Disk mirroring, redundant array of independent disk (RAID), and passwords are the first line-of-defenses. Disk mirroring and RAID act as the first line-of-defense for protecting against data loss. Incorrect entry of a password will be rejected thus disallowing an unauthorized person to enter into a computer system. Both disk mirroring and RAID provide redundant services.

The line-of-defenses are security mechanisms for limiting and controlling access to and use of computer system resources. They exercise a directing or restraining influence over the behavior of individuals and the content of computer systems. The line-of-defenses form a core part of defense-in-depth strategy or security-in-depth strategy.

173. Which of the following is the last (final) line-of-defense for the defense-in-depth strategy?

a. Perimeter-based security

b. Network-based computing environment

c. Host-based computing environment

d. Host-based security

173. c. Detect and respond actions effectively mitigate the effects of attacks that penetrate and compromise the network. The host-based computing environment is the last (final) line-of-defense for the defense-in-depth strategy. The protection approach must take into account some facts such as workstations and servers can be vulnerable to attacks through poor security postures, misconfigurations, software flaws, or end-user misuse.

Perimeter-based security is incorrect because it is a technique of securing a network by controlling accesses to all entry and exit points of the network. Network-based computing environment is incorrect because it focuses on effective control and monitoring of data flow into and out of the enclave, which consists of multiple LANs, ISDNs, and WANs connected to the Internet. It provides a first line-of-defense. Host-based security is incorrect because it is a technique of securing an individual system from attacks.

The line-of-defenses are security mechanisms for limiting and controlling access to and use of computer system resources. They exercise a directing or restraining influence over the behavior of individuals and the content of computer systems. The line-of-defenses form a core part of defense-in-depth strategy or security-in-depth strategy.

174. What do fundamental goals of the defense-in-depth include?

a. Sneak and peek

b. Trap and trace

c. Detect and respond

d. Protect and detect

174. c. A fundamental tenet of the defense-in-depth strategy is to prevent a cyber attack from penetrating networks and to detect and to respond effectively to mitigate the effects of attacks that do. Detect and respond capabilities are complex structures that run the gamut of intrusion and attack detection, characterization, and response.

Sneak and peek are incorrect because they are an element of the U.S. Patriot Act of 2001, which was developed to provide convenience to law enforcement authorities in the event of terrorism. Trap and trace are incorrect because they are a part of a criminal investigation. Protect and detect are incorrect because they are a part of physical security function.

175. Which of the following controls provide a first line-of-defense against potential security threats, risks, or losses to the network?

a. Passwords and user IDs

b. Software testing

c. Dial-back modem

d. Transaction logs

175. a. Passwords and user identification are the first line-of-defense against a breach to a network’s security. Several restrictions can be placed on passwords to improve their effectiveness. These restrictions may include minimum length and format and forced periodic password changes.

Software testing is the last line-of-defense to ensure data integrity and security. Therefore, the software must be tested thoroughly by end users, information systems staff, and computer operations staff.

Switched ports (not Cisco switches) are among the most vulnerable security points on a network. These allow dial in and dial out access. They are security risks because they allow users with telephone terminals to access systems. Although callback or dial-back is a potential control as a first line-of-defense, it is not necessarily the most effective because of the call forwarding capability of telephone circuits.

For online applications, the logging of all transactions processed or reflected by input programs provides a complete audit trail of actual and attempted entries, thus providing a last line-of-defense. The log can be stored on tape or disk files for subsequent analysis. The logging control should include the date, time, user ID and password used, the location, and number of unsuccessful attempts made.

The line-of-defenses are security mechanisms for limiting and controlling access to and use of computer system resources. They exercise a directing or restraining influence over the behavior of individuals and the content of computer systems. The line-of-defenses form a core part of defense-in-depth strategy or security-in-depth strategy.

176. Which of the following enables adequate user authentication of mobile hand-held devices?

a. First line-of-defense

b. Second line-of-defense

c. Third line-of-defense

d. Last line-of-defense

176. a. Enabling adequate user authentication is the first line-of-defense against unauthorized use of an unattended, lost, or stolen mobile hand-held device such as personal digital assistant (PDA) and smartphones. Authentication is the first-line-of-defense.

177. Which of the following supports the security-in-depth strategy?

a. Abstraction

b. Data hiding

c. Layering

d. Encryption

177. c. By using multiple, overlapping protection mechanisms, the failure or circumvention of any individual protection approach will not leave the system unprotected. The concept of layered protections is called security-in-depth or defense-in-depth strategy. Abstraction, data hiding, and encryption are some examples of protection mechanisms, which are part of security-in-depth strategy.

178. If Control A misses 30 percent of attacks and Control B also misses 30 percent of attacks, in combination, what percentage of attacks will be caught?

a. 40 percent

b. 60 percent

c. 70 percent

d. 91 percent

178. d. Controls work in an additive way, meaning that their combined effect is far greater than the sum of each individual effect. In combination, both controls should miss only 9 percent (i.e., 0.3 x 0.3) of attacks. This means 91 percent (i.e., 100 percent – 9 percent) of attacks should be caught. Forty percent is incorrect because it adds 30 percent and 30 percent and subtracts the result from 100%. Sixty percent is incorrect because it simply adds 30 percent for Control A and B. Seventy percent is incorrect because it subtracts 30 percent from 100 percent, resulting in 70 percent.

179. Pharming attacks are an example of which of the following?

a. Browser-oriented attacks

b. Server-oriented attacks

c. Network-oriented attacks

d. User-oriented attacks

179. c. An attacker may modify the domain name system (DNS) mechanism to direct it to a false website. These techniques are often used to perform pharming attacks, where users may divulge sensitive information. Note that pharming attacks can also be initiated by subverting the victim’s host computer files.