cist 1601 final exam review

¡Supera tus tareas y exámenes ahora con Quizwiz!

What intrusion detection system strategy relies upon pattern matching?

Signature detection

What classification level is the highest level used by the U.S. federal government?

Top Secret

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?

Trojan horse

What is an example of two-factor authentication?

A token device and a PIN (type II something you have, such as a smart card, token device, or photo ID

Donna is building a security awareness program designed to meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS) 3.2. How often must she conduct training for all current employees?

ANNUALLY

Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. What phase of access control is Ed concerned about?

Accountability

What protocol is responsible for assigning IP addresses to hosts on most networks?

Dynamic host configuration protocol (DHCP)

What approach to cryptography provides the strongest theoretical protection?

Quantum cryptography

What term describes any action that could damage an asset?

Threat

What type of network connects systems over the largest geographic area?

Wide area network (WAN)

A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime.

disaster

Brian needs to design a control that prevents piggybacking, only allowing one person to enter a facility at a time. What type of control would best meet this need?

mantraps

What type of cipher works by rearranging the characters in a message?

transpositions ciphers

In what type of attack does the attacker send unauthorized commands directly to a database?

SQL injection

From a security perspective, what should organizations expect will occur as they become more dependent upon the Internet of Things (IoT)?

Security risks will increase.

In what type of attack does the attacker attempt to take over an existing connection between two systems?

Session Hijacking

Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. What type of policy should Ron implement to include the requirements and security controls for this arrangement?

Bring your own device (BYOD)

What type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?

Brute-force attack

What audit data collection method helps ensure that the information-gathering process covers all relevant areas?

Checklist

Federal agencies are required to name a senior official in charge of information security. What title is normally given to these individuals?

Chief information security officer (CISO)

What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?

Hash

Bob recently accepted a position as the information security and compliance manager for a medical practice. What regulation is likely to most directly apply to Bob's employer?

Health Insurance Portability and Accountability Act (HIPAA)

What is an example of a reactive disaster recovery control?

Moving to a warm site

Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. What type of attack is most likely taking place?

address resolution protocol (ARP) poisoning

What is the best example of an authorization control?

Access control lists

Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?

Access to a high level of expertise

Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. What type of attack is Florian using?

Typosquatting

What is NOT a commonly accepted best practice for password security?

Use no more than eight characters.

What wireless security technology contains significant flaws and should never be used?

Wired Equivalent Privacy (WEP)

What type of attack against a web application uses a newly discovered vulnerability that is not patchable?

Zero-day Attack

What is NOT one of the three tenets of information security?

anything not CIA

Maya is creating a computing infrastructure compliant with the Payment Card Industry Data Security Standard (PCI DSS). What type of information is she most likely trying to protect?

credit card information

When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve?

nonrepudiation

What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?

switch

What information should an auditor share with the client during an exit interview?

Details on major issues

Adam's company recently suffered an attack where hackers exploited an SQL injection issue on their web server and stole sensitive information from a database. What term describes this activity?

Incident

Fran is interested in learning more about the popular Certified Ethical Hacker (CEH) credential. What organization should she contact?

International Council of E-Commerce Consultants (EC-Council)

Which network device is capable of blocking network connections that are identified as potentially malicious?

Intrusion prevention system (IPS)

What level of technology infrastructure should you expect to find in a cold site alternative data center facility?

No technology infrastructure

Gwen's company is planning to accept credit cards over the Internet. What type of activity and includes provisions that Gwen should implement before accepting credit card transactions?

Payment Card Industry Data Security Standard (PCI DSS)

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?

Polymorphic virus

Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking?

Project Initiation and planning

What item is an auditor least likely to review during a system controls audit?

Resumes of system administrators

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?

SQL injection

Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. What principle is Karen enforcing?

Separation of duties

Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged into Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. What type of attack likely took place?

Session hijacking

Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. What service delivery model is Kaira's company using?

Software as a Service (SaaS)

What type of malware does NOT have an anti-malware solution and should be covered in security awareness training?

zero-day

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?

Cross-site scripting (XSS)

Forensics and incident response are examples of __________ controls.

Corrective


Conjuntos de estudio relacionados

Week 1, Lecture 10 - Phagocytosis

View Set

Forensic and Correctional Nursing

View Set

Principles of Economics Section 9: Fiscal Policy

View Set