The game follows the rules of a normal quiz bee. Points per Round
Round 1 1 point per question Round 2 2 points per question Round 3 3 points per question
THE PUNISHER: Incorrect answers will tantamount to a deduction equivalent to the corresponding point(s) of the question. THE SHIELD: Groups can choose not to answer the question. Deductions or additions will not be made to their score. DOUBLE UP: Double the point(s) added if the group is the only one who gets the correct answer. DOUBLE DOWN: Double the point(s) subtracted if the group is the only one who gives an incorrect answer.
Enumerate the types of controls that can be used to mitigate the risk of systems intrusions.
Enumerate the types of controls that can be used to mitigate the risk of systems intrusions.
Preventive Controls Detective Controls Corrective Controls
Modified True or False. The idea of defense-in-depth is to employ a layer of controls in order to avoid having multiple points of failure.
Modified True or False. The idea of defense-indepth is to employ a layer of controls in order to avoid having multiple points of failure. False. The idea of defense-in-depth is to employ multiple layers of controls in order to avoid having a single point of failure.
_____ is a separate network that permits controlled access from the Internet to selected resources, such as the organizations e-commerce Web server.
a. b. c. d. e. Data Management Zone Data Manipulation Zone Data Manoeuvring Zone Data Militarized Zone None of the above
_____ is a separate network that permits controlled access from the Internet to selected resources, such as the organizations e-commerce Web server.
a. b. c. d. e. Data Management Zone Data Manipulation Zone Data Manoeuvring Zone Data Militarized Zone None of the above (Demilitarized zone)
What are the types of credentials that can be used to verify a persons identity?
What are the types of credentials that can be used to verify a persons identity?
Something they know Something they have Some physical characteristic
It is a set of rules that determines which packets are allowed entry and which are dropped.
It is a set of rules that determines which packets are allowed entry and which are dropped. Access Control List (ACL)
_______ is a fundamental control procedure for protecting confidentiality of sensitive information when they are stored and transmitted to trusted parties.
Encryption is a fundamental control procedure for protecting confidentiality of sensitive information when they are stored and transmitted to trusted parties.
War dialing is used to identify rogue modems (or by hackers to identify targets).
Which of the following is the most effective way to protect the perimeter?
a. deep packet inspection b. static packet filtering c. stateful packet filtering d. All are equally effective
Which of the following is the most effective way to protect the perimeter?
a. deep packet inspection b. static packet filtering c. stateful packet filtering d. All are equally effective
It consists of a set of sensors and a central monitoring unit that create logs of network traffic that was permitted to pass the firewall and then analyze those logs for signs of attempted or successful intrusions.
It consists of a set of sensors and a central monitoring unit that create logs of network traffic that was permitted to pass the firewall and then analyze those logs for signs of attempted or successful intrusions. Intrusion Detection Systems (IDS)
Statement 1: IPS is not prone to false alarms. Statement 2: The use of a VPN software makes it much easier to add or remove sites from the network.
a. Only statement 1 is true b. Only statement 2 is true c. Both are true d. Both are false
Statement 1: IPS is not prone to false alarms. Statement 2: The use of a VPN software makes it much easier to add or remove sites from the network.
a. Only statement 1 is true b. Only statement 2 is true c. Both are true d. Both are false
A compatibility test matches the users authentication credentials against the ____________ to determine whether the employee should be allowed to access certain information resources and perform the requested action
A compatibility test matches the users authentication credentials against the access control matrix to determine whether the employee should be allowed to access certain information resources and perform the requested action
All or Nothing. Enumerate the key criteria that information provided to management should satisfy.
Enumerate the key criteria that information provided to management should satisfy.
What are the three techniques used by intrusion prevention systems to identify undesirable traffic patterns?
Compare traffic patterns to a database of signatures of known attacks Develop a profile of normal traffic and use statistical analysis to identify packets that do not fit that profile Use rule bases that specify acceptable standards for specific types of traffic and that drop all packets that do not conform to those standards
What are the three techniques used by intrusion prevention systems to identify undesirable traffic patterns?