The feature that could allow a CD to load malicious code is called what? 

A. A false negative

B. A CD-Key

C. A MBR, or Master Boot Record

D. Autorun

D. 

Autorun allows CDs to execute code automatically.

Why is water not used for fire suppression in data centers?

A. It would cause a flood.

B. Water cannot put out an electrical fire.

C. Water would ruin all the electronic equipment.

D. Building code prevents it.

C. 

Electronic components would be ruined by a water-based fire-suppression

system.

Which one is not a unique biometric? 

A. Fingerprint

B. Eye retina

C. Hand geometry

D. Shoulder-to-waist geometry

D. 

Shoulder-to-waist geometry is not unique. All the other examples are biometrics that are unique.

Why is physical security so important to good network security?

A. Because encryption is not involved

B. Because physical access defeats nearly all network security measures 

C. Because an attacker can steal biometric identities

D. Authentication

B. 

Physical access to a computer system will almost always defeat any security measures put in place on the system.

How does multiple-factor authentication improve security?

A. By using biometrics, no other person can authenticate.

B. It restricts users to smaller spaces.

C. By using a combination of authentications, it is more difficult for someone to gain illegitimate access.

D. It denies access to an intruder multiple times.

C. 

Multiple-factor authentication gives an attacker several systems to overcome, making the unauthorized access of systems much more difficult.

Why is access to an Ethernet jack a risk?

A. A special plug can be used to short out the entire network. 

B. An attacker can use it to make a door entry card for himself. 

C. Wireless traffic can find its way onto the local area network.

D. It allows access to the internal network.

D. 

An exposed Ethernet jack available in a public place can allow access to the internal network, typically bypassing most of the network’s security systems.

When a biometric device has a false positive, it has done what?

A. Generated a positive charge to the system for which compensation is required

B. Allowed access to a person who is not authorized

C. Denied access to a person who is authorized

D. Failed, forcing the door it controls to be propped open

B. 

A false positive means the system granted access to an unauthorized person based on a biometric being close to an authorized person’s biometric.

Why does an IP-based CCTV system need to be implemented carefully?

A. Camera resolutions are lower.

B. They don’t record images; they just send them to web pages. 

C. The network cables are more easily cut.

D. They could be remotely attacked via the network.

D. 

Any device attached to the IP network can be attacked using a traditional IP-based attack.

Which of the following is a very simple physical attack? 

A. Using a custom RFID transmitter to open a door

B. Accessing an Ethernet jack to attack the network 

C. Outright theft of the computers

D. Installing a virus on the CCTV system

C. 

The theft of a computer is a very simple attack that can be carried out surprisingly effectively. This allows an attacker to compromise the stolen machine and its data at his leisure.

A perfect bit-by-bit copy of a drive is called what?

A. Drive picture 

B. Drive image 

C. Drive copy

D. Drive partition

B. 

A drive image is a perfect copy of a drive that can then be analyzed on another computer.

What about physical security makes it more acceptable to other employees?

A. It is more secure.

B. Computers are not important.

C. It protects the employees themselves.

D. It uses encryption.

C. 

Physical security protects the people, giving them a vested interest in its support.

On whom should a company perform background checks?

A. System administrators only

B. Contract personnel only

C. Background checks are not needed outside of the military

D. All individuals who have unescorted physical access to the facility

D. 

All unescorted people entering the facility should be background checked.

What is a common threat to token-based access controls?

A. The key

B. Demagnetization of the strip 

C. A system crash

D. Loss or theft of the token

D. 

The loss or theft of the token is the most common and most serious threat to the system; anyone with a token can access the system.

Why should security guards get cross-training in network security?

A. They are the eyes and ears of the corporation when it comes to security. 

B. They are the only people in the building at night.

C. They are more qualified to know what a security threat is.

D. They have the authority to detain violators.

A. 

Security guards are the corporation’s eyes and ears and have a direct responsibility for security information.

Why can a USB flash drive be a threat?

A. They use too much power.

B. They can bring malicious code past other security mechanisms. 

C. They can be stolen.

D. They can be encrypted.

B. 

USB drives have large storage capacities and can carry some types of malicious code past traditional virus filters.

Walls (Great Wall of China, Berlin)

Doors and Windows (should be locked)

Drop-Ceilings (in server rooms)

Guards

1) Those that affect computers themselves.

2) Those that affect the users.

A key cut with all notches to the maximum depth, also known as "all nines." This key uses a technique that has been around for a long time.

The key is inserted into the lock and then sharply struck, bouncing the lock pinds up and above the hear line and allowing the lock to open.

Putting in place multiple physical security measures in a building. 

- Access Tokens

- Contactless Access Cards (A card and a seperate pin required to open the door)

- Mantrap (2 doors that require a user to sequentially go through to gain access)

- CCTV cameras for surveillance.

1) HVAC (Heating, Ventilating and Air Conditioning) systems are critical for keeping data centers cool.

2) Environmental Monitoring - The electronic tracking of temperature and humidity in data certers (call-out protection monitors the thermostats and sends out call/alarm if temp gets too high/low).

3) Fire detectors... explained in a later card..

1) Common Combustibles (wood, paper) Fire Suppression:

• Water
• Soda Acid

2) Liquid Fire Suppression:

• CO2
• Soda Acid

3) Electrical Fire Suppressions:

• FM200
• C02 - If humans are around, it's bad. If there are only machines in a room though, it's OK and starves the fire of oxygen. 

4) Metal Fire Suppression: 

• Dry Powders

1) Are we going to accept the risk?

2) Are we going to avoid the risk?

3) Are we going to transfer the risk?

The process by which a user proves that he/she is who he/she says she is:

- Biometrics ("something you are")

- Token ("something you have")

- Username/Password ("something you know")

The combination of two or more types of authentication that are not of the same type:

1) Tokens

2) Retina or Iris scans

3) Password

This is considered very strong authentication.

1) Fingerprints

2) Retina scan (scans blood vessels in eye, more secure than iris scan)

3) Iris scan (scans the unique pattern in one's iris)

4) Rhythm scan (used to identify a person based on a set rhythm-- such as voice tone and speed)

What is a "False Acceptance Rate"?

What is a "False Rejection"

Why is the professor wrong on his termonology? :-P

"A False Acceptance Rate is a breach in authentication where a bad person is let in, and the good person is not. A False Rejection allows the good person in." ~ Professor's direct words....  He's not right :-P

Book:

1) False Positive -- occurs when a biometric is scanned and allows access to someone who is not authorized. 

2) False negative -- occurs when the system denies access to someone who is actually authorized.