8.5: Assessment
True/False
Indicate whether the statement is true or false.
____ 1. A device that looks for unusual behavior, such as odd protocols arriving at a server, is known as a signature-based IDS/IPS.
____ 2. Web-filtering based on creating a list of unauthorized sites that may not be accessed is called whitelisting.
Multiple Choice
Identify the choice that best completes the statement or answers the question.
____ 3. Purchasing cybersecurity insurance to cover losses in the event of a security breach is an example of risk _____________.
| a. Avoidance | c. Transference |
| b. Mitigation | d. Acceptance |
____ 4. Deciding to delay the implementation of a new system until all security vulnerabilities can be resolved is an example of risk _____________.
| a. Avoidance | c. Transference |
| b. Mitigation | d. Acceptance |
____ 5. Devices such as Intrusion Detection Systems (IDSs) are considered risk ___________ strategies as they reduce the impact of the event through early detection.
| a. Avoidance | c. Transference |
| b. Mitigation | d. Acceptance |
____ 6. George has determined that the impact to the business from an internal server hard disk crash would be $2,000, including three hours of time to rebuild the data from backups. Historically, server drives fail about once every three years. As an option, he could cluster the server (install a second server to act in tandem with the first server) at a cost of $5,000 for hardware and installation. Assume he has a three-year equipment life cycle so he would have to replace this equipment in three years. Which of the following makes the most sense as a risk strategy?
| a. Install the second server, as any downtime is bad. | c. Avoid using the server until hard drives become more reliable. |
| b. Accept the risk, as it is less expensive than the proposed control. | d. Find a new job. He wasn’t hired to be an accountant. |
____ 7. In the ___________ phase of the SDLC, the system is performing work, with occasional updates to hardware and software.
| a. Initiation | c. Operations/maintenance |
| b. Development/acquisition | d. Implementation/assessment |
____ 8. Wiping hard drives and destroying software used with a system occurs at which stage of the SDLC?
| a. Initiation | c. Operations/maintenance |
| b. Disposal | d. Implementation/assessment |
____ 9. Establishing guidelines for including security into contracting language occurs at which stage of the SDLC?
| a. Initiation | c. Operations/maintenance |
| b. Development/acquisition | d. Implementation/assessment |
____ 10. The Gramm-Leach-Bliley Act (GLBA) that established security and privacy safeguards on depositor accounts at financial institutions is an example of what type of security policy?
| a. Regulatory | c. Informative |
| b. Advisory | d. Issue-specific |
____ 11. A device that receives packets that need to be sent out to other networks is known as a/an ___________.
| a. Firewall | c. Router |
| b. IDS/IPS | d. Switch |
Completion
Complete each sentence.
12. ________________________ risk is the amount of risk that remains after security controls have been applied.
Matching
Match the remediation technique/control to an appropriate category.
| A. Incident Response | F. System and Information Integrity |
| B. Personnel Security | G. Audit and Accountability |
| C. Physical and Environment Security | H. Monitoring and Reviewing Control System Security Policy |
| D. System and Communication Protection | I. Access Control |
| E. Media Protection | J. Organizational Security |
____ 13. Developing a policy for removing access when an employee is terminated
____ 14. Encrypting all sensitive data in transit
____ 15. Implementing an IDS/IPS
____ 16. Installing an uninterruptible power supply (UPS)
____ 17. Enabling logging of all after-hours access
____ 18. Issuing smart cards to users to enable multi-factor authentication
____ 19. Developing a disaster recovery plan (DRP)
____ 20. Establishing a security officer who has oversight of the system
____ 21. Encrypting all backup data
____ 22. Compliance audit
Short Answer
23. Discuss the difference between role-based security training and security awareness training. What recommendations would you make for how frequently these should occur?
24. You’ve been asked to implement a firewall. Discuss best practices for configuring a firewall.
25. Discuss the difference between a business network and an ICS network.
For the answers to these questions, email your name, the name of your college or other institution, and your position there to info@cyberwatchwest.org . CyberWatch West will email you a copy of the answer key.