Disaster-Recovery
Pick three types of records that cyber criminals would be interested in stealing from organizations. (Choose three.)
1. Education 2. Medical 3. Employment
What type of attack uses many systems to flood the resources of a target, thus making the target unavailable?
DDoS
Transferring large batchos of data to an off-site facility is known as _____________.
Electronic vaulting
All human created threats are caused by malicious actons.
False
What is an example of an Internet data domain?
Intrusion Detection and Prevention Systems can be implemented in all of the following except
Outside the network
True or False. A Subject who exploits a vulnerability perpetrates an attack on the system.
True
True or False. It is impossible to obtain perfect security.
True
What occurs on a computer when data goes beyond the limits of a buffer?
a buffer overflow
What does the term BYOD represent?
bring your own device
What name is given to hackers who hack for a cause?
hactivist
What does a rootkit modify?
operating system
What mechanism can organizations use to prevent accidental changes by authorized users?
version control
Which is an acceptable definition of information?
All are acceptable definitions
Which of the followng considers the impact that events could have on the organization in order to identify and prioritize critical functions?
Business impact analysis
What are two common indicators of spam mail? (Choose two.)
The email has misspelled words or punctuation errors or both. The email has keywords in it.
True or False. To achieve balance, level of security must allow reasonable access, yet protect against threats.
True
What is a secure virtual network called that uses the public network?
VPN
What are two ways to protect a computer from malware? (Choose two.)
1. Keep software up to date. 2. Use antivirus software.
What are two methods that ensure confidentiality? (Choose two.)
1. encryption 2. authentication
Thwarting cyber criminals includes which of the following? (Choose two.)
1. establishing early warning systems 2. changing operating systems
Which two methods help to ensure data integrity?
1. hashing 2. data consistency checks
Which of the following is the overall plan to anticipate, react to, and recover from threats that impact the security of information and assets within an organization?
Contingency Plan
A malicious attacker must have this:
1. Method 2. Opportunity 3. Motive
What are three types of sensitive information? (Choose three.)
1. PII 2. business 3. classified
What are two common hash functions? (Choose two.)
1. SHA 2. MD5
Which two reasons describe why WEP is a weak protocol? (Choose two.)
1. The key is transmitted in clear text. 2. The key is static and repeats on a congested network.
What are three access control security services? (Choose three.)
1. accounting 2. authorization 3. authentication
What are the three foundational principles of the cybersecurity domain? (Choose three.)
1. availability 2. confidentiality 3. integrity
What three tasks are accomplished by a comprehensive security policy? (Choose three.)
1. defines legal consequences of violations 2. gives the security staff the backing of management 3. sets rules for expected behavior
What three design principles help to ensure high availability? (Choose three.)
1. eliminate single points of failure 2. detect failures as they occur 3. use encryption
What are the three states of data? (Choose three.)
1. in-process 2. in-transit 3. at rest
What are two of the tactics used by a social engineer to obtain personal information from an unsuspecting target? (Choose two.)
1. intimidation 2. urgency
For the purpose of authentication, what three methods are used to verify identity? (Choose three.)
1. something you have 2. something you know 3. something you are
Periodically occuring unexpected activities that have the potential to be defined as incidents are called _______.
Adverse events
Consilidating multiple alarms of the same type to trigger a higher-level alarm from an Intrusion Detection and Prevention System is called ___________.
Alarm clustering
What type of an attack can disable a computer by forcing it to use memory or by overworking its CPU?
Algorithm
What is the workforce framework category that includes highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence?
Analyze
A ____________ is the long-term storage of a document or data file that is retained for legal or regulatory purposes.
Archive
Which are the most critical characteristics of information? Select all that apply.
Avaliability, Confidentiality, Integrity
The _______ is the group that is responsible for the overall planning and development of the contingency plan, including organizations of subordinate teams and oversight of subordinate plans.
Contingency Planning Management Team
A ________ is a backup that only updates the files that have been changed or added since the last backup.
Differential
It is not important to consider where you place an Intrusion Detection and Prevention System. Since they monitor netowork traffic, they can be equally effective anywhere on the network.
False
It is not the Computer Security Incident Response Team's (CSIRT) responsibility to inform users that their system is under attack. The CSIRT should focus only on controlling the incident.
False
Once an information security incident has been resolved and systems are functioning normally, the Incident Response plan is no longer involved and the incident is closed.
False
The Computer Security Incident Response Team (CSIRT) is easily staffed since incidents only happen during the normal work day and staff is readily available to respond.
False
There are no legal concerns with gathering information about and tracing attacks on your network. Since they were on your network first, it is considered a defensive response.
False
True or False. A threat is a weakness in the security system, for example, in procedures, design, or implementation, that might be exploited to cause loss or harm.
False
True or False. An interruption means that some unauthorized party has gained access to an asset.
False
True or False. The ARPANET Program Plan is considered the first step in the development of the Internet. Access Control was one of its primary concerns.
False
When creating contingency plans, all decisions should be be made by the information security specialists alone since they are the ones who best understand the threats that are being faced and how to protect against those threats.
False
When selection which controls to implement, an organization should focus only on the threats that could be the most damaging if they were to happen.
False
Which of the following training exercises for the CSIRT has the highest risk of causing an issue for the organization?
Full interruption
____________ are system resources that are placed in functional systems, but they do not have a use within the system. As a result, any access of the resource is an indication of a potential incident.
Honey token
Which of the following backup site options is the hardest to justify from a cost perspective.
Hot site
The _____ plan is a detailed set of processes and procedures that anticipate, detect and mitigate the effects of an unexpected event that might compromise information resources and assets.
Incident response
What does the acronym IoE represent?
Internet of Everything
A type of attack that involves the attacker trying to gain unauthorize access into or disrupt a system or network is referred to as ___________
Intrusion
What name is given to a storage device connected to a network?
NAS
Indicators of spam mail
No subject line, requesting an update to an account, misspelled words, cryptic links, requests user open an attachment
A ________ is a document from senior management to provide guidance for the employees that make decisiions and perform actions on the behalf of the company.
Policy
A threat that changes it's apparen shape over time in an effort to avoid detection is demonstrating which of the following?
Polymorphism
What type of cybersecurity laws protect you from an organization that might want to share your sensitive data?
Privacy
A ______ is a set of step-by-step instructions to complete a task so that users can be sure to complete the task correctly.
Procedure
Which of the following RAID configurations provides perfomance increases without providing redundancy?
RAID 0
The _____ is the goal time period when all systems, applications and functions can be recovered to after an outage.
Recovery point objective (RPO)
The point in time to which lost systems and data can be restored after an event or outage is the ________.
Recovery point objective (RPO)
The process of transferring transactions as they happen to an off-site facility is called ___________.
Remote journaling
The process of assigning a risk rating or score to an information asset is know as _______.
Risk assessment
What type of attack targets an SQL database using the input field of a user?
SQL injection
Which of the following concepts used in RAID configurations does not provide some protection from lost data.
Striping
The incident response plan can be activated by either the IR team leader or _______.
The IR Duty officer
Accounts on a systm should be monitored since the creation of new accounts (especially ones with high levels of access) and the activation of dormant accounts can be an indiction of an attack.
True
After every incident, the Computer Security Incident Response Team (CSIRT) should debrief and evaluate the response to the incident to see if there are any improvement to be developed.
True
All parts of an organization's contingency planning should be reviewed and tested regularly.
True
As the Computer Security Incident Response Team (CSIRT) is being implemented, an increase in the number of identified incidents is a sign of progress and that the team is gaining trust of others within the organization.
True
For every system, there is a point where the cost of the disruption becomes more expensive than the cost to recover. It is important to know this balance point in order to determine what resources should be dedicated to protect the system.
True
In addition to technical skills to respond to incidents, the Computer Security Incident Response Team (CSIRT) should be selected based on nontechnical sills such as the ability to communicate with one another as well as with others within the company.
True
In order to considered an information security incident, an event has to have three characteristics-it is directed towards company assets, it has a realistic chance of success, and it threatens the confidentiality, integrity or availability of the asset.
True
Incident response planning is focused on starting with the middle rather than the end result. The main goal is to decide what actions should be taken during the incident.
True
It is common to use a six-tape rotation for backups since this allows for daily backups on-site during the week and then off-site storage of weekly backups.
True
It is critical to gain support from upper managment for all contingency planning.
True
It is important to create a process for evaluating business needs that is well defined before gathering information so that you can avoid bias or adjusting the evaluations to meet your needs.
True
The Computer Security Incident Response Team (CSIRT) plan should be reviewed at least annually.
True
The Incident Response Planning Committee is responsible for collecting information and designing the organization of the Computer Security Incident Response Team (CSIRT).
True
The concepts of "need to know" and "least privlege" should be implemented to minimize risks.
True
True or False. Data owner: responsible for the security and use of a particular set of information .
True
True or False. The primary mission of information security is to ensure systems and contents stay the same.
True
When designing the Computer Security Incident Response Team (CSIRT) plan, it is important to determine the chain of command during an incident and to decide what actions can be taken to control the incident.
True
While the outsourcing of Incident Response processes can be risky, there are advatages. These include the ability to find out about potential attacks being carried otu in the region before you are a target.
True
When implementing an Intrusion Detection and Prevention system, it is important to adjust the configuration in order to maximize true positive alarms, while minimizing both false positives and false negatives. This process is referred to as _________.
Tuning
_______ can replicate themeselves constantly, without human interaction or other programs.
Worms
What is the difference between a virus and a worm?
Worms self-replicate but viruses do not.
What is the meaning of the term logic bomb?
a malicious program that uses a trigger to awaken the malicious code
A computer is presenting a user with a screen requesting payment before the user data is allowed to be accessed by the same user. What type of malware is this?
a type of ransomware
What does the term vulnerability mean?
a weakness that makes a target susceptible to an attack
What is the name for the type of software that generates revenue by generating annoying pop-ups?
adware
What service determines which resources a user can access along with the operations that a user can perform?
authorization
What is the name given to a program or program code that bypasses normal authentication?
backdoor
An attacker is sitting in front of a store and wirelessly copies emails and contact lists from nearby unsuspecting user devices. What type of attack is this?
bluesnarfing
What principle prevents the disclosure of information to unauthorized people, resources, and processes?
confidentiality
What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?
cross-site scripting
What name is given to any changes to the original data such as users manually modifying data, programs processing and changing data, and equipment failures?
modification
What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
phishing
What name is given to an amateur hacker?
script kiddie
Which term describes the sending of a short deceptive SMS message used to trick a target into visiting a website?
smishing
What is a method of sending information from one device to another using removable media?
sneaker net
What is the term used to describe an email that is targeting a specific person employed at a financial institution?
spear phishing
A criminal is using software to obtain information about the computer of a user. What is the name of this type of software?
spyware
What two methods help to ensure system availability? (Choose two.)
up-to-date operating systems, equipment maintenance
