/CERT
b. Bugtraq/CERT d. CERT/CC
ANS: D PTS: 1 REF: 539
9. The ____ list is intended to facilitate the development of a free network exploration tool.
a. Nmap-hackers c. Security Focus
b. Packet Storm d. Snort-sigs
ANS: A PTS: 1 REF: 540
10. The ____ commercial site focuses on current security tool resources.
a. Nmap-hackers c. Security Laser
b. Packet Storm d. Snort-sigs
ANS: B PTS: 1 REF: 540
11. The ____ mailing list includes announcements and discussion of an open-source IDPS.
a. Nmap-hackers c. Security Focus
b. Packet Storm d. Snort-sigs
ANS: D PTS: 1 REF: 540
12. The optimum approach for escalation is based on a thorough integration of the monitoring process into
the ____.
a. IDE c. ERP
b. CERT d. IRP
ANS: D PTS: 1 REF: 540
13. Detailed ____ on the highest risk warnings can include identifying which vendor updates apply to
which vulnerabilities as well as which types of defenses have been found to work against the specific
vulnerabilities reported.
a. escalation c. monitoring
b. intelligence d. elimination
ANS: B PTS: 1 REF: 541
14. As an alternative view of the way data flows into the monitoring process, a(n) ____ approach may
prove useful.
a. DTD c. Schema
b. DFD d. ERP
ANS: B PTS: 1 REF: 541
15. One approach that can improve the situational awareness of the information security function uses a
process known as ____ to quickly identify changes to the internal environment.
a. baseline c. differential
b. difference analysis d. revision
ANS: B PTS: 1 REF: 543
16. ____ is used to respond to network change requests and network architectural design proposals.
a. Network connectivity RA c. Application RA
b. Dialed modem RA d. Vulnerability RA
ANS: A PTS: 1 REF: 546
18. ____ pen testing is usually used when a specific system or network segment is suspect and the
organization wants the pen tester to focus on a particular aspect of the target.
a. White box c. Gray box
b. Black box d. Green box
ANS: A PTS: 1 REF: 551
19. ____, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks
by a malicious external source (hacker).
a. Penetration testing c. Attack simulation
b. Penetration simulation d. Attack testing
ANS: A PTS: 1 REF: 551
21. The steps of the Internet vulnerability assessment include ____, which is when the penetration test
engine is unleashed at the scheduled time using the planned target list and test selection.
a. scanning c. test selection
b. target selection d. analysis
ANS: A PTS: 1 REF: 556
22. The ____ vulnerability assessment process is designed to find and document selected vulnerabilities
that are likely to be present on the internal network of the organization.
a. intranet c. LAN
b. Internet d. WAN
ANS: A PTS: 1 REF: 556
23. The ____ process is designed to find and document the vulnerabilities that may be present because
there are misconfigured systems in use within the organization.
a. ASP c. SVP
b. ISP d. PSV
ANS: D PTS: 1 REF: 558
24. The ____ vulnerability assessment process is designed to find and document any vulnerability that is
present on dial-up modems connected to the organization’s networks.
a. modem c. dial-up
b. phone d. network
ANS: A PTS: 1 REF: 559
25. ____ allows for the major planning components to be reviewed on a periodic basis to ensure that they
are current, accurate, and appropriate.
a. System review c. Program review
b. Project review d. Application review
ANS: C PTS: 1 REF: 562
COMPLETION
ANS: dynamic
ANS: annual
ANS: baseline
4. ____________________ is the process of reviewing the use of a system, not to check performance, but
rather to determine if misuse or malfeasance has occurred.
ANS: Auditing
5. As the help desk personnel screen problems, they must also track the activities involved in resolving
each complaint in a help desk ____________________ system.
ANS: information
6. The objective of the external ____________________ domain within the maintenance model is to
provide the early awareness of new and emerging threats, threat agents, vulnerabilities, and attacks that
the organization needs in order to mount an effective and timely defense.
ANS: monitoring
7. When an organization uses specific software products as part of its information security program, the
____________________ often provides either direct support or indirect tools that allow user
communities to support each other.
ANS: vendor
ANS: internal
9. The process of collecting detailed information about devices in a network is often referred to as
____________________.
ANS: characterization
10. The ____________________ interconnections are network devices, communications channels, and
applications that may not be owned by the organization but are essential to the continued operation of
the organization’s partnership with another company.
ANS: partner
11. A(n) ____________________ analysis is a procedure that compares the current state of a network
segment (the systems and services it offers) against a known previous state of that same network
segment (the baseline of systems and services).
ANS: difference
12. The primary objective of the planning and risk ____________________ domain is to keep a lookout
over the entire information security program.
ANS: assessment
13. A key component in the engine that drives change in the information security program is a relatively
straightforward process called an information security ____________________ risk assessment.
ANS: operational
PTS: 1 REF: 546
14. The primary goal of the vulnerability assessment and ____________________ domain is to identify
specific, documented vulnerabilities and remediate them in a timely fashion.
ANS: remediation
15. The ____________________ tester’s ultimate responsibility is to identify weaknesses in the security
of the organization’s systems and networks and then present findings to the system owners in a
detailed report.
ANS:
pen
penetration
16. The ____________________ vulnerability assessment process is designed to find and document the
vulnerabilities that may be present in the public-facing network of the organization.
ANS: Internet
17. The Analysis step of Internet vulnerability assessment is when a knowledgeable and experienced
vulnerability analyst screens the test results for the ____________________ vulnerabilities logged
during scanning.
ANS: candidate
18. A(n) ____________________ risk is one that is higher than the risk appetite of the organization.
ANS: significant
19. The proven cases of real vulnerabilities can be considered vulnerability ____________________.
ANS: instances
20. The ____________________ process step is identical to the one followed in Internet vulnerability
analysis.
ANS: wireless
22. In ____________________ selection, all areas of the organization’s premises should be scanned with a
portable wireless network scanner.
ANS: target
23. Using scripted dialing attacks against a pool of phone numbers is often called war
____________________.
ANS: dialing
24. The primary goal of the readiness and ____________________ domain is to keep the information
security program functioning as designed and to keep it continuously improving over time.
ANS: review
25. Rehearsals that closely match reality are called ____________________ games.
ANS: war
ESSAY
ANS:
Agencies should monitor the status of their programs to ensure that:
- Ongoing information security activities are providing appropriate support to the agency mission
- Policies and procedures are current and aligned with evolving technologies, if appropriate
- Controls are accomplishing their intended purpose
ANS:
The four steps in developing the CM plan are:
- Establish baselines
- Identify configuration
- Describe configuration control process
- Identify schedule for configuration audits
ANS:
The recommended maintenance model is based on five subject areas or domains:
- External monitoring
- Internal monitoring
- Planning and risk assessment
- Vulnerability assessment and remediation
- Readiness and review