Chapters 3 & 4

¡Supera tus tareas y exámenes ahora con Quizwiz!

What is the first step in a disaster recovery effort?

Ensure that everyone is safe

Which one of the following is an example of a disclosure threat?

Espionage

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?

Evil twin

Vishing is a type of wireless network attack.

False

Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?

80

Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?

Address Resolution Protocol (ARP) poisoning

Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks.

False

Most enterprises are well prepared for a disaster should one occur.

False

Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device.

False

Which control is not designed to combat malware?

Firewall

Which group is the most likely target of a social engineering attack?

Receptionists and administrative assistants

A surge protector is an example of a preventative component of a disaster recovery plan (DRP).

True

An alteration threat violates information integrity.

True

Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time.

True

Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.

True

Rootkits are malicious software programs designed to be hidden from normal methods of detection.

True

Screen locks are a form of endpoint device security control.

True

Spyware gathers information about a user through an Internet connection, without his or her knowledge.

True

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.

True

The term risk methodology refers to a list of identified risks that results from the risk-identification process.

True

An attacker uses exploit software when wardialing.

false

Authorization controls include biometric devices.

False

What is NOT one of the three tenets of information security?

Safety

Failing to prevent an attack all but invites an attack.

True

Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?

passive wiretap

Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place?

spim

A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.

true

The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.

true

The anti-malware utility is one of the most popular backdoor tools in use today.

False

Using a secure logon and authentication process is one of the six steps used to prevent malware.

False

Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to health care providers?

HIPPA

What level of technology infrastructure should you expect to find in a cold site alternative data center facility?

No technology infrastructure

Which tool can capture the packets transmitted between systems over a network?

Protocol analyzer

George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?

Risk Management Guide for Information Technology Systems (NIST SP800-30)

Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?

Risk survey results

A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks.

True

Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP).

True

In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data.

True

The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems.

True

The Gramm-Leach-Bliley Act (GLBA) addresses information security concerns in the financial industry.

True

When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks.

True

Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri?

White-hat hacker

A dictionary password attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.

false

A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.

false

Spam is some act intended to deceive or trick the receiver, normally in email messages.

false

The main difference between a virus and a worm is that a virus does not need a host program to infect.

false

Which type of denial of service attack exploits the existence of software flaws to disrupt a service?

logic attack


Conjuntos de estudio relacionados

Visual Basic Chapter 1-7 Dietel Final

View Set

DMV Written Test Class C-California-Complete Set- Multiple Choice

View Set

NUR 311L Skills Lab - Extremity Restraint

View Set

Geometry (10.2) Semester 2 Review

View Set