Module 8: Remediation

Module 8 Assessment


Indicate whether the statement is true or false.

____ 1. A device that looks for unusual behavior, such as odd protocols arriving at a server, is known as a signature-based IDS/IPS.

____ 2. Web-filtering based on creating a list of unauthorized sites that may not be accessed is called whitelisting.


Multiple Choice

Identify the choice that best completes the statement or answers the question.

____ 3. Purchasing cybersecurity insurance to cover losses in the event of a security breach is an example of risk _____________.

a. Avoidance c. Transference
b. Mitigation d. Acceptance


____ 4. Deciding to delay the implementation of a new system until all security vulnerabilities can be resolved is an example of risk _____________.

a. Avoidance c. Transference
b. Mitigation d. Acceptance


____ 5. Devices such as Intrusion Detection Systems (IDSs) are considered risk ___________ strategies as they reduce the impact of the event through early detection.

a. Avoidance c. Transference
b. Mitigation d. Acceptance


____ 6. George has determined that the impact to the business from an internal server hard disk crash would be $2,000, including three hours of time to rebuild the data from backups. Historically, server drives fail about once every three years. As an option, he could cluster the server (install a second server to act in tandem with the first server) at a cost of $5,000 for hardware and installation. Assume he has a three-year equipment life cycle so he would have to replace this equipment in three years. Which of the following makes the most sense as a risk strategy?

a. Install the second server, as any downtime is bad. c. Avoid using the server until hard drives become more reliable.
b. Accept the risk, as it is less expensive than the proposed control. d. Find a new job. He wasn’t hired to be an accountant.


____ 7. In the ___________ phase of the SDLC, the system is performing work, with occasional updates to hardware and software.

a. Initiation c. Operations/maintenance
b. Development/acquisition d. Implementation/assessment


____ 8. Wiping hard drives and destroying software used with a system occurs at which stage of the SDLC?

a. Initiation c. Operations/maintenance
b. Disposal d. Implementation/assessment

____ 9. Establishing guidelines for including security into contracting language occurs at which stage of the SDLC?

a. Initiation c. Operations/maintenance
b. Development/acquisition d. Implementation/assessment


____ 10. The Gramm-Leach-Bliley Act (GLBA) that established security and privacy safeguards on depositor accounts at financial institutions is an example of what type of security policy?

a. Regulatory c. Informative
b. Advisory d. Issue-specific


____ 11. A device that receives packets that need to be sent out to other networks is known as a/an ___________.

a. Firewall c. Router
b. IDS/IPS d. Switch



Complete each sentence.

12. ________________________ risk is the amount of risk that remains after security controls have been applied.



Match the remediation technique/control to an appropriate category.

A. Incident Response F. System and Information Integrity
B. Personnel Security G. Audit and Accountability
C. Physical and Environment Security H. Monitoring and Reviewing Control System Security Policy
D. System and Communication Protection I. Access Control
E. Media Protection J. Organizational Security

____ 13. Developing a policy for removing access when an employee is terminated

____ 14. Encrypting all sensitive data in transit

____ 15. Implementing an IDS/IPS

____ 16. Installing an uninterruptible power supply (UPS)

____ 17. Enabling logging of all after-hours access

____ 18. Issuing smart cards to users to enable multi-factor authentication

____ 19. Developing a disaster recovery plan (DRP)

____ 20. Establishing a security officer who has oversight of the system

____ 21. Encrypting all backup data

____ 22. Compliance audit


Short Answer

23. Discuss the difference between role-based security training and security awareness training. What recommendations would you make for how frequently these should occur?




24. You’ve been asked to implement a firewall. Discuss best practices for configuring a firewall.




25. Discuss the difference between a business network and an ICS network.




For the answers to these questions, email your name, the name of your college or other institution, and your position there to CyberWatch West will email you a copy of the answer key.


Icon for the Creative Commons Attribution 4.0 International License

Critical Infrastructure Cybersecurity by Whatcom Community College and CyberWatch West is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book