info systems

¡Supera tus tareas y exámenes ahora con Quizwiz!

Juan's web server was down for an entire day last September. It experienced no other downtime during that month. Which one of the following represents the web server uptime for that month?

96.67%

Authorization controls include biometric devices.

False

Which one of the following is an example of a logical access control?

Password

In which type of attack does the attacker attempt to take over an existing connection between two systems?

Session hijacking

Which term describes an action that can damage or compromise an asset?

Threat

Which term describes any action that could damage an asset?

Threat

Which one of the following is the best example of an authorization control?

Access control lists

Which information security objective allows trusted entities to endorse information?

Certification

Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices?

Data ownership

What is the first step in a disaster recovery effort?

Ensure that everyone is safe.

Which one of the following is an example of a disclosure threat?

Espionage

Which type of attack involves the creation of some deception in order to trick unsuspecting users?

Fabrication

A dictionary password attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.

False

A phishing attack "poisons" a domain name on a domain name server.

False

A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.

False

Bricks-and-mortar stores are completely obsolete now.

False

Cryptography is the process of transforming data from cleartext into ciphertext.

False

Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks.

False

The main difference between a virus and a worm is that a virus does not need a host program to infect.

False

The weakest link in the security of an IT infrastructure is the server.

False

Vishing is a type of wireless network attack.

False

Which control is not designed to combat malware?

Firewalls

Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers?

HIPAA

What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?

Hash

Adam's company recently suffered an attack where hackers exploited an SQL injection issue on their web server and stole sensitive information from a database. What term describes this activity?

Incident

Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?

Integrity

Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?

Integrity

Which of the following is an example of a hardware security control?

MAC filtering

Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of?

Phishing

What is NOT a goal of information security awareness programs?

Punish users who violate policy

Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining?

Recovery time objective (RTO)

Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery model is Kaira's company using?

Software as a Service (SaaS)

What type of network connects systems over the largest geographic area?

Wide area network (WAN)

Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?

Zero-day attack

Forensics and incident response are examples of __________ controls.

corrective

What is NOT a commonly used endpoint security technique?

Network firewall

What is NOT one of the three tenets of information security?

Safety

During which phase of the access control process does the system answer the question,"What can the requestor access?"

Authorization

Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri?

White-hat hacker

What type of malicious software masquerades as legitimate software to entice the user to run it?

Trojan horse

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered?

Vulnerability

Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?

Decryption

Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?

Opportunity cost

Which type of authentication includes smart cards?

Ownership

Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations?

Password protection

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Residual risk

Which formula is typically used to describe the components of information security risks?

Risk = Threat X Vulnerability

What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?

Switch

A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks.

True

A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.

True

A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.

True

A surge protector is an example of a preventative component of a disaster recovery plan (DRP).

True

Any component that, if it fails, could interrupt business processing is called a single point of failure (SPoF).

True

Authentication controls include passwords and personal identification numbers (PINs).

True

Rootkits are malicious software programs designed to be hidden from normal methods of detection.

True

Screen locks are a form of endpoint device security control.

True

Spyware gathers information about a user through an Internet connection, without his or her knowledge.

True

The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.

True

The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.

True

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.

True

Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?

Alice's private key

Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?

Alice's public key

Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements?

Applying security updates promptly

Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?

Authorization

Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?

Baseline

Which password attack is typically used specifically against password files that contain cryptographic hashes?

Birthday attacks

Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?

Brute-force attack

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?

Business continuity plan (BCP)

Which activity manages the baseline settings for a system or device?

Configuration control

A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime.

disaster

Purchasing an insurance policy is an example of the ____________ risk management strategy.

transfer


Conjuntos de estudio relacionados

Chapter 1 Statistics and how they are used

View Set

Astronomy Mid-term Part 4 (Chapter 1)

View Set

Business Management Final Exam Study Guide

View Set

OPMA 3306 Chapter 1-4/6-8 w/ quizzes

View Set