Questions and Answers of Principles Of Information Security

I. Define how IP Security (IPSec) is the cryptographic authentication and encryption product of the IETF’s IP Protocol Security Working Group. Emphasize that this protocol is used to create virtual
I. Describe the purpose of PGP and its benefit of being a hybrid cryptosystem to storing and maintaining information. Note that this system uses some of the best available cryptographic algorithms to
I. Analyze what Bluetooth is and its importance as being a short-range wireless communication option between devices within a 30-foot range without the addition of security controls implemented.II.
I. Describe in detail what the purpose of a Robust Secure Network (RSN) is and why it is important to use as more devices and systems go online for organizations.II. Summarize the RSN protocol
I. Define the concept of Wired Equivalent Privacy (WEP) and how it applies to information security systems and cryptography.• WEP was an early attempt to provide security with the 8002.11 network
I. Provide context of the history of Secure Socket Layer (SSL) protocol to use public-key encryption and Netscape’s intention to create secure channel over public Internet connections. This birthed
I. Explain what steganography is and how it applies to cryptography and encryption standards. Stress that this is used as a data hiding method and involves embedding information within files.II.
I. Define what a digital signature is and which type of encryption processes are used to create them (asymmetric).II. Identify the process when an asymmetric cryptographic process uses the sender’s
I. Examine and describe how public-key infrastructure (PKI) is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to
I. Manage expectations that cryptographic capabilities must be embodied in tools that allow IT and information security practioners to apply the elements of cryptography in the world of information
I. Comprehend that symmetric encryption is also known as public-key encryption.II. Explain that symmetric encryption uses a single key to encrypt and decrypt, but asymmetric encryption uses two
I. Describe how symmetric encryption uses the same key, also known as a secret key, to encrypt and decrypt a message.II. Analyze the efficiency of symmetric encryption methods as they only require
I. Explain that cryptographic algorithms are often grouped into two broad categories: symmetric and asymmetric.II. Gain awareness that most cryptosystems often deploy a hybrid combination of
I. Gain awareness that a template cipher or perforated page cipher is not strictly an encryption cipher but more of an example of steganography.II. Examine that ciphering is often difficult to
True or False: In the event either a public key or private key is compromised, the communication terminates as there is no way to be able to override a compromised key.
I. Define the use of a running key cipher and how it applies concepts a book cipher uses for its own decrypting messages.II. Comprehend how the mirrored layout of a table simplifies the selection of
What term is used to describe a cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message?a. Private-key
I. Examine the similarities and differences between book ciphers and key ciphers and why they are important to use in cryptography and protect the organization’s information.II. Analyze how the use
Which of the following is the strongest symmetric encryption cryptosystem?a. Data Encryption System (DES)b. Advanced Encryption Standard (AES)c. Triple DES (3DES)d. RSA algorithm
I. Relate that this is one of the oldest modern encryption methods still used to this day, having been a key factor in cryptography for well over 100 years (1917).II. Assemble and list the process of
True or False: Two hundred and eighty-five computers could crack a 56-bit key in one year, whereas 10 times as many could do it in a little over a month.
I. Define the concept of an exclusive OR operation (OR) and its importance to cryptography.II. Comprehend that bit stream methods commonly use algorithm functions like the exclusive OR operation
True or False: Hashing functions require the use of keys.
I. Compare and contrast the transposition cipher to the substitution cipher and explain how transposition ciphers can be more difficult to decipher using that method.II. Recall transposition ciphers
Which of the following terms describes the process of making and using codes to secure the transmission of information?a. Algorithmb. Cryptographyc. Steganographyd. Cryptanalysis
I. Explain how in a substitution cipher you substitute one value for another.II. Describe a type of substitution based on a monoalphabetic substitution and how it only uses one alphabet whereas a
The science of encryption is known as which of the following?a. Cryptanalysisb. Steganographyc. Cryptologyd Algorithm
I. Recognize that cryptology has been around since approximately 1900 B.C. and is not a new phenomenon of the Internet.II. Review and list key dates in history critical to the transformation and
I. Analyze the two most common methods of encrypting plaintext: bit stream and block cipher.II. Review that in the bit stream method, each bit in the plaintext is transformed into a cipher bit one
Which of the following terms is used to describe the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext?a.
I. Classify a common fact that an organization that spends all of its time securing the wired network and leaves wireless networks to operate in any manner is opening itself up for a security
I. Describe the purpose of a packet sniffer (or network protocol analyzer). These can provide a network administrator with valuable information for diagnosing and resolving networking issues.II.
I. Identify the purpose of a vulnerability scanner and its purpose to determine security holes in a system.II. Introduce students to a class of vulnerability scanners called black-box scanners or
I. State how detecting a target computer’s OS is very valuable to an attacker because once the OS is known, all of the vulnerabilities to which it is susceptible can easily be determined.II. Stress
I. Several tools automate the remote discovery of firewall rules and assist an administrator in analyzing the rules to determine exactly what they allow and what they reject.II. Emphasize that
I. Identify the purpose of a trap and trace system and how it can be used to trace incidents back to their sources.II. Outline the process of how a trap often works. As mentioned in the text, it
I. Comparative effectiveness can be achieved by the following:• Thresholds• Blacklists• Whitelists• Alert SettingsII. Direct students to the point that once implemented, IDPSs are evaluated
I. Recall the purpose of a control strategy is to determine how an organization maintains and supervises the configuration of an IDPS.II. Examine the differences between centralized, partially
I. Understand that deploying and implementing an IDPS is often not always a straightforward task. The strategy for deploying an IDPS should consider several factors, the foremost being how the IDPS
• Compensating for weak or missing security mechanisms in the protection infrastructure, such as firewalls.• Identification and authentication systems, link encryption systems, access control
Analyze the strengths of an IDPS with respect to intrusion detection:• Monitoring and analysis of system events and user behaviors.• Testing the security states of system configurations.•
I. Examine in-depth the product features and quality of IDPSs. When asking for specific details of the system, apply the following top-level questions and sub-questions as outlined in the text:• Is
Review the following key questions that should be asked with respect to the technical and policy capabilities of an IDPS.• What is your systems environment?• What are the technical specifications
I. Disseminate the following areas of information when selecting the best IDPS for the needs of an organization and processes. They include the following:• Technical and policy considerations.•
I. Examine fail-safe procedures that are built into an IDPS that prevent it from being circumvented or defeated by an attacker or intrusion.II. Stress that encrypted tunnels or other cryptographic
I. Examine and disseminate how IDPS responses can be classified as an active or passive response.• An active response is one in which a definitive action is initiated when certain types of alerts
Justify the fact that with information security being a new field, it is often rife with a lack of understanding about what qualifications applicants need to fit in the roles they fill.Assess the
Review how once an IDPS detects an anomalous network situation, it has several options, depending on the policy and objectives of the organization that has configured it as well as the capabilities
I. Identify one of the core needs of threat intelligence is the ability for the SIEM system to analyze event data to detect anomalies or track interactions between users and places where data is
I. Emphasize that a SIEM system must have an ability to integrate threat intelligence services that provide current information on compromise indicators and adversary tactics, techniques, and
Review the facts that SIEM systems have the capability to analyze user access and authentication activities. This, in turn, can provide alerts for suspicious behaviors and violation of policy.
I. Conclude that SIEM platforms that are properly implemented enable the ability to identify incidents and enable a process to track and respond to them.II. Recognize some SIEM systems can initiate
I. Explain the differences between a host-based IDPS and network-based IDPS.II. Recall that the main purpose of this type of IDPS is to protect the server or host’s information assets.III. Detail
I. Express concerns that on average the duration between the start of a cyber intrusion to the time it was discovered was about 56 days according to Mandiant.II. Recall that improvement in an
I. Justify the reasons why an organization turns to a SIEM as a central location to empower a security operations center (SOC) to react and identify various events against their information
True or False: A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless
I. Explain the purpose of a log file monitor (LFM) is and how it is similar and different to an NIDPS.II. Discuss how IDPS responses can be classified: active or passive. An active response is one in
What is a network tool that collects copies of packets from the network and analyzes them?a. Footprintb. Routerc. Network trapperd. Packet sniffer
I. Justify the purpose and reasoning why this IDPS extension is beneficial to have available when detecting possible intrusions that have come into a system.II. Recall that stateful protocol analyses
A scanner that listens in on a network and identifies vulnerable versions of both server and client software is known as which of the following?a. Port scannerb. Active vulnerability scannerc.
I. Compare and contrast anomaly-based detection with signature-based detection. Explain how they are similar but uniquely different when examining intrusions into an information security system.II.
Which of the following terms are used to describe organized research of the Internet addresses owned or controlled by a target organization?a. Fingerprintingb. Trappingc. Foot printingd. Tracing
I. Explain that a signature-based IDPS (also known as a knowledge-based IDPS or misuse detection) examines data traffic in search of patterns that match known signatures: preconfigured, predetermined
What term is used to describe decoy systems designed to lure potential attackers away from critical systems?a. Trapb. Honeypotc. Traced. Sniffer
Analyze the three methods that often dominate detection methods and evaluate network traffic: signature-based detection, anomaly-based detection, and stateful protocol analysis.
In which IDPS control strategy are all IDPSs control functions implemented and managed in a central location?a. Centralized control strategyb. Fully distributed control strategyc. Partially
True or False: Signature-based IDPS technology is widely used because many attacks have clear and distinct signatures.
Which of the following terms involves activities that gather information about the organization and its network activities and assets?a. Tuningb. Filteringc. Clusteringd Foot printing
The process of adjusting an IDPS to maximize its efficiency in detecting true positives while minimizing false positives and false negatives is known as which of the following?a. Tuningb. Filteringc.
Establish an understanding that an IDPS serves as a deterrent by increasing the fear factor that one may be detected among would-be attackers. If attackers are aware that this in place, they are less
Which of the following is an event that triggers alarms when no actual attacks are in progress?a. Evasionb. False positivec. False attack stimulusd. False negative
I. Examine the reasons why log data should be compiled for analysis over time. This helps to examine what happened when an intrusion occurred and the motive (or reason why) as well as who may also be
Which VPN technology uses leased circuits from a service provider and conducts packet switching over these leased circuits?a. Secure VPNb. Hybrid VPNc. Trusted VPNd. Transport VPN
I. Focus on the fact that the primary purpose of an IDPS is to identify and report an intrusion.II. Emphasize that IDPSs can provide triggers or clues of potential upcoming or hidden intrusions that
True or False: SESAME is an authentication system that is the result of a European research and development project and is similar to Kerberos.
Classify the most important reasons why an IDPS is a good tool to use to detect network intrusions.
What is used to dial every number in a configured range and checks to see if a person, answering machine, or modem picks up?a. War dialerb. Number redialerc. Modem redialerd. Incident redialer
In which mode of IPSEC is the data within an IP packet encrypted, while the header information is not?a. Process modeb. Tunnel modec. Transport moded. Encryption mode
What is the system most often used to authenticate the credentials of users who are trying to access an organization’s network via a dial-up connection?a. VPNb. RADIUSc. SEASAMEd. KDC
I. Justify the facts that organizations that had remote access systems in place were far better equipped to handle the transformation of the workplace that was the result of the pandemic.II. Critique
I. Describe this phenomenon as the ability to expand an organization beyond the traditional security boundaries a firm would have in place.II. Explain the concept of “death of the perimeter” and
I. Discuss the concept of deperimeterization and how it applies to information security.II. Emphasize the importance of remote access to systems and how COVID-19 accelerated the need for protected
I. Detail that the purpose of this mode is to encrypt all traffic that will traverse an unsecured network, and the receiving server decrypts the packet to be able to send the final address.II. Stress
I. Explain how in transport mode, the data within an IP packet is encrypted, but the header information is not.II. Emphasize that this allows the user to establish a secure link directly with the
I. Define VPN as a private and secure network connection between systems that uses the data communication capability of an unsecured and public network. VPNs are commonly used to securely extend an
I. Detail that the Secure European System for Applications in a Multivendor Environment (SESAME), defined in RFC 1510, is the result of a European research and development project partly funded by
I. Explain how it is a widely held view that these unsecured, dial-up connection points represent a substantial exposure to attack.II. Comprehend that an attacker who suspects that an organization
I. Discuss installing Internet connections, which requires using leased lines or other data channels provided by common carriers, and therefore these connections are usually permanent and secured
I. Describe a content filter, which is a software filter—technically not a firewall—that allows administrators to restrict access to content from within a network. It is a set of scripts or
I. Relate that the configuration of firewall policies can be complex and difficult. Explain how each configuration rule must be carefully crafted, debugged, tested, and sorted.II. Emphasize that when
I. Outline the four questions that persons will need to answer to determine the best firewall for their organization and/or their needs:• Which type of firewall technology offers the right balance
I. Identify that hybrid firewalls combine the elements of other types of firewalls—that is, the elements of packet filtering and proxy services, or of packet filtering and circuit gateways.II.
I. Describe that an application layer firewall or application firewall, is frequently installed on a dedicated computer, separate from the filtering router, but is commonly used in conjunction with a
I. Explain that packet-filtering firewalls examine the header information of data packets that come into a network. Apply Figure 8-7 as a visual illustration of a standard IPv4 packet structure.II.
Classify firewalls and the four major categories of processing modes they fall into: packet-filtering firewalls, application layer proxy firewalls, MAC layer firewalls, and hybrids.
I. Explain that this model transitions defenses from static, network-based parameters and adjusts them to focus on authentication of users, assets, and resources. From there, they dynamically allow
Discuss the Brewer–Nash Model, which is designed to prevent a conflict of interest between two parties. Point out that this model is sometimes known as a Chinese Wall.
I. Detail that the Harrison–Ruzzo–Ullman (HRU) model defines a method to allow changes to access rights and the addition and removal of subjects and objects.II. Contrast and emphasize that the
I. Apply that this model has three core parts: sets of objects, sets of subjects, and sets of rights.II. Outline the model’s eight primitive protection rights:• Create object• Create subject•
I. Compare and contrast the differences between the BLP and Biba integrity models.• Emphasize that the key difference between the two models is the integrity properties, as they accomplish a

Showing 300 - 400 of 746