A.   An attempt to secure hardware - software - and various media while investigating anomalous network behavior.

C.   1. Separate duties (dual operator - two-man control) 2. Rotate duties (allows peer review) 3. System failure preparation (Trusted recovery) 4. Multiple personnel oversee configuration changes to anticipate issues

D.   1. Configuration management and control 2. Continuous monitoring

A.   Many Cisco IOS routers can be configured with Intrusion Prevention System (IPS) - virtual private network (VPN) and firewall features.

B.   Analyze inline traffic for malicious activity. IPS can drop offending traffic - instruct appliances to block specific host - send alerts etc.

C.   Security Device Manager provides GUI for configuring security features (e.g. IPS - IPSec site-site VPN - firewall features)

B.   Cisco PIX 500 series of security appliances offer firewall and VPN-termination features.

C.   Risk Management: keeping damange to a minimum - Risk Avoidance: preventing risk from occuring

A.   Qualitative mathematically models the probability and severity of a risk while Quantitative uses a scenario model (better for big deployments)

B.   Many Cisco IOS routers can be configured with Intrusion Prevention System (IPS) - virtual private network (VPN) and firewall features.

C.   Integrated - Collaborative - Adaptive

A.   1. Information preservation 2. Media sanitation 3. Hardware and software disposal

B.   1. Non-disaster: Brief interruption 2. Disaster: Interruption 1-7 days 3. Catastrophe: Move to alternative site - all resources destroyed.

C.   Monitors security devices and applications: Uses event correlation to collect events from multiple devices - reducing the number of false positives - Identified appropriate mitigation strategies - Uses Cisco NetFlow technology to more readily identif

A.   Cisco 5500 Adaptive Security Appliances (ASA) offers a wide variety of security solutions such as firewall - IPS - VPN - anti-spyware - antivirus - and anti-phishing.

B.   1. Information preservation 2. Media sanitation 3. Hardware and software disposal

C.   1. Relocating operations to another facility while the original facility is under repair 2. Using alternative forms of internal and external communication

A.   Monitors security devices and applications: Uses event correlation to collect events from multiple devices - reducing the number of false positives - Identified appropriate mitigation strategies - Uses Cisco NetFlow technology to more readily identif

B.   Application that provides AAA funtionality

D.   Consists of a collection of security solutions to identify - prevent and adapt to emerging threats.

A.   1. Formalized risk assessment 2. Security functional requirements 3. Security assurance/legal requirements 4. Cost considerations 5. Security planning (security controls in use) 6. Design and development of security controls 7. Basic testing

B.   Cisco 5500 Adaptive Security Appliances (ASA) offers a wide variety of security solutions such as firewall - IPS - VPN - anti-spyware - antivirus - and anti-phishing.

C.   Application that provides IPS services on a host.

B.   1. Inspection of security system 2. System integration 3. Security certification 4. Security accreditation

C.   An application used to configure security features on a variety of IOS-based routers - ASA 5500 - PIX 500 - IPS 4200 - Catalyst 6500 through a graphical interface. Also provides a centralized policy and inter-operates with Cisco ACS.

D.   Cisco 5500 Adaptive Security Appliances (ASA) offers a wide variety of security solutions such as firewall - IPS - VPN - anti-spyware - antivirus - and anti-phishing.

A.   Risk Management: keeping damange to a minimum - Risk Avoidance: preventing risk from occuring

B.   1. Relocating operations to another facility while the original facility is under repair 2. Using alternative forms of internal and external communication

D.   An attempt to secure hardware - software - and various media while investigating anomalous network behavior.

B.   1. Separate duties (dual operator - two-man control) 2. Rotate duties (allows peer review) 3. System failure preparation (Trusted recovery) 4. Multiple personnel oversee configuration changes to anticipate issues

C.   1. Non-disaster: Brief interruption 2. Disaster: Interruption 1-7 days 3. Catastrophe: Move to alternative site - all resources destroyed.

D.   1. Categorize severity of a security breach 2. Preliminary (high-level) risk assessment

A.   Consists of a collection of security solutions to identify - prevent and adapt to emerging threats.

B.   An attempt to secure hardware - software - and various media while investigating anomalous network behavior.

C.   Risk Management: keeping damange to a minimum - Risk Avoidance: preventing risk from occuring

A.   1. Categorize severity of a security breach 2. Preliminary (high-level) risk assessment

B.   Risk Management: keeping damange to a minimum - Risk Avoidance: preventing risk from occuring

C.   Application that provides IPS services on a host.

A.   1. Hot site: completely redundant site 2. Warm site: similar - but outdated equipment 3. Cold site: network needs to be built from scratch

B.   Integrated - Collaborative - Adaptive

D.   Module that goes in a Catalyst 6500 or similar to provide firewall services between VLANs.

B.   Host-based Intrusion Prevention System (HIPS) - Example Cisco Security Agent

C.   1. Categorize severity of a security breach 2. Preliminary (high-level) risk assessment

A.   An application used to configure security features on a variety of IOS-based routers - ASA 5500 - PIX 500 - IPS 4200 - Catalyst 6500 through a graphical interface. Also provides a centralized policy and inter-operates with Cisco ACS.

C.   1. Inspection of security system 2. System integration 3. Security certification 4. Security accreditation

D.   Cisco PIX 500 series of security appliances offer firewall and VPN-termination features.

A.   1. Inspection of security system 2. System integration 3. Security certification 4. Security accreditation

C.   ALE = Monetary value to justify expense of security solutions AV = total cost of an asset EF = % representing percentage of loss that an asset experiences ARO = How many times per year a threat occurs

A.   Monitors security devices and applications: Uses event correlation to collect events from multiple devices - reducing the number of false positives - Identified appropriate mitigation strategies - Uses Cisco NetFlow technology to more readily identif

C.   Risk Management: keeping damange to a minimum - Risk Avoidance: preventing risk from occuring

D.   1. Relocating operations to another facility while the original facility is under repair 2. Using alternative forms of internal and external communication

A.   1. Inspection of security system 2. System integration 3. Security certification 4. Security accreditation

B.   1. Emergency Response 2. Recovery 3. Return to Normal Operations

D.   Cisco 5500 Adaptive Security Appliances (ASA) offers a wide variety of security solutions such as firewall - IPS - VPN - anti-spyware - antivirus - and anti-phishing.

A.   Application that provides IPS services on a host.

C.   ALE = Monetary value to justify expense of security solutions AV = total cost of an asset EF = % representing percentage of loss that an asset experiences ARO = How many times per year a threat occurs

D.   1. Relocating operations to another facility while the original facility is under repair 2. Using alternative forms of internal and external communication

A.   Risk Management: keeping damange to a minimum - Risk Avoidance: preventing risk from occuring

B.   ALE = Monetary value to justify expense of security solutions AV = total cost of an asset EF = % representing percentage of loss that an asset experiences ARO = How many times per year a threat occurs

C.   Host-based Intrusion Prevention System (HIPS) - Example Cisco Security Agent

B.   1. Configuration management and control 2. Continuous monitoring

C.   Module that goes in a Catalyst 6500 or similar to provide firewall services between VLANs.

D.   Security Device Manager provides GUI for configuring security features (e.g. IPS - IPSec site-site VPN - firewall features)

A.   Consists of a collection of security solutions to identify - prevent and adapt to emerging threats.

B.   Cisco 5500 Adaptive Security Appliances (ASA) offers a wide variety of security solutions such as firewall - IPS - VPN - anti-spyware - antivirus - and anti-phishing.

C.   Monitors security devices and applications: Uses event correlation to collect events from multiple devices - reducing the number of false positives - Identified appropriate mitigation strategies - Uses Cisco NetFlow technology to more readily identif

A.   Application that provides IPS services on a host.

B.   Integrated - Collaborative - Adaptive

D.   Application that provides AAA funtionality

A.   Application that provides AAA funtionality

C.   Cisco PIX 500 series of security appliances offer firewall and VPN-termination features.

D.   An attempt to secure hardware - software - and various media while investigating anomalous network behavior.

A.   Risk Management: keeping damange to a minimum - Risk Avoidance: preventing risk from occuring

B.   Analyze inline traffic for malicious activity. IPS can drop offending traffic - instruct appliances to block specific hosts - send alerts etc.

D.   Host-based Intrusion Prevention System (HIPS) - Example Cisco Security Agent

A.   Application that provides IPS services on a host.

C.   ALE = Monetary value to justify expense of security solutions AV = total cost of an asset EF = % representing percentage of loss that an asset experiences ARO = How many times per year a threat occurs

D.   1. Categorize severity of a security breach 2. Preliminary (high-level) risk assessment

B.   ALE = Monetary value to justify expense of security solutions AV = total cost of an asset EF = % representing percentage of loss that an asset experiences ARO = How many times per year a threat occurs

C.   An application used to configure security features on a variety of IOS-based routers - ASA 5500 - PIX 500 - IPS 4200 - Catalyst 6500 through a graphical interface. Also provides a centralized policy and inter-operates with Cisco ACS.

D.   An attempt to secure hardware - software - and various media while investigating anomalous network behavior.