the hardest game ever made

7/30/2019 The Hardest Game Ever Made

1/46


2/46

MECHANICS

The game follows the rules of a normal quPoints per Round

Round 1 1 point per question

Round 2 2 points per question

Round 3 3 points per question


3/46

THE PUNISHER: Incorrect answers will tantamoa deduction equivalent to the corresponding pof the question.

THE SHIELD: Groups can choose not to answerquestion. Deductions or additions will not be mtheir score.

DOUBLE UP: Double the point(s) added if the gthe only one who gets the correct answer.

DOUBLE DOWN: Double the point(s) subtractegroup is the only one who gives an incorrect an


4/46


5/46

Enumerate the types of controls can be used to mitigate the risk

systems intrusions.


6/46

Enumerate the types of controls that caused to mitigate the risk of systemsintrusions.

Preventive Controls Detective Controls

Corrective Controls


7/46

Modified True or False.The idea of defense-in-depth is

employ a layer of controls in orde

avoid having multiple points of fa


8/46

Modified True or False. The idea of defensedepth is to employ a layer of controls in ordeavoid having multiple points of failure.

False. The idea of defense-in-depth is to emmultiple layers of controls in order to avoid ha

single point of failure.


9/46

_____ is a separate network that percontrolled access from the Internet

selected resources, such as the

organizations e-commerce Web ser

a. Data Management Zone

b. Data Manipulation Zone

c. Data Manoeuvring Zone

d. Data Militarized Zone

e. None of the above


10/46

_____ is a separate network that percontrolled access from the Internet

selected resources, such as the

organizations e-commerce Web ser

a. Data Management Zone

b. Data Manipulation Zone

c. Data Manoeuvring Zone

d. Data Militarized Zone

e. None of the above (Demilitarized zone)


11/46

What are the types of credentialscan be used to verify a person

identity?


12/46

What are the types of credentials thbe used to verify a persons ident

Something they know Something they have

Some physical characteristic


13/46

Which of the following is a detectcontrol?

a. Endpoint hardening

b. Physical access controls

c. Penetration testing

d. Patch management


14/46

Which of the following is a detectcontrol?

a. Endpoint hardening

b. Physical access controls

c. Penetration testing

d. Patch management


15/46

What is the most commonly usauthentication method?


16/46

What is the most commonly usauthentication method?

Password


17/46

It is a set of rules that determines packets are allowed entry and w

are dropped.


18/46

It is a set of rules that determines packets are allowed entry and w

are dropped.

Access Control List (ACL)


19/46

Which of the following is a COBIT ITresource?

a. Datab. Office Supplies

c. Customer

d. Software


20/46

Which of the following is a COBIT ITresource?

a. Datab. Office Supplies

c. Customer

d. Software


21/46

_______ is a fundamental control procedprotecting confidentiality of sensitivinformation when they are stored an

transmitted to trusted parties.


22/46

Encryption is a fundamental control procfor protecting confidentiality of sensit

information when they are stored antransmitted to trusted parties.


23/46


24/46

What are the dimensions of the CFramework?


25/46

What are the dimensions of the COFramework?

Plan and Organize Acquire and Implement

Deliver and Support

Monitor and Evaluate

Whi h f th f ll i t t t i


26/46

Which of the following statements itrue?

a. The time-based model of security can be exp

in the following formula: P < D + C.b. Information security is primarily an IT issue, n

managerial concern.

c. Conciseness is one of the strengths of COBIT.

d. Information security is necessary for protecticonfidentiality, privacy, integrity of processinavailability of information resources.

e. All of the above

f. None of the above

Whi h f th f ll i t t t i


27/46

Which of the following statements itrue?

a. The time-based model of security can be exp

in the following formula: P < D + C.b. Information security is primarily an IT issue, n

managerial concern.

c. Conciseness is one of the strengths of COBIT.

d. Information security is necessary for protectconfidentiality, privacy, integrity of processiavailability of information resources.

e. All of the above



28/46

What are fundamental informatsecurity concepts?


29/46

What are the fundamental informasecurity concepts?

Security is a management issue, not a technoloissue

Time-based model of security

Defense-in-depth

Which of the following statements i


30/46

Which of the following statements ifalse?

a. Authorization is the process of verifying the id

the person or device attempting to access the b. A man-trap is a type of physical access control

c. Deep packet inspection is the heart of a new tsecurity technology called intrusion prevention

systems.d. Firewalls block all traffic.

e. All of the above


Which of the following statements i


31/46

Which of the following statements ifalse?

a. Authorization is the process of verifying the id

the person or device attempting to access the b. A man-trap is a type of physical access control

c. Deep packet inspection is the heart of a new tsecurity technology called intrusion prevention

systems.d. Firewalls block all traffic.

e. All of the above



32/46

_____ is used to identify rogmodems (or by hackers to iden

targets).


33/46

War dialing is used to identify rmodems (or by hackers to iden

targets).

Whi h f th f ll i i th


34/46

Which of the following is the moeffective way to protect the perime

a. deep packet inspectionb. static packet filtering

c. stateful packet filtering

d. All are equally effective

Whi h f th f ll i i th


35/46

Which of the following is the moeffective way to protect the perime

a. deep packet inspectionb. static packet filtering

c. stateful packet filtering

d. All are equally effective


36/46

It consists of a set of sensors and a centmonitoring unit that create logs of networkthat was permitted to pass the firewall an

analyze those logs for signs of attempte

successful intrusions.


37/46

It consists of a set of sensors and a centmonitoring unit that create logs of networkthat was permitted to pass the firewall an

analyze those logs for signs of attempte

successful intrusions.Intrusion Detection Systems (IDS)

Statement 1: IPS is not prone to fals


38/46

palarms.Statement 2: The use of a VPN soft

makes it much easier to add or remsites from the network.

a. Only statement 1 is true

b. Only statement 2 is truec. Both are true

d. Both are false

Statement 1: IPS is not prone to fals


39/46

palarms.Statement 2: The use of a VPN soft

makes it much easier to add or remsites from the network.

a. Only statement 1 is true

b. Only statement 2 is truec. Both are true

d. Both are false


40/46

A compatibility test matches the users authencredentials against the ____________ to detewhether the employee should be allowed to

certain information resources and performrequested action


41/46

A compatibility test matches the users authencredentials against the access control matr

determine whether the employee should be ato access certain information resources and p

the requested action


42/46


43/46

All or Nothing.Enumerate the key criteria tha

information provided to managem

should satisfy.

Enumerate the key criteria tha


44/46

yinformation provided to managem

should satisfy. Integrity

Confidentiality

Efficiency

Reliability

Availability Compliance

Effectiveness


45/46

What are the three techniques usintrusion prevention systems to idundesirable traffic patterns?

What are the three techniques used


46/46

intrusion prevention systems to idenundesirable traffic patterns?

Compare traffic patterns to a database of sigof known attacks

Develop a profile ofnormal traffic and use stanalysis to identify packets that do not fit that

Use rule bases that specify acceptable standspecific types of traffic and that drop all packdo not conform to those standards

the hardest game ever made

Documents