Information Security Interview Questions & Answers

Question 1. What Is C.i.a?

Answer :

The C.I.A. triangle was the standard based on confidentiality, integrity, and availability. The C.I.A. triangle has expanded into a list of critical characteristics of information.

Question 2. Write A Note On The History Of Information Security ?

Answer :

Computer security began immediately after the first mainframes were developed Groups developing code-breaking computations during World War II created the first modern computers Physical controls were needed to limit access to authorized personnel to sensitive military locations Only rudimentary controls were available to defend against physical theft, espionage, and sabotage.

Question 3. What Is Rand Report R-609?

Answer :

Information Security began with Rand Corporation Report R-609, The Rand  Report was the first widely recognized published document to identify the role of management and policy issues in computer security. 

Question 4. What Is The Scope Of Computer Security?

Answer :

The scope of computer security grew from physical security to include:

• Safety of the data Limiting unauthorized access to that data 
• Involvement of personnel from multiple levels of the organization. 

Question 5. Define Physical Security ?

Answer :

Physical Security - to protect physical items, objects or areas of organization from unauthorized access and misuse. 

Question 6. Define Personal Security ?

Answer :

Personal Security involves protection of individuals or group of  individuals who are authorized to access the organization and its operations.

Question 7. Define Operations Security ?

Answer :

Operations security focuses on the protection of the details of  particular operations or series of activities. 

Question 8. Define Communications Security ?

Answer :

Communications security - encompasses the protection of organization's communications media, technology and content.

Question 9. Define Network Security ?

Answer :

Network security - is the protection of networking components,connections,and contents.

Question 10. Define Information Security ?

Answer :

Information security - is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit the information. 

Question 11. What Are The Critical Characteristics Of Information?

Answer :

• Availability
• Accuracy
• Authenticity
• Confidentiality
• Integrity
• Utility
• Possession

Question 12. What Is Nstissc Security Model?

Answer :

This refers to "The National Security Telecommunications and Information Systems Security Committee" document. This document presents a comprehensive model for information security. The model consists of three dimensions.

Question 13. What Are The Components Of An Information System?

Answer :

An Information System (IS) is much more than computer hardware; it is  the entire set of software, hardware, data, people, and procedures necessary to use information as a resource in the organization.

Question 14. What Is Meant By Balancing Security And Access?

Answer :

• Balancing Security and Access 
• It is impossible to obtain perfect security - it is not an absolute; it is a process
• Security should be considered a balance between protection and availability
• To achieve balance, the level of security must allow reasonable acces, yet protect against threats.

Question 15. What Are The Approaches Used For Implementing Information Security?

Answer :

• Bottom Up Approach
• Top-down Approach.

Question 16. What Is Sdlc?

Answer :

• The Systems Development Life Cycle
• Information security must be managed in a manner similar to any other major system implemented in the organization
• Using a methodology
• ensures a rigorous process
• avoids missing steps.

Question 17. Explain Different Phases Of Sdlc ?

Answer :

Investigation, Analysis, Logical Design, Physical Design, Implementation,Maintenance and Change.

Question 18. What Is Security Sdlc?

Answer :

• Security Systems Development Life Cycle
• The same phases used in the traditional SDLC adapted to support the specialized implementation of a security project
• Basic process is identification of threats and controls to counter them
• The SecSDLC is a coherent program rather than a series of random, seemingly unconnected actions.

Question 19. How Information Security Is Viewed As A Social Science?

Answer :

Social science examines the behavior of individuals  interacting with systems Security begins and ends with the people that interact with the system End users may be the weakest link in the security chain Security administrators can greatly reduce the levels of risk caused by end users, and create more acceptable and supportable security profiles.

Question 20. What Are The Information Security Roles To Be Played By Various Professionals In A Typical Organization?

Answer :

• Senior Management - Chief Information Officer, Chief Information Security Officer
• Security Project Team
• The champion
• The team leader
• Security policy developers
• Risk assessment specialists
• Security professionals
• Systems administrators
•  End users.

Question 21. What Are The Three Types Of Data Ownwership And Their Responsibilities?

Answer :

Data Owner - responsible for the security and use of a particular set of information Data Custodian - responsible for the storage, maintenance, and protection of the information Data Users - the end systems users who work with the information to perform their daily jobs supporting the mission of the organization.

Question 22. What Is The Difference Between A Threat Agent And A Threat?

Answer :

A threat is a category of objects,persons,or other entities that pose a potential danger to an asset. Threats are always present. A threat agent is a specific instance or component of a threat. (For example All hackers in the world are a collective threat Kevin Mitnick,who was convicted for hacking into phone systems was a threat agent.)

Question 23. What Is The Difference Between Vulnerability And Exposure?

Answer :

The exposure of an information system is a single instance when the  system is open to damage. Weakness or faults in a system expose information or protection mechanism that expose information to attack or damage or known as vulnerabilities.

Question 24. What Is Attack?

Answer :

An attack is an intentional or unintentional attempt to cause damage or  otherwise compromise the information. If some one casually reads sensitive information not intended for his or her use ,this considered as a passive attack. If a hacker attempts to break into an information system,the attack is considered active.

Question 25. What Is Hacking?

Answer :

Hacking can be defined positively and negatively. To writes computer  programs for enjoyment to gain access to a computer illegally.

Question 26. What Is Security Blue Print?

Answer :

The security blue print is the plan for the implementation of new security measures in the organization. Some times called a framework,the blue print presents an organized approach to the security planning process.

Question 27. What Is Multics?

Answer :

MULTICS was an operating system ,now obsolete. MULTICS is noewothy  because it was the first and only OS created with security as its primary goal. It was a mainframe ,time-sharing OS developed in mid - 1960s by a consortium from GE,Bell Labs,and MIT.

Question 28. What Is Arpanet?

Answer :

Department of Defense in US,started a research program on feasibility  of a redundant,networked communication system to support the military's exchange of information.Larry Robers,known as the founder if internet ,developed the project from its inception.

Question 29. Define E-mail Spoofing ?

Answer :

Information is authentic when the contents are original as it was created,palced or stored or transmitted.The information you receive as e-mail may not be authentic when its contents are modified what is known as E-mail spoofing.

Question 30. What Are The Four Important Functions, The Information Security Performs In An Organization?

Answer :

Information security performs four important functions for an organization:

• Protects the organization's ability to function
• Enables the safe operation of applications implemented on the organization's IT systems
• Protects the data the organization collects and uses
• Safeguards the technology assets in use at the organization.

Question 31. What Are Threats?

Answer :

A threat is an object, person, or other entity that represents a constant danger to an asset Management must be informed of the various kinds of threats facing the organization By examining each threat category in turn, management effectively protects its information through policy, education and training, and technology controls.

Question 32. What Are Different Acts Of Human Error Or Failure?

Answer :

Includes acts done without malicious intent. It is Caused by:

• Inexperience
• Improper training
• Incorrect assumptions
• Other circumstances.

Question 33. How Human Error Can Be Prevented?

Answer :

Much human error or failure can be prevented with training and ongoing awareness activities,but also with controls,ranging from simple procedures like asking users to type a critical command twice,to more complex procedures ,such as the verification of the commands by a second party(Eg key recovery actions in PKI systems).

Question 34. What Is Intellectual Property?

Answer :

Intellectual property is "the ownership of ideas and control over the tangible or virtual representation of those ideas" . Many organizations are in business to create intellectual property.

• trade secrets
• copyrights
• trademarks
• patents.

Question 35. How Intellectual Property Can Be Protected?

Answer :

Enforcement of copyright has been attempted with technical security mechanisms,such as using digital watermarks and embedded code.The most common reminder of the individual's obligation to fair and responsible use is the license agreement window that usually pops up during the installation of a new software.

Question 36. What Is Deliberate Acts Of Espionage Or Trespass?

Answer :

• Broad category of activities that breach confidentiality
• Unauthorized accessing of information
• Competitive intelligence vs. espionage
• Shoulder surfing can occur any place a person is accessing confidential information
• Controls implemented to mark the boundaries of an organization's virtual territory giving notice to trespassers that they are encroaching on the organization's cyberspace
• Hackers uses skill, guile, or fraud to steal the property of someone else.

Question 37. Who Are Hackers? What Are The Two Hacker Levels?

Answer :

The classic perpetrator of deliberate acts of espionage or trespass is the hacker. Hackers are "people who use and create computer software [to] gain access to information illegally". Generally two skill levels among hackers: Expert hacker unskilled hacker(Script kiddies).

Question 38. What Is Information Extortion?

Answer :

Information extortion is an attacker or formerly trusted insider stealing information from a computer system and demanding compensation for its return or non-use.

Extortion found in credit card number theft(A Russian hacker named Maxus,who hacked the online vendor and stole several hundred thousand credit card numbers).

Question 39. What Is Deliberate Acts Of Sabotage And Vandalism?

Answer :

Individual or group who want to deliberately sabotage the operations of a computer system or business, or perform acts of vandalism to either destroy an asset or damage the image of the organization

These threats can range from petty vandalism to organized sabotage

Organizations rely on image so Web defacing can lead to dropping consumer confidence and sales

Rising threat of hacktivist or cyber-activist operations - the most extreme version is cyber-terrorism.

Question 40. What Is Cyber Terrorism?

Answer :

Cyberterrorism is amost sinister form of hacking involving cyberterrorists hacking systems to conduct terrorist activities through network or internet pathways.

An example was defacement of NATO web pages during the war in Kosovo.

Question 41. What Are The Deliberate Acts Of Theft?

Answer :

Illegal taking of another's property - physical, electronic, or intellectual

The value of information suffers when it is copied and taken away without the owner's knowledge

Physical theft can be controlled - a wide variety of measures used from locked doors to guards or alarm systems

Electronic theft is a more complex problem to manage and control - organizations may not even know it has occurred.

Question 42. What Are Deliberate Software Attacks?

Answer :

When an individual or group designs software to attack systems, they create malicious code/software called malware

Designed to damage, destroy, or deny service to the target systems

Includes:

macro virus

boot virus

worms

Trojan horses

logic bombs

back door or trap door

denial-of-service attacks

polymorphic

hoaxes.

Question 43. What Are The Forces Of Nature Affecting Information Security?

Answer :

Forces of nature, force majeure, or acts of God are dangerous because they are unexpected and can occur with very little warning

Can disrupt not only the lives of individuals, but also the storage, transmission, and use of information

Include fire, flood, earthquake, and lightning as well as volcanic eruption and insect infestation

Since it is not possible to avoid many of these threats, management must implement controls to limit damage and also prepare contingency plans for continued operations.

Question 44. What Are Technical Hardware Failures Or Errors?

Answer :

Technical hardware failures or errors occur when a manufacturer distributes to users equipment containing flaws

These defects can cause the system to perform outside of expected parameters, resulting in unreliable service or lack of availability

Some errors are terminal, in that they result in the unrecoverable loss of the equipment

Some errors are intermittent, in that they only periodically manifest themselves, resulting in faults that are not easily repeated.

Question 45. What Are Technical Software Failures Or Errors?

Answer :

1. This category of threats comes from purchasing software with unrevealed faults
2. Large quantities of computer code are written, debugged, published, and sold only to determine that not all bugs were resolved
3. Sometimes, unique combinations of certain software and hardware reveal new bugs
4. Sometimes, these items aren't errors, but are purposeful shortcuts left by programmers for honest or dishonest reasons.

Question 46. What Is Technological Obsolescence?

Answer :

When the infrastructure becomes antiquated or outdated, it leads to unreliable and untrustworthy systems

Management must recognize that when technology becomes outdated, there is a risk of loss of data integrity to threats and attacks

Ideally, proper planning by management should prevent the risks from technology obsolesce, but when obsolescence is identified, management must take action.

Question 47. What Is An Attack?

Answer :

An attack is the deliberate act that exploits vulnerability

It is accomplished by a threat-agent to damage or steal an organization's information or physical asset

An exploit is a technique to compromise a system

A vulnerability is an identified weakness of a controlled system whose controls are not present or are no longer effective

An attack is then the use of an exploit to achieve the compromise of a controlled system.

Question 48. What Is A Malicious Code?

Answer :

This kind of attack includes the execution of viruses, worms, Trojan horses, and active web scripts with the intent to destroy or steal information. The state of the art in attacking systems in 2002 is the multi-vector worm using up to six attack vectors to exploit a variety of vulnerabilities in commonly found information system devices.

Question 49. Define Virus ?

Answer :

Virus - Each infected machine infects certain common executable or script files on all computers to which it can write with virus code that can cause infection.

Question 50. Define Hoaxes ?

Answer :

Hoaxes - A more devious approach to attacking computer systems is the transmission of a virus hoax, with a real virus attached.

Question 51. What Is Distributed Denial-of-service (ddos)?

Answer :

DDoS is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.

Question 52. What Is Back Door?

Answer :

Back Doors - Using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource.

Question 53. Define Dictionary Attack ?

Answer :

The dictionary password attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords (the dictionary) to guide guesses.

Question 54. What Are The Various Forms Of Attacks ?

Answer :

• IP Scan and Atack
• Web Browsing
• Virus
• Unprotected Shares
• Mass Mail
• SNMP
• Hoaxes
• Back Doors
• Password Crack
• Brute Force
• Dictionary
• Denial of Service
• Distributed DoS.

Question 55. What Is Denial-of-service (dos) ?

Answer :

attacker sends a large number of connection or information requests to a target

so many requests are made that the target system cannot handle them successfully along with other, legitimate requests for service

may result in a system crash, or merely an inability to perform ordinary functions.

Question 56. Define Spoofing ?

Answer :

It is a technique used to gain unauthorized access whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.

Question 57. Define Man-in-the-middle ?

Answer :

Man-in-the-middle is an attacker sniffs packets from the network, modifies them, and inserts them back into the network.

Question 58. What The Roles To Be Played By The Communities Of Interest To Manage The Risks An Organization Encounters?

Answer :

It is the responsibility of each community of interest to manage risks; each community has a role to play:

• Information Security
• Management and Users
• Information Technology.

Question 59. What Is The Process Of Risk Identification?

Answer :

A risk management strategy calls on us to "know ourselves" by identifying, classifying, and prioritizing the organization's information assets These assets are the targets of various threats and threat agents and our goal is to protect them from these threats.

Question 60. What Are Asset Identification And Valuation ?

Answer :

This iterative process begins with the identification of assets, including all of the elements of an organization's system: people, procedures, data and information, software, hardware, and networking elements.

Question 61. What Is Asset Information For People?

Answer :

Position name/number/ID

Supervisor

Security clearance level

Special skills.

Question 62. What Are Hardware, Software, And Network Asset Identification?

Answer :

When deciding which information assets to track, consider including these asset attributes:

• Name
• IP address
• MAC address
• Element type
• Serial number
• Manufacturer name
• Manufacturer's model number or part number
• Software version, update revision, or FCO number
• Physical location
• Logical location
• Controlling entity.

Question 63. What Are Asset Information For Procedures?

Answer :

Description

Intended purpose

What elements is it tied to

Where is it stored for reference

Where is it stored for update purposes.

Question 64. What Are The Asset Information For Data?

Answer :

Classification

Owner/creator/manager

Size of data structure

Data structure used - sequential, relational

Online or offline

Where located

Backup procedures employed.

Question 65. How Information Assets Are Classified?

Answer :

Examples of these kinds of classifications are:

confidential data

internal data

public data

Informal organizations may have to organize themselves to create a useable data classification model

The other side of the data classification scheme is the personnel security clearance structure.

Question 66. Define Data Classification And Management?

Answer :

A variety of classification schemes are used by corporate and military organizations

Information owners are responsible for classifying the information assets for which they are responsible

Information owners must review information classifications periodically

The military uses a five-level classification scheme but most organizations do not need the detailed level of classification used by the military or federal agencies.

Question 67. What Are Security Clearances?

Answer :

The other side of the data classification scheme is the personnel security clearance structure

Each user of data in the organization is assigned a single level of authorization indicating the level of classification

Before an individual is allowed access to a specific set of data, he or she must meet the need-to-know requirement

This extra level of protection ensures that the confidentiality of information is properly maintained.

Question 68. Explain The Process Of Threat Identification?

Answer :

Threat Identification

Each of the threats identified so far has the potential to attack any of the assets protected

This will quickly become more complex and overwhelm the ability to plan

To make this part of the process manageable, each step in the threat identification and vulnerability identification process is managed separately, and then coordinated at the end of the process.

Question 69. What Is Vulnerability Identification?

Answer :

We now face the challenge of reviewing each information asset for each threat it faces and creating a list of the vulnerabilities that remain viable risks to the organization.

Vulnerabilities are specific avenues that threat agents can exploit to attack an information asset.

Examine how each of the threats that are possible or likely could be perpetrated and list the organization's assets and their vulnerabilities.

The process works best when groups of people with diverse backgrounds within the organization work iteratively in a series of brainstorming sessions.

Question 70. What Is Risk Assessment?

Answer :

We can determine the relative risk for each of the vulnerabilities through a process called risk assessment

Risk assessment assigns a risk rating or score to each specific information asset, useful in gauging the relative risk introduced by each vulnerable information asset and making comparative ratings later in the risk control process.

Question 71. Mention The Risk Identification Estimate Factors ?

Answer :

Likelihood

Value of Information Assets

Percent of Risk Mitigated

Uncertainty.

Question 72. Give An Example Of Risk Determination ?

Answer :

For the purpose of relative risk assessment:

risk = likelihood of vulnerability occurrence times value (or impact) -

percentage risk already controlled + an element of uncertainty

Information Asset A has an value score of 50 and has one vulnerability:

Vulnerability 1 has a likelihood of 1.0 with no current controls and you estimate that assumptions and data are 90 % accurate

Asset A: vulnerability rated as 55 = (50 * 1.0) - 0% + 10%.

Question 73. What Is A Policy?

Answer :

A policy is a plan or course of action, as of a government, political party, or business, intended to influence and determine decisions, actions, and other matters.

Question 74. What Are The Three Types Of Security Policies?

Answer :

Management defines three types of security policy:

1. General or security program policy
2. Issue-specific security policies
3. Systems-specific security policies.

Question 75. What Is Security Program Policy?

Answer :

A security program policy (SPP) is also known as:

1. A general security policy
2. IT security policy
3. Information security policy.

Question 76. Define Issue-specific Security Policy (issp) ?

Answer :

The ISSP:

addresses specific areas of technology

requires frequent updates

contains an issue statement on the organization's position on an issue.

Question 77. What Are Acl Policies?

Answer :

ACLs allow configuration to restrict access from anyone and anywhere

ACLs regulate:

1. Who can use the system
2. What authorized users can access
3. When authorized users can access the system
4. Where authorized users can access the system from
5. How authorized users can access the system.

Question 78. What Is Information Security Blueprint?

Answer :

The Security Blue Print is the basis for Design,Selection and Implementation of Security Policies,education and training programs,and technology controls.

Question 79. Define Iso 17799/bs 7799 Standards And Their Drawbacks ?

Answer :

One of the most widely referenced and often discussed security models is the Information Technology - Code of Practice for Information Security Management, which was originally published as British Standard BS 7799

This Code of Practice was adopted as an international standard by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as ISO/IEC 17799 in 2000 as a framework for information security.

Question 80. Mention The Drawbacks Of Iso 17799/bs 7799 ?

Answer :

Several countries have not adopted 17799 claiming there are fundamental problems:

The global information security community has not defined any justification for a code of practice as identified in the ISO/IEC 17799

17799 lacks "the necessary measurement precision of a technical standard"

There is no reason to believe that 17799 is more useful than any other approach currently available

17799 is not as complete as other frameworks available

17799 is perceived to have been hurriedly prepared given the tremendous impact its adoption could have on industry information security controls.

Question 81. What Are The Objectives Of Iso 17799?

Answer :

Organizational Security Policy is needed to provide management direction and support

Objectives:

Operational Security Policy

Organizational Security Infrastructure

Asset Classification and Control

Personnel Security

Physical and Environmental Security

Communications and Operations Management

System Access Control

System Development and Maintenance

Business Continuity Planning

Compliance.

Question 82. What Is The Alternate Security Models Available Other Than Iso 17799/bs 7799?

Answer :

Another approach available is described in the many documents available from the Computer Security Resource Center of the National Institute for Standards and Technology (csrc.nist.gov) - Including:

NIST SP 800-12 - The Computer Security Handbook

NIST SP 800-14 - Generally Accepted Principles and Practices for Securing IT Systems

NIST SP 800-18 - The Guide for Developing Security Plans for IT Systems. 

Question 83. Lis The Management Controls Of Nist Sp 800-26?

Answer :

Risk Management

Review of Security Controls

Life Cycle Maintenance

Authorization of Processing Certification and Accreditation

System Security Plan.

Question 84. Mention The Operational Controls Of Nist Sp 800-26 ?

Answer :

1. Personnel Security
2. Physical Security
3. Production, Input/Output Controls
4. Contingency Planning
5. Hardware and Systems Software
6. Data Integrity
7. Documentation
8. Security Awareness, Training, and Education
9. Incident Response Capability.

Question 85. What Are The Technical Controls Of Nist 800-26?

Answer :

Identification and Authentication

Logical Access Controls

Audit Trails.

Question 86. What Is Sphere Of Protection?

Answer :

The "sphere of protection" overlays each of the levels of the "sphere of use" with a layer of security, protecting that layer from direct or indirect use through the next layer.

The people must become a layer of security, a human firewall that protects the information from unauthorized access and use Information security is therefore designed and implemented in three layers policies people (education, training, and awareness programs) technology.

Question 87. What Is Defense In Depth?

Answer :

One of the foundations of security architectures is the requirement to implement security in layers

Defense in depth requires that the organization establish sufficient security controls and safeguards, so that an intruder faces multiple layers of controls.

Question 88. What Is Security Perimeter?

Answer :

The point at which an organization's security protection ends, and the outside world begins is referred to as the security perimeter.

Question 89. What Are The Key Technological Components Used For Security Implementation?

Answer :

A firewall is a device that selectively discriminates against information flowing into or out of the organization

The DMZ (demilitarized zone) is a no-man's land, between the inside and outside networks, where some organizations place Web servers

In an effort to detect unauthorized activity within the inner network, or on individual machines, an organization may wish to implement Intrusion Detection Systems or IDS.

Question 90. What Is Systems-specific Policy (syssp)?

Answer :

SysSPs are frequently codified as standards and procedures used when configuring or maintaining systems..

Systems-specific policies fall into two groups:

Access control lists (ACLs) consist of the access control lists, matrices, and capability tables governing the rights and privileges of a particular user to a particular system.

Question 91. What Is The Importance Of Blueprint?

Answer :

The blueprint should specify the tasks to be accomplished and the order in which they are to be realized. It should serve as a scaleable,upgradable,and comprehensive paln for the information security needs for coming years.

Question 92. What Are The Approaches Of Issp?

Answer :

Three approaches:

1. Create a number of independent ISSP documents
2. Create a single comprehensive ISSP document
3. Create a modular ISSP document.

Question 93. What Are Firewalls?

Answer :

A firewall is any device that prevents a specific type of information from moving between the untrusted network outside and the trusted network inside The firewall may be:

• a separate computer system
• a service running on an existing router or server
• a separate network containing a number of supporting devices.

Question 94. Explain Different Generations Of Firewalls ?

Answer :

1. First Generation - packet filtering firewalls
2. Second Generation-application-level firewall or proxy server
3. Third Generation- Stateful inspection firewalls
4. Fourth Generation-dynamic packet filtering firewall
5. Fifth Generation- kernel proxy.

Question 95. Mention The Functions Of First Generation Firewall ?

Answer :

Examines every incoming packet header and selectively filters packets based on address, packet type, port request, and others factors.

Question 96. What Are The Restrictions Of First Generation Firewall?

Answer :

The restrictions most commonly implemented are based on:

1. IP source and destination address
2. Direction (inbound or outbound)
3. TCP or UDP source and destination port-requests.

Question 97. What Is The Advantage Of Second Generation Firewalls?

Answer :

The primary disadvantage of application-level firewalls is that they are designed for a specific protocol and cannot easily be reconfigured to protect against attacks on protocols for which they are not designed.

Question 98. Define Stateful Inspection Firewall ?

Answer :

It keeps track of each network connection established between internal and external systems using a state table which tracks the state and context of each packet in the conversation by recording which station sent what packet and when.

Question 99. What Is The Disadvantage Of Third Generation Firewalls?

Answer :

The primary disadvantage is the additional processing requirements of managing and verifying packets against the state table, which can possibly expose the system to a DoS attack. These firewalls can track connectionless packet traffic such as UDP and remote procedure calls (RPC) traffic.

Question 100. What Is The Function Of Fifth Generation Firewall?

Answer :

The final form of firewall is the kernel proxy, a specialized form that works under the Windows NT Executive, which is the kernel of Windows NT. It evaluates packets at multiple layers of the protocol stack, by checking security in the kernel as data is passed up and down the stack.

Question 101. How Firewalls Are Categorized By Processing Mode?

Answer :

The five processing modes are:

1. Packet filtering
2. Application gateways
3. Circuit gateways
4. MAC layer firewalls
5. Hybrids.

Question 102. What Is The Drawback Of Packet-filtering Router?

Answer :

The drawback of packet-filtering router includes a lack of auditing and strong authentication.

Question 103. What Are Screened-host Firewall Systems ?

Answer :

Screened-Host firewall system allows the router to pre-screen packets to minimize the network traffic and load on the internal proxy.

Question 104. What Is The Use Of An Application Proxy?

Answer :

An Application proxy examines an application layer protocol, such as HTTP, and performs the proxy services.

Question 105. What Are Dual Homed Host Firewalls?

Answer :

The bastion-host contains two NICs (network interface cards)

One NIC is connected to the external network, and one is connected to the internal network

With two NICs all traffic must physically go through the firewall to move between the internal and external networks.

Question 106. What Is The Use Of Nat?

Answer :

A technology known as network-address translation (NAT) is commonly implemented to map from real, valid, external IP addresses to ranges of internal IP addresses that are non-routable.

Question 107. What Are Screened-subnet Firewalls?

Answer :

Consists of two or more internal bastion-hosts, behind a packet-filtering router, with each host protecting the trusted network

The first general model consists of two filtering routers, with one or more dual-homed bastion-host between them

The second general model involves the connection from the outside or untrusted network.

Question 108. What Are Sock Servers?

Answer :

The SOCKS system is a proprietary circuit-level proxy server that places special SOCKS client-side agents on each workstation.

Question 109. What Are The Recommended Practices In Designing Firewalls?

Answer :

1. All traffic from the trusted network is allowed out
2. The firewall device is always inaccessible directly from the public network
3. Allow Simple Mail Transport Protocol (SMTP) data to pass through your firewall, but insure it is all routed to a well-configured SMTP gateway to filter and route messaging traffic securel,
4. All Internet Control Message Protocol (ICMP) data should be denied
5. Block telnet (terminal emulation) access to all internal servers from the public networks
6. When Web services are offered outside the firewall, deny HTTP traffic from reaching your internal networks by using some form of proxy access or DMZ architecture.

Question 110. What Are Intrusion Detection Systems(ids)?

Answer :

IDSs work like burglar alarms

IDSs require complex configurations to provide the level of detection and response desired

An IDS operates as either network-based, when the technology is focused on protecting network information assets, or host-based, when the technology is focused on protecting server or host information assets

IDSs use one of two detection methods, signature-based or statistical anomaly-based.

Question 111. What Are Different Types Of Idss?

Answer :

1. Network-based IDS
2. Host-based IDS
3. Application-based IDS
4. Signature-based IDS
5. Statistical Anomaly-Based IDS.

Question 112. Define Nids ?

Answer :

A network-based IDS(NIDS) resides on a computer or an appliance connected to a segment of an organization's network and monitors traffic on that network segment,looking for indications of ongoing or successful attacks.

Question 113. What Is Hids?

Answer :

A Host-based IDS(HIDS) works differently from a network-based version of IDS. A host-based IDS resides on a particular computer or server,known as the host and monitors activity only on that system. HIDs are also known as System Integrity Verifiers as they benchmark and monitorthe status of key system files and detect when an intruder creates ,modifies or deletes monitored files.

Question 114. What Is The Use Of Hids?

Answer :

A HIDs is also capable of monitoring system configuration databases,such as windows registries,in addition to stored configuration files like .ini,.cfg,and .dat files.

Question 115. What Is Application-based Ids?

Answer :

A refinement of Host-based IDs is the application-based IDS(AppIDS). The application based IDs examines an application for abnormal incidents. It looks for anomalous occurrences such as users exceeding their authorization,invalid file executions etc.

Question 116. What Is Signature-based Ids?

Answer :

A signature-based IDS(also called Knowledge-based IDs) examines data traffic in search of patterns that match known signatures - that is,preconfigured ,predetermined attack patterns.

Question 117. What Is Lfm?

Answer :

Log File Monitor(LFM) is an approach to IDS that is similar to NIDS. Using LFm the system reviews the log files generated by servers,network devices,and wven other IDSs. These systems look for patterns and signatures in the log files that may indicate an attack or intrusion is in process or has already succeeded.

Question 118. What Are Honey Pots?

Answer :

Honey pots are decoy systems designed to lure potential attackers away from critical systems and encourage attacks against the themselves. These systems are created for the sole purpose of deceiving potential attackers. In Industry they are known as decoys,lures,and fly-traps.

Question 119. What Are Honey Nets?

Answer :

When a collection of honey pots connects several honey pot systems on a subnet,it may be called a honey net.

Question 120. What Are Padded Cell Systems?

Answer :

A Padded Cell is a honey pot that has been protected so that it cannot be easily compromised. In otherwords,a padded cell is a hardened honey spot..

Question 121. What Are The Advantages And Disadvantages Of Using Honey Pot Or Padded Cell Approach?

Answer :

Advantages:

1. Attackers can be diverted to targets that they cannot damage.
2. Administrators have time to decide how to respond to an attacker.
3. Attackers action can be easily and extensively monitored
4. Honey pots may be effective at catching insiders who are snooping around a network.

Disadvantages:

1. The legal implication of using such devices are not well defined.
2. Honey pots and Padded cells have not yet been shown to be generally useful security technologies.
3. An exper attacker,once diverted into a decoy system,may become angry and launch a hostile attack againt an organization's systems
4. Admins and security managers will need a high level of expertise to use these systems.

Question 122. What Are Foot Printing And Finger Printing?

Answer :

One of the preparatory part of the attack protocol is the collection of publicly available information about a potential target,a process known as footprinting. Footprinting is the organized research of the Internet addresses owned or controlled by the target organization.

The next phase of the attack protocol is a second intelligence or data-gathering process called fingerprinting. This is systematic survey of all of the target organization's Internet addresses(which are collected during the footprinting phase); the survey is conducted to ascertain the network services offered by the hostsin that range. Fingerprinting reveals useful information about the internal structure and operational nature of the target system or network for the anticipated attack.

Question 123. What Are Vulnerability Scanners?

Answer :

Vulnerability scanners are capable of scanning networks for very detailed information.

As a class, they identify exposed usernames and groups, show open network shares, expose configuration problems, and other vulnerabilities in servers.

Question 124. Define Packet Sniffers ?

Answer :

A network tool that collects copies of packets from the network and analyzes them Can be used to eavesdrop on the network traffic

To use a packet sniffer legally, you must be:

on a network that the organization owns under direct authorization of the owners of the network have knowledge and consent of the content creators (users).

Question 125. What Is Cryptography?.

Answer :

Cryptography, which comes from the Greek work kryptos,meaning "hidden",and graphein,meaning "to write",is aprocess of making and using codes to secure the transmission of information.

Question 126. What Is Cryptoanalysis?

Answer :

Cryptoanalysis is the process of obtaining the original message(called plaintext) from an encrypted message(called the ciphertext) without knowing the algorithms and keys used to perform the encryption.

Question 127. Define Encryption ?

Answer :

Encryption is the process of converting an original message into a form that is unreadable to unauthorized individuals-that is,to anyone without the tools to convert the encrypted message back to its original format.

Question 128. Define Decryption ?

Answer :

Decryption is the process of converting the cipher text into a message that conveys readily understood meaning.

Question 129. What Is Public Key Infrastructure (pki)?

Answer :

PKI or Public Key Infrastructure

Public Key Infrastructure is the entire set of hardware, software, and cryptosystems necessary to implement public key encryption

PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities (CAs) and can:

1. Issue digital certificates
2. Issue crypto keys
3. Provide tools to use crypto to secure information
4. Provide verification and return of certificates.

Question 130. What Are The Pki Benefits ?

Answer :

PKI protects information assets in several ways:

1. Authentication
2. Integrity
3. Privacy
4. Authorization
5. Nonrepudiation.

Question 131. How E-mail Systems Are Secured?

Answer :

Encryption cryptosystems have been adapted to inject some degree of security into e-mail:

S/MIME builds on the Multipurpose Internet Mail Extensions (MIME) encoding format by adding encryption and authentication

Privacy Enhanced Mail (PEM) was proposed by the Internet Engineering Task Force (IETF) as a standard to function with the public key cryptosystems

PEM uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures

Pretty Good Privacy (PGP) was developed by Phil Zimmerman and uses the IDEA Cipher along with RSA for key exchange.

Question 132. What Are The Seven Major Sources Of Physical Loss?

Answer :

1. Temperature extremes
2. Gases
3. Liquids
4. Living organisms
5. Projectiles
6. Movement
7. Energy anomalies.

Question 133. What Is A Secure Facility?

Answer :

A secure facility is a physical location that has been engineered with controls designed to minimize the risk of attacks from physical threats.

A secure facility can use the natural terrain; traffic flow, urban development, and can complement these features with protection mechanisms such as fences, gates, walls, guards, and alarms.

Question 134. What Are The Controls Used In A Secure Facility?

Answer :

Walls, Fencing, and Gates

Guards

Dogs, ID Cards, and Badges

Locks and Keys

Mantraps

Electronic Monitoring

Alarms and Alarm Systems

Computer Rooms

Walls and Doors.

Question 135. What Are The Functions Of Chief Information Security Officer?

Answer :

The CISO performs the following functions:

1. Manages the overall InfoSec program
2. Drafts or approves information security policies
3. Works with the CIO on strategic plans, develops tactical plans, and works with security managers on operational plans
4. Develops InfoSec budgets based on funding
5. Sets priorities for InfoSec projects & technology
6. Makes decisions in recruiting, hiring, and firing of security staff
7. Acts as the spokesperson for the security team.