Use the questions here to review what you learned in this chapter. The correct answers are found in the appendix, “Answers to Chapter Review Questions.”
Which are the three primary objectives of security?
- Antireplay functionality
Which are the three categories of controls?
Show that you understand the different types of controls by matching them with their related technology.
Type of controls
- Motion sensor
- Video surveillance
Match the different types of hackers and the like with their appropriate description.
- White hat
- Black hat
- Gray hat
- Blue hat
- Script kiddy
- Bug tester
- Hacker with little skill
- Unethical hacker
- Hacker of telecommunication systems
- Ethically questionable hacker
- Hacker with a political agenda
- Synonymous with black hat hacker
- Breaks security for nonmalicious reasons
Organize the following steps in the order in which they are used to compromise targets and applications.
- Escalate privilege
- Leverage the compromised system
- Perform footprint analysis
- Install back doors
- Enumerate applications and operating systems
- Gather additional passwords and secrets
- Manipulate users to gain access
Which of the following is (are) not part of the technical policies. (Select all that apply.)
- End-user policy
- Acceptable usage policy
- Email policy
- Governing policy
- Rainbow Series
- Network policy
- Common Criteria Standard
- Wireless policy
Reorder the classification levels of the private sector, from the least secure document to the most secure document.
Which of the following is not a criterion used to classify data?
- Useful life
- Personal association
Match each of the following information classification roles with its definition.
- Responsible for using the data
- Responsible on a day-to-day basis for the classified data
- Ultimately responsible for the data
Which of the following is a technical control?
- Network Admission Control system
- Security policies and standards
- Security audits
- Security awareness training
- Change and configuration management
Which of the following is not a characteristic of defense in depth?
- Security mechanisms back each other up.
- Security mechanisms do not depend on each other.
- Does not require IDS or IPS.
- The weakest links can be augmented so that single points of failure can be eliminated.
Match the definition with the appropriate attack method.
- Searching a network host and open ports
- Capturing electrical transmission
- Hiding information within a transmission
- Intercepting traffic that passes over a physical network
- Packet sniffing
- Emanation capturing
- Covert channel
- Port scanning
Reorder the phases of a system development life cycle.
- Operations and maintenance
- Acquisition and development
Which of the following security concepts limits a user’s rights to the lowest possible level needed to perform his tasks?
- Need to know
- Least privilege
- Universal participation
- Diversity of defense