Documente Academic
Documente Profesional
Documente Cultură
xmlid=9780789735737%2Fch07lev1sec13
Username:AdityaMishraBook:CISAExamPrep.Nopartofanychapterorbookmaybereproducedortransmittedinanyformbyanymeanswithouttheprior
writtenpermissionforreprintsandexcerptsfromthepublisherofthebookorchapter.RedistributionorotherusethatviolatesthefairuseprivilegeunderU.S.
copyrightlaws(see17USC107)orthatotherwiseviolatestheseTermsofServiceisstrictlyprohibited.ViolatorswillbeprosecutedtothefullextentofU.S.
FederalandMassachusettslaws.
ApplyYourKnowledge
Youhaveseeninthischapterthattheorganizationshouldhaveformalizedsecurityfunctionsdevelopedtoprotect
thecompanysinformationassets.Oneprovenmethodofprotectinginformationisencryption.Thisexercisehas
youdownloadandinstalladigitalcertificate.YouwillneedanInternetconnectionandMicrosoftOutlookto
completethisexercise.
Exercises
7.1.ObtainingDigitalCertificates
Thisexercisewillstepyouthroughtheprocessofobtainingafreedigitalcertificate.Thesecanbeusedwithemail,
signing,orothernoncommercialencryptionprocesses.
EstimatedTime:10Minutes
1.Thefirststepinthistaskistoobtainadigitalcertificate.Manydifferentvendorsprovidetheseinthis
exercise,youwillbedownloadingthecertificatefromComodo,whichprovidesfreecertificatesfor
noncommercialuse.
2.Gotohttp://www.comodogroup.com/products/certificate_services/index.htmltogetyourfreedigital
certificate.Youwillneedtofilloutashortform,andthendownloaddetailswillbeemailedtoyou.
3.OpenyouremailfromComodoandfollowthelinktothecertificatedownload.Thisinstallsthecertificatein
yourcomputer.
4.Tousethecertificate,openOutlookandSelectToolsfromthemenu.
5.SelectOptionsfromtheToolsmenu.
6.OntheOptionsmenu,choosetheSecuritytab.
7.EnteranameforyoursecuritysettingintotheSecuritySettingsNamebox.
8.CheckDefaultSecuritySettingforThisSecureMessageFormat.
9.SelectyourSecureEmailCertificatefromtheSelectCertificatedialogbox.
10.NowviewyourcertificatebyselectingtheViewCertificatebutton.TheCertificatemenudisplaysfourtabs
thatprovidemoredetailaboutyourcertificate.Clickoneachonetolearnmoreaboutthecertificate.After
examiningit,clicktheOKbuttontoreturntotheSelectCertificatemenuandclickOKagaintoselectthe
certificate.
11.WhileattheChangeSecuritySettingmenu,makesureSendTheseCertificateswithSignedMessagesis
selected.
12.ClickOKtoreturntotheOptionsdialogbox,andthenclickOKtoreturntoOutlook.Yourcertificateisnow
installed.
13.Tosendamessagewithyournewdigitalcertificate,createanewmessagetosendtoacoworkerorfriend.
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fch07lev1sec13 1/6
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fch07lev1sec13
14.Aftercreatingthemessage,choosetheOptionsbutton.
15.FromtheOptionsmenu,selecttheSecuritySettingsbutton.Nowchoose
AddDigitalSignaturetoThisMessageandselectOK.
16.Youhaveaddedthestrengthofnonrepudiation.Youcannowsendyourfirstsignedemail.
ExamQuestions
1.Whichofthefollowingcryptosystemsprovidesthebestmethodtoverifyintegrity?
A. DES
B. AES
C. MD5
D. RSA
2.Whichofthefollowingisthemosteffectivecontrolforvirusesandworms?
A. Agoodbackuppolicy
B. Scanningincomingemailforvirusesandworms
C. Policiesthatprohibittheuseofmediabroughtfromhomeordownloadedfroma
nonworkcomputer
D. Antivirusthatisupdatednolessthanweekly,thatisonlineandactive
3.ABtoCecommercewebsiteisworriedaboutsecurityandhashadtalksaboutencryption.Specifically,
theywouldliketosetupasystemthatcanmonitor,detect,andalertonhackingactivity.Whichofthe
followingwouldbestmeettherequiredneeds?
A. Packetfiltering
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fch07lev1sec13 2/6
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fch07lev1sec13
B. Intrusiondetection
C. Statefulinspection
D. Asymmetriccryptography
4.Yourcompanyisconsideringapenetrationtesttoreviewexternalsecurity.Theywouldlikeyou,the
companysleadISauditor,todirecttheproject.Whichofthefollowingwouldbeconsideredthefirstand
mostimportantforyoutoaccomplishbeforeyoubegin?
A. Establishatimeframeforthetest
B. Determinetheteammembers
C. GetthesupportoftheITsecuritygroup
D. Obtainwrittenauthorization
5.WhichofthefollowingbestdescribesthetypeofIDSthatworksbylearningusersactivitiessothatit
understandsnormalpatternsofbehaviors?
A. Statistical
B. Signature
C. Neural
D. Protocol
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fch07lev1sec13 3/6
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fch07lev1sec13
6.WhichofthefollowingisthehighestpriorityforanISauditor?
A. Designingandimplementingsecuritycontrols
B. Reviewingnewpoliciesandprocedures
C. Controllingandmonitoringdatasecurityandpolicies
D. ControllingandmonitoringIDSandfirewallactivity
7.Ateamofauditorshasjustcompletedanauditoftheorganization.Whichofthefollowingfindingsshould
beconsideredthemostcritical?
A. Serversarenotbackeduponaregularbasis.
B. Workstationsarenotbackeduponaregularbasis.
C. Thebusinesscontinuityplaniscurrentbutincludescriticalandnoncriticalitems.
D. Thepasswordchangepolicyisnotbeingactivelyenforced
8.Youhavebeenaskedtoreviewyourorganizationscomputerforensicspolicy.Whichofthefollowing
elementsshouldbeofthemostconcerntoyouwhilereviewingthedocumentation?
A. Incidentresponse
B. Chainofcustody
C. Inhouseforensicinvestigators
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fch07lev1sec13 4/6
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fch07lev1sec13
D. Commercialforensicsoftware
9.Whendiscussingdataownership,whichofthefollowingindividualshastheresponsibilityofdaytoday
managementoftheasset?
A. Securityadvisorygroup
B. Processowner
C. Chiefprivacyofficer
D. Chiefsecurityofficer
10.SeveralcoworkersareinstallinganIDS,andyouhavebeenaskedtomakeaninitialreview.Oneofthe
installershasaskedwhichofthefollowingistheworstconditionforanIDS.Whichiscorrect?
A. Positive
B. Negative
C. Falsepositive
D. Falsenegative
AnswerstoExamQuestions
1.C.MD5isahashingalgorithm.Hashingalgorithmsareusedtoverifyintegrity.AnswerAisincorrect
becauseDESisasymmetricalgorithmandoffersconfidentiality,answerBisincorrectbecauseAESisalso
asymmetricalgorithmthatoffersconfidentiality,andanswerDisincorrectbecauseRSAisanasymmetric
algorithmthatgenerallyoffersconfidentiality,authentication,andnonrepudiation.
2.D.Anuptodateantivirussystemisthemosteffectivemeansofpreventingandcontrollingmalicious
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fch07lev1sec13 5/6
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fch07lev1sec13
software.Regularupdatesarerequiredtoensurethattheantivirussoftwarehasthecapabilitytoscanfor
themostcurrentmaliciouscode.AnswerAisincorrectbecausebackupswillnotpreventavirusinfection
andoffernocontrolofmaliciouscode.AnswerBisincorrectbecausescanningemailwillpreventsome
maliciouscode,butthereareothermodesofentry.AnswerCisincorrectbecausealthoughpoliciesarea
goodbaseliningcontrol,theydonotpreventemployeesfromcarryingoutspecificactions.
3.B.Intrusiondetectionisthebestmethodofmonitoringanddetectingbreakinsorattemptstoattackvia
theInternet.AnswerAisincorrectbecausepacketfilteringisatypeofstatelessinspectionandcanmakea
decisionononlyasetofstaticrules.AnswerCisincorrectbecausestatefulinspectionisnotspecifically
designedtodetectandreporthackingactivities.AnswerDisincorrectbecauseencryptiondoesnotmeet
anyofthecompanysstatedgoals.
4.D.Themostimportantstepofthepentestprocessistoobtainwrittenauthorizationandapproval.No
testingshouldoccuruntilthisstepiscompleted.AnswerAisincorrectbecausetimingisnotthemost
importantitemapprovalis.AnswerBisincorrectbecausechoosingteammembersisnotthemost
importantitemapprovalis.AnswerCisincorrectbecauseinternalsecuritymightormightnotbe
informed.Manytimestheyarebeingtestedtoseeiftheydetectanyunusualactivityornoticethatpen
testingisactuallyoccurring.
5.C.AneuralIDSworksbyfirstbeingplacedinalearningmodesothatitunderstandsnormalpatternsof
activity.AnswerAisincorrectbecausethisIDSdetectionmethodrequirestheadministratortouseprofiles
ofauthorizedactivitiesorplacethemintotheIDSsothatitunderstandsnormalactivity.AnswerBis
incorrectbecausesignatureIDSdetectionrequirestheadministratortoloadadatabaseofknownattacks.
AnswerDisincorrectbecauseaprotocoldecodingIDSissimilartoastatisticalIDS,yetitcankeeptrackof
thestateofasessionsothatitcanreassemblepacketsandlookathigherlayeractivity.
6.C.Datasecurityisoneoftheprimarydutiesofanauditor.Thistaskisachievedbycontrollingand
monitoringdatasecuritypolicies.AnswerAisincorrectbecauseauditorsareusuallynottheindividuals
responsibleforimplementingsecuritycontrols.AnswerBisincorrectbecauseanauditorisconcernednot
justwithnewpolicies,butalsowillallpolicies.AnswerDisincorrectbecausetheITsecuritygroupusually
handlesdaytodayactivitiesoftheIDSandthefirewall.
7.A.Notbackinguptheserversonaregularbasisisthemostseriousthreattotheintegrityandavailability
ofinformationalassets.AnswerBisincorrectbecausegoodcontrolpoliciesshoulddictatethatuserssave
criticalinformationonnetworksharedrives.AnswerCisincorrectbecausehavingabusinesscontinuity
planthatgoesintotoomuchdetailisnotaproblem.AnswerDisincorrectbecausealthoughpoor
passwordenforcementisafinding,itisnotthemostcriticalfinding.
8.B.Chainofcustodyisthecriticalitemthatmustbemaintainedduringanyforensicactivity.Chainof
custodyconcernswhocollectedtheinformationandhowitwasdocumented,processed,stored,and
handled.AnswersA,C,andDareincorrectbecauseincidentresponseshouldbeaddressedinaseparate
setofpolicies.Theorganizationmightnotuseinhouseinvestigators.Consultantsmightperformforensic
activities.ForensicinvestigationsmightuseLinuxorotheropensourcetools,buttheydonothavetobe
commercial.
9.B.Theprocessownerhastheresponsibilityofthedaytodaymanagementoftheasset.AnswersA,C,and
Dareincorrectbecausethesecurityadvisorygroupisresponsibleforreviewingsecurityissues,security
plans,andprocedures.Thechiefprivacyofficerisresponsibleformaintainingcompliancewithlocal,state,
andfederalprivacylaws.Thechiefsecurityofficerisresponsibleforthedaytodaysecurityofthe
organization.
10.D.TheworststateforanIDSisafalsenegative,whichmeansaneventoccurredyetnoalarmwas
triggered.Therefore,answersA,B,andCareincorrect.
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fch07lev1sec13 6/6