程序代写代做 FTP chain C Business Data Networks and Security, 11e (Panko)

程序代写 CS代考 / C语言代写, FTP

Business Data Networks and Security, 11e (Panko)
Appendix: Managing the Security Process

1) The Target attackers probably first broke into Target using the credentials of a(n) ________.
A) low-level Target employee
B) Target IT employee
C) Target security employee
D) employee in a firm outside Target
Answer: D
Difficulty: Basic
Question: 1a
Objective: Discuss failures to stop the target breach.
AACSB: Applying Information Technology

2) Target received warnings during the attack. This happened ________.
A) on the vendor server
B) when the POS download server was compromised
C) when the exfiltration server was compromised
D) none of the above
Answer: C
Difficulty: Deeper
Question: 1e
Objective: Discuss failures to stop the target breach.
AACSB: Applying Information Technology

3) In a kill chain, ________.
A) stopping the attack at a single step stops the attack
B) stopping the attack at multiple steps stops the attack
C) stopping the attack at all steps stops the attack
D) none of the above
Answer: A
Difficulty: Basic
Question: 1f
Objective: Discuss failures to stop the target breach.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

4) Security is primarily about ________.
A) technology
B) planning
C) management
D) none of the above
Answer: C
Difficulty: Deeper
Question: 1hh
Objective: Explain why security is about management more than technology.
AACSB: Applying Information Technology, Application of Knowledge

5) Firewall operation takes place during the ________ phase.
A) plan
B) protect
C) response
D) none of the above
Answer: B
Difficulty: Basic
Question: 2a
Objective: Explain the Plan-Protect-Respond cycle.
AACSB: Applying Information Technology, Application of Knowledge

6) Which phase of the plan-protect-respond cycle takes the largest amount of work?
A) plan
B) protect
C) respond
D) The phases require about equal amounts of effort.
Answer: B
Difficulty: Deeper
Question: 2b
Objective: Explain the Plan-Protect-Respond cycle.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

7) The goal of security is to eliminate risk.
Answer: FALSE
Difficulty: Basic
Question: 3a
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Application of Knowledge

8) Balancing threats against protection costs is called ________.
A) economic justification
B) risk analysis
C) comprehensive security
D) The Illusion of Cost
Answer: B
Difficulty: Basic
Question: 3b
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology

9) Attackers only need to find a single weakness to break in. Consequently, companies must ________.
A) have comprehensive security
B) have insurance
C) do risk analysis
D) only give minimum permissions
Answer: A
Difficulty: Basic
Question: 4a
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology
10) A building with some unlocked exterior doors most specifically violates the principle of ________.
A) network segmentation
B) protecting single points of takeover
C) comprehensive security
D) risk analysis
Answer: C
Difficulty: Basic
Question: 4b
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

11) An attacker must break through two firewalls to get to a host. This most specifically illustrates the ________ principle.
A) comprehensive security
B) risk assurance
C) weakest link protection
D) defense in depth
Answer: D
Difficulty: Basic
Question: 5a
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology

12) Vulnerabilities are occasionally found in even the best security products. Consequently, companies must specifically ________.
A) outsource security
B) have defense in depth
C) do risk analysis
D) only give minimum permissions
Answer: B
Difficulty: Deeper
Question: 5b
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

13) There is a single countermeasure in ________.
A) weakest links
B) defense in depth
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Deeper
Question: 5c
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Application of Knowledge
14) A central firewall management program that specifically pushes changes to firewalls is ________.
A) a weakest link
B) defense in depth
C) a single point of takeover
D) risk analysis thinking
Answer: C
Difficulty: Basic
Question: 6a
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Application of Knowledge

15) Companies should ________ single points of takeover.
A) eliminate
B) give special attention to
C) minimize
D) authorize
Answer: B
Difficulty: Deeper
Question: 6b
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology

16) Allowing a user access to edit files in a specific directory is an example of ________.
A) authentication
B) authorizations
C) defense in depth
D) network segregation
Answer: B
Difficulty: Basic
Question: 7a
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Application of Knowledge

17) If someone has been properly authenticated, they should receive ________ permissions.
A) all
B) no
C) maximum
D) minimum
Answer: D
Difficulty: Basic
Question: 7a
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology
18) ________ are actions people can take on a resource.
A) Provisions
B) Authorizations
C) Authentications
D) Risks
Answer: B
Difficulty: Basic
Question: 7a
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology

19) Another term for authorization is ________.
A) permission
B) authentication
C) scope
D) establishing the creator of a file
Answer: A
Difficulty: Basic
Question: 7b
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

20) On sensitive resources, authenticated parties should get ________.
A) least permissions
B) standard permissions
C) no permissions
D) maximum permissions
Answer: A
Difficulty: Basic
Question: 7c
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology

21) To address uniformity of credentials verification throughout a large company, credentials verification information is usually stored in a single ________.
A) authenticator
B) verifier
C) authentication server
D) directory server or synchronized directory servers
Answer: D
Difficulty: Difficult
Question: 8a
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge
22) By changing credentials verification information on a(n) ________, a firm can immediately cut off all access to corporate resources.
A) authenticator
B) verifier
C) authentication server
D) border firewall
Answer: C
Difficulty: Basic
Question: 8b
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

23) Ideally, access control should be based on ________.
A) individuals
B) roles
C) standard authorizations
D) a three-headed dog named Fluffy
Answer: B
Difficulty: Basic
Question: 8c
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology

24) Errors in assigning permission are reduced if assignments are based on ________.
A) individuals
B) roles
C) standard authorizations
D) none of the above
Answer: B
Difficulty: Basic
Question: 8d
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Application of Knowledge

25) Companies should have ________ for each site.
A) multiple security domains
B) a single security domain
C) at least two DMZs
D) multiple DMZs
Answer: A
Difficulty: Deeper
Question: 9a
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge
26) DMZs are places for ________.
A) servers that are not accessible to clients outside the firm
B) servers that are freely accessible to clients outside the firm
C) servers that are freely accessible to clients inside the firm
D) servers that are inaccessible to any clients
Answer: B
Difficulty: Deeper
Question: 9b
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

27) Servers in the Demilitarized Zone (DMZ) are rarely attacked by clients on the Internet.
Answer: FALSE
Difficulty: Basic
Question: 9c
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology

28) Servers in the DMZ should be freely accessible to clients ________.
A) on the Internet
B) inside the firm
C) outside the DMZ
D) all of the above
Answer: A
Difficulty: Deeper
Question: 9d
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

29) There should be relatively free access ________.
A) between the Internet and the DMZ
B) between the DMZ and the firm’s internal network
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Deeper
Question: 9e
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

30) Security must be considered at the ________ level.
A) information systems
B) organizational systems
C) both A and B
D) neither A nor B
Answer: C
Difficulty: Deeper
Question: 10a
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge
31) Compared to ________, ________ are more structured.
A) procedures; processes
B) processes; procedures
C) both A and B
D) neither A nor B
Answer: B
Difficulty: Basic
Question: 10b
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

32) In movie theaters, having one person sell tickets and another collect them prevents ________.
A) a single person from stealing on his own.
B) collusion
C) the crossing of security domains
D) all of the above
Answer: A
Difficulty: Deeper
Question: 10c
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

33) If a person knows his or her role in an organizational system, ________.
A) they are dangerous
B) they are likely to report security violations
C) they are likely to act appropriately in unexpected circumstances
D) all of the above
Answer: C
Difficulty: Deeper
Question: 10f
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology

34) It is hardest to create good security ________.
A) policies
B) procedures
C) processes
D) culture
Answer: D
Difficulty: Deeper
Question: 10g
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology

35) If the security principles in this chapter are implemented in organizational systems, an organizational system is likely to work securely without substantial active management.
Answer: FALSE
Difficulty: Deeper
Question: 10j
Objective: Describe and apply major security planning principles.
AACSB: Applying Information Technology
36) A policy specifies ________.
A) what should be done
B) how to do it
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Basic
Question: 11a
Objective: Describe and apply policy-based security management.
AACSB: Applying Information Technology

37) Which of the following specifies what should be done?
A) policies
B) implementation
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Basic
Question: 11b
Objective: Describe and apply policy-based security management.
AACSB: Applying Information Technology

38) Policies are separated by implementation to take advantage of ________.
A) implementer knowledge
B) the delegation of work principle
C) minimum permissions
D) segregation of duties
Answer: A
Difficulty: Deeper
Question: 11c
Objective: Describe and apply policy-based security management.
AACSB: Applying Information Technology

39) Policies should drive ________.
A) implementation
B) oversight
C) both A and B
D) neither A nor B
Answer: C
Difficulty: Deeper
Question: 12a
Objective: Describe and apply policy-based security management.
AACSB: Applying Information Technology, Application of Knowledge
40) Oversight activities include ________.
A) vulnerability testing
B) creating guidelines
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Basic
Question: 12b
Objective: Describe and apply policy-based security management.
AACSB: Applying Information Technology, Application of Knowledge

41) Attacking your own firm occurs in ________.
A) vulnerability testing
B) auditing
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Basic
Question: 12c
Objective: Describe and apply policy-based security management.
AACSB: Applying Information Technology, Application of Knowledge

42) Implementation guidance is less specific than ________.
A) policy
B) implementation
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Basic
Question: 13a
Objective: Describe and apply policy-based security management.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

43) Compliance with ________ is mandatory.
A) standards
B) guidelines
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Basic
Question: 13b
Objective: Describe and apply policy-based security management.
AACSB: Applying Information Technology, Application of Knowledge
44) Compliance with ________ is voluntary.
A) guidelines
B) standards
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Basic
Question: 13b
Objective: Describe and apply policy-based security management.
AACSB: Applying Information Technology, Application of Knowledge

45) Which of the following MUST be followed?
A) standards
B) guidelines
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Basic
Question: 13c
Objective: Describe and apply policy-based security management.
AACSB: Applying Information Technology, Application of Knowledge

46) Which of the following is true?
A) Guidelines must be followed.
B) Guidelines must be considered.
C) both A and B
D) neither A nor B
Answer: B
Difficulty: Deeper
Question: 13d
Objective: Describe and apply policy-based security management.
AACSB: Applying Information Technology, Application of Knowledge

47) The statement that people in quality control should have access to robots on the shop floor is an example of a firewall ________.
A) policy
B) DMZ
C) ACL rule
D) procedure
Answer: A
Difficulty: Deeper
Question: 14a
Objective: Describe and apply policy-based security management.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge
48) The policy server creates ________.
A) DMZs
B) policies
C) ACLs for individual firewalls
D) standards that firewalls must follow
Answer: C
Difficulty: Deeper
Question: 14b
Objective: Describe and apply policy-based security management.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

49) Which of the following is easiest to understand?
A) firewall policies
B) firewall ACLs
C) Firewall procedures
D) Firewall processes
Answer: A
Difficulty: Basic
Question: 14c
Objective: Describe and apply policy-based security management.
AACSB: Applying Information Technology, Application of Knowledge

50) Successful attacks are called ________.
A) breaches
B) compromises
C) both A and B
D) neither A nor B
Answer: C
Difficulty: Basic
Question: 15a
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology

51) Successful attacks are called ________.
A) incidents
B) countermeasures
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Basic
Question: 15a
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology
52) A key to fast and effective response is ________
A) speed
B) quality
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Deeper
Question: 15b
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge

53) Which of the following is a normal incident?
A) a false alarm
B) a major security breach
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Deeper
Question: 16a
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge

54) Normal incidents are handled by the ________.
A) on-duty staff
B) CSIRT
C) outside consultant
D) FBI
Answer: A
Difficulty: Basic
Question: 16b
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge

55) Normal incidents usually require ________.
A) constant rehearsal
B) frequent rehearsal
C) little or no rehearsal
D) emergency rehearsal
Answer: C
Difficulty: Deeper
Question: 16c
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge
56) Major incidents are handled by the ________.
A) on-duty staff
B) CSIRT
C) outside consultant
D) FBI
Answer: B
Difficulty: Basic
Question: 17b
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge

57) CSIRT leaders should come from ________.
A) an outside crisis vendor
B) a business department
C) the security department
D) the IT department
Answer: B
Difficulty: Deeper
Question: 17c
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge

58) Which department will almost always be involved in a CSIRT?
A) the IT department
B) the legal department
C) the human resources department
D) all of the above
Answer: D
Difficulty: Deeper
Question: 17d
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge

59) Communication with the media should be restricted which of the following?
A) the public relations department
B) the legal department
C) the IT department
D) the security department
Answer: A
Difficulty: Deeper
Question: 17e
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge
60) CSIRTs rehearse an incident by talking about what should be done without actually doing it in ________.
A) simulations
B) live rehearsals
C) desktop rehearsals (also called tabletop rehearsals)
D) none of the above
Answer: C
Difficulty: Basic
Question: 18a
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge

61) Desktop (tabletop) rehearsals are important because they ________ compared to live rehearsals.
A) are relatively inexpensive
B) get into specific details
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Basic
Question: 18b
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge

62) Live rehearsals are important because they ________ compared to desktop rehearsals.
A) are relatively inexpensive
B) get into specific details
C) both A and B
D) neither A nor B
Answer: B
Difficulty: Basic
Question: 18c
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge

63) Real-time fail-over with synchronized data centers ________.
A) is expensive
B) minimizes downtime
C) both A and B
D) neither A nor B
Answer: C
Difficulty: Basic
Question: 19a
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge
64) ________ stop definite attack packets.
A) Firewalls
B) IDSs
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Basic
Question: 20a
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge

65) ________ focus on suspicious packets.
A) Firewalls
B) IDSs
C) both A and B
D) neither A nor B
Answer: B
Difficulty: Basic
Question: 20b
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge

66) ________ log provable attack packets.
A) Firewalls
B) IDSs
C) both A and B
D) neither A nor B
Answer: A
Difficulty: Deeper
Question: 20c
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge

67) The rate of alarms in IDSs is usually ________.
A) about right
B) somewhat more than desirable
C) much more than desirable
D) optimized for rapidly finding real incidents
Answer: C
Difficulty: Basic
Question: 20d
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Application of Knowledge
68) Device IDSs typically send log files to the central IDS log file using the ________ protocol.
A) FTP
B) HTTP
C) TFTP
D) SysLog
Answer: D
Difficulty: Deeper
Question: 20e
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

69) In IDS log files, relevant events are ________.
A) usually clustered tightly together
B) usually spread out in the log file
C) usually only available in log files for individual devices
D) usually found in the log files of routers
Answer: B
Difficulty: Deeper
Question: 21a
Objective: Describe how to respond to successful break-ins.
AACSB: Applying Information Technology, Analytical Thinking, Application of Knowledge

PAGE \* MERGEFORMAT 1
Copyright © 2019 Pearson Education, Inc.

Related Posts