Assessment

True/False

Indicate whether the statement is true or false.

____ 1. A device that looks for unusual behavior, such as odd protocols arriving at a server, is known as a signature-based IDS/IPS.

____ 2. Web-filtering based on creating a list of unauthorized sites that may not be accessed is called whitelisting.

Multiple Choice

Identify the choice that best completes the statement or answers the question.

____ 3. Purchasing cybersecurity insurance to cover losses in the event of a security breach is an example of risk _____________.

• a. Avoidance
• b. Mitigation
• c. Transference
• d. Acceptance

____ 4. Deciding to delay the implementation of a new system until all security vulnerabilities can be resolved is an example of risk _____________.

• a. Avoidance
• b. Mitigation
• c. Transference
• d. Acceptance

____ 5. Devices such as Intrusion Detection Systems (IDSs) are considered risk ___________ strategies as they reduce the impact of the event through early detection.

• a. Avoidance
• b. Mitigation
• c. Transference
• d. Acceptance

____ 6. George has determined that the impact to the business from an internal server hard disk crash would be $2,000, including three hours of time to rebuild the data from backups. Historically, server drives fail about once every three years. As an option, he could cluster the server (install a second server to act in tandem with the first server) at a cost of $5,000 for hardware and installation. Assume he has a three-year equipment life cycle so he would have to replace this equipment in three years. Which of the following makes the most sense as a risk strategy?

• a. Install the second server, as any downtime is bad.
• b. Accept the risk, as it is less expensive than the proposed control.
• c. Avoid using the server until hard drives become more reliable.
• d. Find a new job. He wasn’t hired to be an accountant.

____ 7. The Gramm-Leach-Bliley Act (GLBA) that established security and privacy safeguards on depositor accounts at financial institutions is an example of what type of security policy?

• a. Regulatory
• b. Advisory
• c. Informative
• d. Issue-specific

____ 8. A device that receives packets that need to be sent out to other networks is known as a/an ___________.

• a. Firewall
• b. IDS/IPS
• c. Router
• d. Switch

Completion

Complete each sentence.

9. ________________________ risk is the amount of risk that remains after security controls have been applied.

Matching

Match the remediation technique/control to an appropriate category.

• A. Incident Response
• B. Personnel Security
• C. Physical and Environment Security
• D. System and Communication Protection
• E. Media ProtectionJ. Organizational Security
• F. System and Information Integrity
• G. Audit and Accountability
• H. Monitoring and Reviewing Control System Security Policy
• I. Access Control

____ 10. Developing a policy for removing access when an employee is terminated

____ 11. Encrypting all sensitive data in transit

____ 12. Implementing an IDS/IPS

____ 13. Installing an uninterruptible power supply (UPS)

____ 14. Enabling logging of all after-hours access

____ 15. Issuing smart cards to users to enable multi-factor authentication

____ 16. Developing a disaster recovery plan (DRP)

____ 17. Establishing a security officer who has oversight of the system

____ 18. Encrypting all backup data

____ 19. Compliance audit

 Short Answer

20. Discuss the difference between role-based security training and security awareness training. What recommendations would you make for how frequently these should occur?
21. You’ve been asked to implement a firewall. Discuss best practices for configuring a firewall.
22. Discuss the difference between a business network and an ICS network.
23. Explain the importance of ensuring that firmware and operating system updates are digitally signed.