Don’t try to master it all – just try to understand how to NOT be the low hanging fruit – Interview with Christopher Hadnagy, CEO of Social-Engineer, LLC.
Dear Readers, today we would like to introduce to you Christopher...
0 of 32 questions completed
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
0 of 32 questions answered correctly
Time has elapsed
You have reached 0 of 0 points, (0)
Which of the following defined “protected computers” and criminalized attacks against them?
The Computer Fraud and Abuse Act, penned in 1984, is still an important piece of legislation for the prosecution of computer crime. The Computer Fraud and Abuse Act defined protected computers, which were intended to be systems in which the federal government had a particular interest. The law set a bar of $ 5000 in damages during 1 year in order for the act to constitute a crime.
What attempts to show that evidence has been properly secured and controlled after having been acquired?
Chain of custody is concerned with showing that evidence has been controlled after acquisition. Details will include all the people that handled the evidence as well as the person that controlled and secured the evidence.
Which Code of Ethics specifically refers to advancing the profession?
The (ISC) 2 Code of Ethics makes specific mention of advancement of the profession.
What metric describes the moment in time in which data must be recovered and made available to users in order to resume business operations?
The recovery point objective (RPO) is the moment in time in which data must be recovered and made available to users in order to resume business operations.
How do dry pipe systems work?
Dry pipes contain compressed air and require a trigger to deploy— the sprinkler head opens. The valve opens once air pressure drops in the pipes, releasing water.
EMI issues such as crosstalk primarily impact which aspect of security?
EMI issues such as crosstalk could impact all aspects listed, but it most commonly impacts integrity.
Which of the following is an administrative control?
Asset tracking is an administrative control. Administrative controls include policies, procedures, and practices.
Before applying a software update to production systems, it is MOST important that:
Prior to deploying updates to production servers, make certain that a full system backup is conducted. In the regrettable event of a system crash, due to the update, the server and data can be recovered without a significant loss of data. Additionally, if the update involved propriety code, it will be necessary to provide a copy of the server or application image to the media librarian. The presence or absence of full disclosure information is good to have but not a requirement as the patching process will have to be a risk-based decision as it applies to the organization. Documentation of the patching process is the last step in patch management processes. Independent third-party assessments are not usually related to attesting patch validity.
A holistic lifecycle for developing security architecture that begins with assessing business requirements and subsequently creating a ‘chain of traceability’ through phases of strategy, concept, design, implementation and metrics is characteristic of which of the following frameworks?
SABSA (Sherwood Applied Business Security Architecture) is a holistic lifecycle for developing security architecture that begins with assessing business requirements. It generates a “chain of traceability” of security requirements to business functionality, through the phases of strategy, concept, design, implementation, and metrics. It represents any architecture using six layers, each representing a different perspective for the design and construction and use of the target system.
Which of the following security standards is internationally recognized as the standards for sound security practices and is focused on the standardization and certification of an organization’s Information Security Management System (ISMS)?
ISO 27000 series will assist organizations of all types to understand the fundamentals, principles, and concepts to improve the protection of their information assets. ISO 15408 is the common criteria which includes the evaluation criteria for IT security. ISO 9001 provides the requirements for quality management system. ISO 9126 is an international standard for the evaluation of software quality.
A two-dimensional grouping of individual subjects into groups or roles and granting access to groups to objects is an example of which of the following types of models?
While lattice-based models tend to treat similar subjects and objects with similar restrictions, matrix-based models focus on one-to-one relationships between subjects and objects. The best known example is the organization of subjects and objects into an access control matrix. An access control matrix is a two-dimensional table that allows for individual subjects and objects to be related to each other. A state machine model, describes the behavior of a system as it moves between one state and another, from one moment to another. A noninterference model maintains activities at different security levels to separate these levels from each other. In this way, it minimizes leakages that may happen through covert channels, because there is complete separation between security levels.
In the Common Criteria, the common set of functional and assurance requirements for a category of vendor products deployed in a particular type of environment are known as:
Protection profiles are the common set of functional and assurance requirements while security target is the specific functional and assurance requirements that the author of the security target wants a given product to fulfill. Trusted computing base and ring protection are not concepts of the common criteria.
In the OSI reference model, on which layer can Ethernet (IEEE 802.3) be described?
Layer 2, the data-link layer, describes data transfer between machines, for instance, by an Ethernet.
Ann installs a new Wireless Access Point (WAP) and users are able to connect to it. However, once connected, users cannot access the Internet. Which of the following is the MOST likely cause of the problem?
The subnet mask is broken into two parts, the Network ID and the Host ID. The Network ID represents the network that the device is connected to. If, for example, the subnet mask in question was supposed to be 255.255.240.0, but instead was entered as 255.240.0.0, then the device would only be able to see other computers in the 255.240.0.0 subnet, and the default gateway of the subnet. When the wrong subnet mask is entered for a network configuration, the device will not be able to communicate with any other devices outside of the subnet until the right subnet mask is entered, allowing them to be able to interact with the devices on the network that the subnet mask represents.
A botnet can be characterized as:
“Bots” and “botnets” are most insidious implementations of unauthorized, remote control of compromised systems. Such machines are essentially zombies controlled by ethereal entities from the dark places on the Internet.
Which wireless security protocol is also known as the Robust Security Network (RSN) and implements the full 802.11i standard?
WPA2 (Wi-Fi Protected Access 2) implements AES and CCMP (Counter Mode CBC MAC Protocol), as defined by 802.
Identification is the assertion of a unique identity for a person or system and is the starting point of all access control. Without proper identification it is impossible to determine to whom or what to apply the appropriate controls. Identification is a critical first step in applying access controls because all activities and controls are tied to the identity of a particular user or entity.
Authentication is the process of verifying the identity of the user. Upon requesting access and presenting unique user identification, the user will provide some set of private data that only the user should have access to or knowledge of. The combination of the identity and information only known by, or only in the possession of, the user acts to verify that the user identity is being used by the expected and assigned entity (e.g., a person). This, then, establishes trust between the user and the system for the allocation of privileges.
Authorization is the final step in the process. Once a user has been identified and properly authenticated, the resources that user is allowed to access must be defined and monitored. Authorization is the process of defining the specific resources a user needs and determining the type of access to those resources the user may have.
A potential vulnerability of the Kerberos authentication server is:
There are some issues related to the use of Kerberos. For starters, the security of the whole system depends on careful implementation: enforcing limited lifetimes for authentication credentials minimizes the threats of replayed credentials, the KDC must be physically secured, and it should be hardened, not permitting any non-Kerberos activity. More importantly, the KDC can be a single point of failure, and therefore should be supported by backup and continuity plans.
The Identity and Access Provisioning Lifecycle is made up of which phases?
The lifecycle is the workflow of how a user obtains access, uses it and finally loses it. The
lifecycle is made up of the following phases:
Which best describes access controls?
Access controls are the collection of mechanisms that work together to protect the assets of the enterprise. They help protect against threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved.
Real User Monitoring (RUM) is an approach to Web monitoring that?
Most security vulnerabilities are caused by one?
Most security vulnerabilities are caused by one of the following four reasons:
■ Bad programming patterns such as missing checks of user-influenced data that can cause, e.g., SQL injections vulnerabilities,
■ Misconfiguration of security infrastructures, e.g., too permissible access control or weak cryptographic configurations,
■ Functional bugs in security infrastructures, e.g., access control enforcement infrastructures that inherently do not restrict system access,
■ Logical flaws in the implemented processes, e.g., resulting in an application allowing customers to order goods without paying.
The process for developing an ISCM strategy and implementing an ISCM program is?
The process for developing an ISCM strategy and implementing an ISCM program is as follows:
■ Define an ISCM strategy based on risk tolerance that maintains clear visibility into assets, awareness of vulnerabilities, up-to-date threat information, and mission/business impacts.
■ Establish an ISCM program determining metrics, status monitoring frequencies, control assessment frequencies, and an ISCM technical architecture.
■ Implement an ISCM program and collect the security-related information required for metrics, assessments, and reporting. Automate collection, analysis, and reporting of data where possible.
■ Analyze the data collected and Report findings, determining the appropriate response. It may be necessary to collect additional information to clarify or supplement existing monitoring data.
■ Respond to findings with technical, management, and operational mitigating activities or acceptance, transference/sharing, or avoidance/rejection.
■ Review and Update the monitoring program, adjusting the ISCM strategy and maturing measurement capabilities to increase visibility into assets and awareness of vulnerabilities, further enable data-driven control of the security of an organization’s information infrastructure, and increase organizational resilience.
What type of firmware is erased via ultraviolet light?
Erasable programmable read-only memory (EPROM) is erased by exposure to ultraviolet light.
If speed is preferred over resilience, which of the following RAID configuration is the most suited?
In a RAID 0 configuration, files are written in stripes across multiple disks without the use of parity information. This technique allows for fast reading and writing to disk since all of the disks can typically be accessed in parallel. However, without the parity information, it is not possible to recover from a hard drive failure. This technique does not provide redundancy and should not be used for systems with high availability requirements.
Computer forensics is the marriage of computer science, information technology, and engineering with:
As a forensic discipline, this area deals with evidence and the legal system and is really the marriage of computer science, information technology, and engineering with law.
Which of the following is part of the five rules of evidence?
At a more generic level, evidence should have some probative value, be relevant to the case at hand, and meet the following criteria (often called the five rules of evidence): be authentic, be accurate, be complete, be convincing, and be admissible.
Separation of duties requires that two parties act in concert in order to carry out a critical transaction. What is the term associated with two individuals working together to perpetrate a fraud?
Collusion is the term associated with two parties having to both act inappropriately in order to perpetrate a fraud.
Two cooperating processes that simultaneously compete for a shared resource, in such a way that they violate the system’s security policy, is commonly known as:
A covert channel or confinement problem is an information flow issue. It is a communication channel allowing two cooperating processes to transfer information in such a way that it violates the system’s security policy. There are two types of covert channels: storage and timing. A covert storage channel involves the direct or indirect reading of a storage location by one process and a direct or indirect reading of the same storage location by another process. Typically, a covert storage channel involves a finite resource, such as a memory location or sector on a disk that is shared by two subjects at different security levels. This scenario is a description of a covert storage channel. A covert timing channel depends upon being able to influence the rate that some other process is able to acquire resources, such as the CPU, memory, or I/O devices. Covert channels as opposed to what should be the case (overt channels) could lead to denial of service and object reuse has to do with disclosure protection when objects in memory are reused by different processes.
It is extremely important that as one follows a software development project, security activities are performed:
Security activities should be done in parallel with project initiation activities and, indeed, with every task throughout the project.
Software Acquisition (SwA) can be organized around the major phases of a generic acquisition process. The major phases are:
SwA can be organized around the major phases of a generic acquisition process.
The major phases are:
The major phases are:
At what phase of the SDLC (Systems Development Life Cycle) should security become part of the process?
Security is a critical component of the entire SDLC process, typically beginning with a security plan before initiation.