MECHANICS

The game follows the rules of a normal quiz bee. Points per Round
Round 1 1 point per question Round 2 2 points per question Round 3 3 points per question

 THE PUNISHER: Incorrect answers will tantamount to a deduction equivalent to the corresponding point(s) of the question. THE SHIELD: Groups can choose not to answer the question. Deductions or additions will not be made to their score. DOUBLE UP: Double the point(s) added if the group is the only one who gets the correct answer. DOUBLE DOWN: Double the point(s) subtracted if the group is the only one who gives an incorrect answer.

Enumerate the types of controls that can be used to mitigate the risk of systems intrusions.

Enumerate the types of controls that can be used to mitigate the risk of systems intrusions.
Preventive Controls Detective Controls Corrective Controls

Modified True or False. The idea of defense-in-depth is to employ a layer of controls in order to avoid having multiple points of failure.

Modified True or False. The idea of defense-indepth is to employ a layer of controls in order to avoid having multiple points of failure. False. The idea of defense-in-depth is to employ multiple layers of controls in order to avoid having a single point of failure.

_____ is a separate network that permits controlled access from the Internet to selected resources, such as the organizations e-commerce Web server.
a. b. c. d. e. Data Management Zone Data Manipulation Zone Data Manoeuvring Zone Data Militarized Zone None of the above

_____ is a separate network that permits controlled access from the Internet to selected resources, such as the organizations e-commerce Web server.
a. b. c. d. e. Data Management Zone Data Manipulation Zone Data Manoeuvring Zone Data Militarized Zone None of the above (Demilitarized zone)

What are the types of credentials that can be used to verify a persons identity?

What are the types of credentials that can be used to verify a persons identity?
Something they know Something they have Some physical characteristic

Which of the following is a detective control?

a. Endpoint hardening b. Physical access controls c. Penetration testing d. Patch management

Which of the following is a detective control?

a. Endpoint hardening b. Physical access controls c. Penetration testing d. Patch management

What is the most commonly used authentication method?

What is the most commonly used authentication method? Password

It is a set of rules that determines which packets are allowed entry and which are dropped.

It is a set of rules that determines which packets are allowed entry and which are dropped. Access Control List (ACL)

Which of the following is a COBIT IT resource?

a. b. c. d. Data Office Supplies Customer Software

Which of the following is a COBIT IT resource?

a. b. c. d. Data Office Supplies Customer Software

_______ is a fundamental control procedure for protecting confidentiality of sensitive information when they are stored and transmitted to trusted parties.

Encryption is a fundamental control procedure for protecting confidentiality of sensitive information when they are stored and transmitted to trusted parties.

What are the dimensions of the COBIT Framework?

What are the dimensions of the COBIT Framework?

Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate

Which of the following statements is/are true?

a. The time-based model of security can be expressed in the following formula: P < D + C. b. Information security is primarily an IT issue, not a managerial concern. c. Conciseness is one of the strengths of COBIT. d. Information security is necessary for protecting confidentiality, privacy, integrity of processing, and availability of information resources. e. All of the above f. None of the above

Which of the following statements is/are true?

a. The time-based model of security can be expressed in the following formula: P < D + C. b. Information security is primarily an IT issue, not a managerial concern. c. Conciseness is one of the strengths of COBIT. d. Information security is necessary for protecting confidentiality, privacy, integrity of processing, and availability of information resources. e. All of the above f. None of the above

What are fundamental information security concepts?

What are the fundamental information security concepts?

Security is a management issue, not a technology issue Time-based model of security Defense-in-depth

Which of the following statements is/are false?

a. Authorization is the process of verifying the identity of the person or device attempting to access the system. b. A man-trap is a type of physical access control. c. Deep packet inspection is the heart of a new type of security technology called intrusion prevention systems. d. Firewalls block all traffic. e. All of the above f. None of the above

Which of the following statements is/are false?

a. Authorization is the process of verifying the identity of the person or device attempting to access the system. b. A man-trap is a type of physical access control. c. Deep packet inspection is the heart of a new type of security technology called intrusion prevention systems. d. Firewalls block all traffic. e. All of the above f. None of the above

_____ is used to identify rogue modems (or by hackers to identify targets).

War dialing is used to identify rogue modems (or by hackers to identify targets).

Which of the following is the most effective way to protect the perimeter?
a. deep packet inspection b. static packet filtering c. stateful packet filtering d. All are equally effective

Which of the following is the most effective way to protect the perimeter?
a. deep packet inspection b. static packet filtering c. stateful packet filtering d. All are equally effective

It consists of a set of sensors and a central monitoring unit that create logs of network traffic that was permitted to pass the firewall and then analyze those logs for signs of attempted or successful intrusions.

It consists of a set of sensors and a central monitoring unit that create logs of network traffic that was permitted to pass the firewall and then analyze those logs for signs of attempted or successful intrusions. Intrusion Detection Systems (IDS)

Statement 1: IPS is not prone to false alarms. Statement 2: The use of a VPN software makes it much easier to add or remove sites from the network.
a. Only statement 1 is true b. Only statement 2 is true c. Both are true d. Both are false

Statement 1: IPS is not prone to false alarms. Statement 2: The use of a VPN software makes it much easier to add or remove sites from the network.
a. Only statement 1 is true b. Only statement 2 is true c. Both are true d. Both are false

A compatibility test matches the users authentication credentials against the ____________ to determine whether the employee should be allowed to access certain information resources and perform the requested action

A compatibility test matches the users authentication credentials against the access control matrix to determine whether the employee should be allowed to access certain information resources and perform the requested action

All or Nothing. Enumerate the key criteria that information provided to management should satisfy.

 Integrity Confidentiality Efficiency Reliability Availability Compliance Effectiveness

Enumerate the key criteria that information provided to management should satisfy.

What are the three techniques used by intrusion prevention systems to identify undesirable traffic patterns?

 Compare traffic patterns to a database of signatures of known attacks Develop a profile of normal traffic and use statistical analysis to identify packets that do not fit that profile Use rule bases that specify acceptable standards for specific types of traffic and that drop all packets that do not conform to those standards

What are the three techniques used by intrusion prevention systems to identify undesirable traffic patterns?