Information Security Controls and Vulnerabilities, Exams of Information Systems

A comprehensive overview of various information security controls, including preventative, detective, and corrective measures, as well as common security vulnerabilities and attacks. It covers topics such as security policies, access control, cryptographic hashes, denial-of-service attacks, network security, firewalls, intrusion detection and prevention systems, and malware protection. The document also discusses best practices for securing client-server environments, virtualization, and voip systems. Additionally, it covers incident response, evidence protection, and physical security measures like fire suppression systems. This information is valuable for understanding the fundamental principles of information security and the strategies used to mitigate risks in an organizational setting.

Typology: Exams

2023/2024

Available from 09/21/2024

josh1990
josh1990 🇺🇸

4

(4)

5.6K documents

1 / 13

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CISA Domain 5 Comprehensive Questions with Answers
Graded A+
1. Information security steering committee - Correct Answer Security policies,
guidelines and procedures affect the entire organization and as such, should
have the support and suggestions of end users, executive management,
auditors, security admins, information systems personnel and legal counsel.
Therefore, individuals representing various management levels should meet as a
committee to discuss these issues and establish and approve security practives
2. Executive Management - Correct Answer Responsible for the overall protection
of information assets, and for issuing ad maintaining the policy framework.
3. CISO - Correct Answer The person in charge of information security within the
enterprise
4. Ownership of Information and Classification - Correct Answer The information
owner is responsible for the information and should decide on the appropriate
classification, based on the organizations data classification and handling policy.
5. Public/Private/Sensitive Classification - Correct Answer Public - company
brochures
6. Private - Internal policies, procedures, normal business email messages
7. Sensitive - Unpublished financials, company secrets
8. Fraud Triangle - Correct Answer The three key elements are opportunity,
motivation and rationalization.
9. Proactive Controls (Safeguards) - Correct Answer They attempt to prevent an
incident. Ex. A sign that warns a person about a dangerous condition
10.Reactive Controls (Countermeasures) - Correct Answer They allow the
detection, containment and revovery from an incident. Ex. a fire extinguisher or
sprinkler system.
11.Types of Controls - Correct Answer Preventative, Detective or Corrective
12.Security Administration - Correct Answer Implements logical access capabilities
in a set of access rues that stipulate which users are authorized to access a
resource at a particular level and under which conditions. The security
administrator invokes the appropriate sstem access control mechanism upon
receipt of a proper authorization request from the information owner or manager
to grant a specified user the rights for access to, or use of, a protected resource.
pf3
pf4
pf5
pf8
pf9
pfa
pfd

Partial preview of the text

Download Information Security Controls and Vulnerabilities and more Exams Information Systems in PDF only on Docsity!

CISA Domain 5 Comprehensive Questions with Answers

Graded A+

  1. Information security steering committee - Correct Answer Security policies, guidelines and procedures affect the entire organization and as such, should have the support and suggestions of end users, executive management, auditors, security admins, information systems personnel and legal counsel. Therefore, individuals representing various management levels should meet as a committee to discuss these issues and establish and approve security practives
  2. Executive Management - Correct Answer Responsible for the overall protection of information assets, and for issuing ad maintaining the policy framework.
  3. CISO - Correct Answer The person in charge of information security within the enterprise
  4. Ownership of Information and Classification - Correct Answer The information owner is responsible for the information and should decide on the appropriate classification, based on the organizations data classification and handling policy.
  5. Public/Private/Sensitive Classification - Correct Answer Public - company brochures
  6. Private - Internal policies, procedures, normal business email messages
  7. Sensitive - Unpublished financials, company secrets
  8. Fraud Triangle - Correct Answer The three key elements are opportunity, motivation and rationalization.
  9. Proactive Controls (Safeguards) - Correct Answer They attempt to prevent an incident. Ex. A sign that warns a person about a dangerous condition
  10. Reactive Controls (Countermeasures) - Correct Answer They allow the detection, containment and revovery from an incident. Ex. a fire extinguisher or sprinkler system.
  11. Types of Controls - Correct Answer Preventative, Detective or Corrective
  12. Security Administration - Correct Answer Implements logical access capabilities in a set of access rues that stipulate which users are authorized to access a resource at a particular level and under which conditions. The security administrator invokes the appropriate sstem access control mechanism upon receipt of a proper authorization request from the information owner or manager to grant a specified user the rights for access to, or use of, a protected resource.
  1. Access Control Good Practice - Correct Answer Integration of the review of access rights with human resource processes. When an employee transfers to a different function, access rights are adjusted at the same time.
  2. Mandatory Access Control - Correct Answer Logical access control filters used to validate access credentials that cannot be controlled or modified by normal users or data owners. Could be carried out by comparing the sensitivity of the information resources, kept on user-unmodifiable tag attached to the security object with the security clearance of the accessing entity such as a user or an application. Only administrators may make decisions that are derived from policy. Only admins can change the category of a resource, and no one may grant a right of access that is explicitly forbidden in the access control policy. Anything that is not expressly permitted is forbidden.
  3. Discretionary Access Control - Correct Answer Controls that may be configured or modified by the users or data owners. The case of data owner-defined sharing of information resources, where the data owner may select who will be enabled to access his/her resource and the security level of this access. DACs cannot override MACs.
  4. Security training - Correct Answer Strong leadership, direction and commitment by senior management on security training is needed. This commitment should be supported with a comprehensive program of formal security awareness training. Security awareness training should focus on common user security concerns - such as password selection, appropriate use of computing resources, email and web browsing safety and social engineering.
  5. Access to third parties - Correct Answer Where there is a need to allow an external party access to the information processing facilities or information of an organization, a risk assessment should be carried out to identify any requirements for specific controls.
  6. Alteration Attack - Correct Answer Occurs when unauthorized modifications affect the integrity of the data or code. Cryptographic hash is a primary defense against alteration attacks
  7. Smurf Attack - Correct Answer Occurs when misconfigured network devices allow packets to be sent to all hosts on a particular network via the broadcast address of the network
  8. Teardrop Attack - Correct Answer Involves sending mangled IP fragments with overlapping, oversized payloads to the target machine
  9. Phlashing - Correct Answer Permanent denial of service attack - damages a system hardware to the extent of replacement
  1. Computer Security Incident Response Team (CSIRT) - Correct Answer An IS auditor should ensure that the CSIRT is actively involved with users to assist them in the mitigation of risk arising from security failures and also to prevent security incidents.
  2. Technical Exposures - Correct Answer The unauthorized activities interferring with normal processing, such as implementation or modification of data and software, locking or misusing user services, destroying data, compromising system usability, distracting processing resources, or spying data flow or user activities at the network, platform, database or application level.
  3. Exposures include: Data leakage, wiretapping, computer shutdown
  4. Familiarization with the Enterprises IT environment - Correct Answer For IS auditors to effectively assess logical access controls within their org, they first need to gain a technical and organizational understanding of the organization's IT environment
  5. Front-end Systems - Correct Answer Network-Based systems connecting an organization to outside, untrusted networks, such as corporate web sites.
  6. Access Control Software - Correct Answer Purpose is to prevent the unauthorized access and modification to an organization's sensitive data and the use of system critical functions.
  7. Tokens - Correct Answer set to generate unique, time-dependent, pseudo- random strings that are called "session passwords"
  8. Onboarding to biometrics system - Correct Answer Occurs through an enrollment process by storing a users particular biometric feature. This occurs through an iterative averaging process of acquiring a physical or behavioral sample, extracting unique data from the sample, creating an initial template, comparing new samples with that has been stored and developing a final template that can be used to authenticate the user.
  9. False Rejection Rate - Correct Answer Type-I error rate. The number of times an individual granted authority to use the system is falsely rejected by the system.
  10. Failure to Enroll Rate - Correct Answer The proportion of people who fail to be enrolled successfully
  11. False Acceptance Rate - Correct Answer Type-II error rate. The number of times an individual not granted authority to use a system is falsely accepted by the system.
  1. Equal Error Rate - Correct Answer Is the percent showing when false rejection and acceptance are equal. The lower the overall measure, the more effective the biometric.
  2. Hand Geometry - Correct Answer One of the oldest biometrics. Concerned with measuring the physical characteristics of the users hands and fingers from a 3 dimensional perspective. Main disadvantage is the lack of uniqueness of hand geometry data. Also, an injury to the hand may cause the measurements to change, resulting in recognition problems
  3. Iris Scan - Correct Answer The iris is stable over time, having over 400 characteristics, although only approximately 260 of these are used to generate the template. Advantage to iris identification is that contact with the device is not needed. Disadvantages are the high cost of the system and the high amount of storage requirements needed to uniquely identify a user
  4. Retina Scan - Correct Answer The patterns of the retina are measured at over 400 points to generate a 96-byte template. Retinal scan is extermely reliable and it has the lowest FAR among the current biometric methods. Disadvantages are the need for fairly close physical contact with the scanning device, which impairs user acceptance and high cost.
  5. Fingerprint - Correct Answer Minutiae is the template generated for the fingerprint. Advantages are low cost, small size of the device, ability to physically interface into existing client-server based systems, and ease of integration into existing access control methods. Disadvantages include the need for physical contact with the device and the possibility of poor quality images due to residues, such as dirt and body oils on the finger. Not as effective as other techniques.
  6. Face Recognition - Correct Answer Main disadvantage is the lack of uniqueness, which means that people who look alike can fool the device. Some systems cannot maintain high levels of performance as the database grows in size. Advantage is its the most friendly biometrics and is fast and easy to use.
  7. SSO - Correct Answer The information resource or SSO server handling this function is referred to as the primary domain. Every other information resource, application or platform that uses those credentials is called a secondary domain. Costs can be significant, suppport for all major OSs is difficult and it provides a single point of failure. SAML(XML) and Kerberos are SSO variations.
  8. VPN - Correct Answer Advantages - ubiquity, ease of use, inexpensive connectivity, and read, inquiry or copy only access
  9. Disadvantages - they are significantly less reliable than dedicated circuits, lack a central authority and can be difficult to troubleshoot. Can create holes in the secuirty infrastructure. The encrypted traffic can hide unauthorized actions or malicious software. Preventative controls include IDSs and virus scanners able to

to each of them to be the other side. Or the attacker interferes while the devices are establishing a connection. Can be used against WPAN networks

  1. WPANs - Correct Answer susceptible to man in the middle attacks. Also, a risk is the uncontrolled propagation of radio waves. Ex. the radio traffic on bluetooth connections can be passively intercepted and recorded using bluetooth protocol sniffers.
  2. Screening Router (Packet Filtering) Firewall - Correct Answer Simplest and earliest kinds of firewall. A screening router examines the header of every packet of data traveling between the internet and the corporate network. Using the services and source and destination found in the header, the router can prevent certain packets from being sent between the internet and the corporate network. Advantage is simplicity and stable performance as the filtering rules are performed at the network layer. It is vulnerable to attacks from improperly configured filters and attacks tunneled over permitted services. Common Attacks: IP Spoofing - Attacker fakes the IP address of either an internal network host or trusted network host so that the packet being sent will pass the rule set Source Routing Specification - It is possible to define the routing that an IP packet must take when it traverses from the source to destination. It is possible to define the route so it bypasses the firewall. A defense against this is to drop the packet if source routing is enabled. Miniature Fragment Attack - An attacker fragments the IP packet into smaller ones and pushes it through the firewall in hope that only the first of the sequence would be examined and the others would be allowed to pass through. This can be countered by configuring the firewall to drop all packets where IP fragmentation is enabled.
  3. Application Gateway (Firewalls) - Correct Answer There are 2 types - application and circuit level firewall systems. They provide greater protection capabilities than packet filtering routers. Application and circuit level gateways (firewalls) allow information to flow between systems but do not allow the direct exchange of packets. They work at the application layer of the OSI. The application level gateway firewall is a system that analyzes packets through a set of proxies - one for each service (http is a WAF). Application-level gateways are mediators between two entities that want to communicate, also known as proxy gateways. Circuit level firewalls are more efficient and also operate at the app layer. Where TCP and UDP sessions are validated, typically through a single, general purpose proxy before opening a connection. Commercially, circuit level firewalls are quite rare. Application based firewalls are also set up as proxy servers.
  4. Stateful Inspection Firewalls - Correct Answer Keeps track of the destination IP address of each packet that leaves the orgs internal network. When the response to a packet is received, its record is referenced to ascertain and ensure that the

incoming message is in response to the request that went out. This is done by mapping the source IP address of an incoming packet with the list of destination IP addresses that is maintained and updated. Advantages is that stateful inspection control the flow of IP traffic by matching information contained in the headers of connection-oriented or connectionless IP packets at the transport layer, against a set of rules specified by the admin. This provides a greater degree of efficiency when compared to typical CPU intensive full time application firewall systems' proxy servers. Disadvantages include that stateful inspection firewalls can be relatively complex to administer compared to other types of firewalls.

  1. Screened host firewall - Correct Answer Utilizing a packer filtering router and a bastion host, this approach implements basic network layer security and application server security. An intruder in this configuration has to penetrate two separate systems before the secuirty of the private network can be compromised.
  2. Dual Homed Firewall - Correct Answer Firewall system that has two or more network interfaces, each of which is connected to a different network. Usually acts to block or filter some or all of the traffic trying to pass between the networks. Is a more restrictive from of a screened host firewall, in which a dual homed bastion host is configured with one interface established for information servers and another for private network host computers.
  3. Screened Subnet Firewall (DMZ) - Correct Answer Utilizing 2 packet filtering routers and a bastion host, this approach creates the most secure firewall system because it supports network and application level security while defining a separate DMZ network. DMZ functions as a small, isolated network for an organizations public servers, bastion host information servers and modem pools.
  4. Components of an IDS - Correct Answer Sensors that are responsible for collecting data such as network packets, log files, system call traces, etc. Analyzers that receive input from sensors and determine intrusive activity An administration console A user interface Neural Networks - Type of IDS that monitors the general patterns of activity and traffic on the network and creates a database.
  5. IPS - Correct Answer Are designed to not only detect attacks, but also to prevent the intended victim hosts from being affected by the attacks.
  6. Types of Honeypots - Correct Answer High Interaction - Give hackers a real environment to attack Low Interaction - Emulate production environments and provide more limited information.

known and new malware, on the basis of malware masks or signatures. Second type is heuristic scanners. They analyze the instructions in the code being scanned and decide on the basis of statistical probability whether it could contain malicious code. They tend to generate a high level of false positive errors. Active Monitors - interpret DOS and red only memory (ROM) BIOS calls, looking for malware like actions. Can be problematic because they cannot distinguish between a user request and a program or malware request. Integrity CRC Checkers - compute a binary number on a known malware free program that is then stored in a database file. The number is called a CRC. On subsequent scants, when that program is called to execute, it checks for changes to the files as compared to the database.

  1. Behavior Blockers - focus on detecting potentially abnormal behavior, such as writing to the boot sector or the master boot record or making changes to executable files. Can potentially detect malware at an early stage. Immunizers - Defend against malware by appending sections of themselves to files. Somewhat in the same way that file malware append themselves. They continually check the file for changes and report changes as possible malware behavior. Inoculators - Do not allow a program to run if it contains malware.
  2. Malware Walls - Correct Answer When malware scanning software is used as an integral part of firewall technologies. They scan incoming traffic with the intent of detecting and removing malware before the enter the protected network. They usually work at the following levels: SMTP protection, HTTP protection and FTP protection.
  3. Advantages of VOIP - Correct Answer Innovation progresses at market rates. Lower costs per call or even free calls, especially for long distances. Lower infrastructure costs.
  4. Securing VOIP - Correct Answer The VOIP infrastructure should be segregated using VLANs. Any connections between these two infrastructures should be protected using firewalls that can interpret VoIP protocols.
  5. Private Branch Exchange (PBX) - Correct Answer Sophisticated computer based switch that can be though of as essentially a small, in house phone company for the organization that operates it. Protection is a high priority.
  6. PBX Minimize risk - Correct Answer PBX System Attacks: Control the definition of DID lines to avoid an external party requesting a dial tone locally Establish system access controls over long distance phone calls Establish control over the numbers destined for fax machines and modems Hardware wiretapping: Physical security of the PBX facilities Usage of appropriate anti-tamper devices on critical hardware components Hardware Conferencing:

Establish strong physical security Lock critical hardware with anti-tamper devices Remote Access: A dial back scheme Careful scrutiny and proper authentication of requests to open the remote control Maintenance: Ask the manufacturer or maintenance company if any such features exist. Attempt to learn about undocumented usernames/passwords Attempt to search the system's programmable read only memory or disks for evidence of such features

  1. PBX software debugger/update utility - Correct Answer Perhaps the most dangerous vulnerability because access to the software would give an adversary virtually unlimited access to the PBX and its associated instruments.
  2. Bypass label Processing (BLP) - Correct Answer BLP bypasses the computer reading of the file label. Because most access control rules are based on file names, this can bypass access control programs
  3. System Exits - Correct Answer This system software feature permits the user to perform complex system maintenance, which may be tailored to a specific environment or company. They often exist outside of the computer security system and thus are not restricted or reported in their use.
  4. Special system logon IDs - Correct Answer These logon IDs are often provided by vendors. The names can be determined easily because they are the same for all similar computer systems. Passwords should be changed immediately upon installation to secure the systems.
  5. Data Diddling - Correct Answer Involves changing data before they are entered into the computer. It is one of the most common abuses because it requires limited technical knowledge and occurs before computer security can protect the data. There are only compensating controls for data diddling.
  6. Double Blind Penetration Testing - Correct Answer Is also known as zero- knowledge testing. This refers to a test where the penetration tester is not given any information and the target organization is not given any warning—both parties are "blind" to the test. This is the best scenario for testing response capability because the target will react as if the attack were real.
  7. Blind/Black Box Penetration Testing - Correct Answer This refers to a test where the penetration tester is not given any information and is forced to rely on publicly available information. This test simulates a real attack, except that the target organization is aware of the test being conducted.
  1. Sags, spike and surges - Correct Answer Temporary and rapid decreases or increases in voltage levels. Can cause loss of data, data corruption, network transmission errors or physical damage. Surge protectors can be used if they last from a few millionths to a few thousandths of a second. Intermediate interruptions, from a few seconds to 30 seconds can be controlled by UPS devices. Long term disruptions can be controlled by generators.
  2. Total flooding - Correct Answer Apply an extinguishing agent to a three dimensional enclosed space in order to achieve a concentration of the agent adequate to extinguish fire.
  3. Local Application - Correct Answer Apply an extinguishing agent directly onto a fire (usually a two dimensional area) or into the three dimensional region immediately surrounding the substance or object on fire. The main difference between local application and total flooding designs is the absence of physical barriers enclosing the fire space in the local application design.
  4. Water based systems - Correct Answer Sprinkler systems. Effective but unpopular because they damage equipment and property. Can be dry-pipe or charged(water is always in the system piping) A charged system is more reliable but has the disadvantage of exposing the facility to expensive water damage if the pipes leak.
  5. Halon Systems - Correct Answer Release pressurized Halon gases that remove oxygen from the air, thus starving the fire.
  6. FM-200, HFC-227 - Correct Answer A colorless odorless gaseous halocarbon, which is safe to be used where people are present. Commonly used as a gaseous fire suppression agent. Suppresses fire by discharging a gas onto the surface of combusting materials. low atmospheric lifetimes and ozone depletion potential
  7. Argonite - Correct Answer Mixture of 50 percent argon and 50 percent nitrogen. It is an inert gas used in gaseous fire suppression systems where damage to equipment is to be avoided. It is non toxic, but it does not satisfy the bodys need for oxygen and is a simple asphyxiant. People have suffocated by breathing argon by mistake.
  8. Fire proof walls and ceilings - Correct Answer The computer room walls and ceilings should have a fire rating of at least 2 hour resistance.
  9. Bastion host - Correct Answer Hardened system used to host services