CIS Midterm Study Guide
Which of the following statements best describes the relationship of a BCP to a DRP?
A DRP is a component of a BCP
Which risk analysis value represents the annual probability of a loss?
ARO
Which risk is most effectively mitigated by an upstream Internet service provider (ISP)?
Distributed denial of service (DDoS)
An attacker uses exploit software when wardialing
False
Risk management is responding to a negative event when it occurs
False
Vishing a type of wireless network attack
False
With adequate security controls and defenses, an organization can often reduce its risk to zero.
False
A DoS attack is coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks.
True
A VPN router is a security appliance that is sued to filter IP packets
True
A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier
True
Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.
True
Failing to prevent an attack all but invites an attack.
True
It is faster to create the incremental weekday backups than the differential backups
True
Using a secure logon and authentication process is one of the six steps used to prevent malware
True
A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer
false
Which risk response would be most appropriate if the impact of a risk becoming a reality is negligible?
Accept
The System/Application Domain holds all the mission-critical systems, applications, and data
True
In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.
False
Which security control is most helpful in protecting against eavesdropping on wirless LAN (WLAN) data transmissions that would jeopardize confidentiality
Applying strong encryption
Simple Network Management Protocol is used for network device monitoring, alarm, and performance.
True
Spyware gathers information about a user through an internet connection, without his or her knowledge
True
Matthew captures traffic on his network and notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted connections?
22
What a key principle of risk management programs?
Don't spend more to protect an asset than it is worth
Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer?
Health Insurance Portability and Accountability Act
Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations?
Password Protection
Which element of the security framework requires approval from upper management and applies to the entire organization
Policy
Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?
Procedure
Which tool can capture the packets transmitted between systems over a network
Protocol analyzer
Which type of risk analysis uses relative ranking?
Qualitative risk analysis
Which type of risk analysis uses formulas and numeric values to indicate risk severity?
Quantitative risk analysis
Which formula is typically used to describe the components of information security risks?
Risk = Threat X Vulnerability
According to PMI, which term described the list of identified risks?
Risk register
What is NOT one of the three tenets of information security
Safety
In which type of attack does the attacker attempt to take over an existing connection between two systems
Session hijacking
Which risk-response option would best describe purchasing fire insurance?
Transfer
Spam is some act intended to deceive or trick the receiver, normally in email messages
false
The Sarbanes-Oxley Act requires all types of financial institutions to protect customers private financial information
false
The main difference between a virus and a worm is that a virus does not need a host program to infect
false
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?
Opportunity Cost
Which term is used to indicate the amount of data loss that is acceptable?
RPO
Which group is most likely a target of a social engineering attack
Receptionists and administrative assistants
Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available.
True
Organizations should start defining their IT security policy framework by defining an asset classification policy
True
Risk refers to the amount of harm a threat exploiting a vulnerability can cause
True