ISDS 4244: Final Exam
When the temperature in a data center is too high, computing and electronic equipment can overheat. What can happen if the temperature gets too low in a data center?
Temperature that is too low can cause condensation on equipment that can result in corrosion, and even cause short circuits when condensation occurs on electrical components.
What is the relationship, in terms of service level management, that the IT department has with both internal and external customers?
The IS department can be both service provider to internal customers and a customer to external providers, and often the two are interrelated.
What is the primary security advantage to switching from shared-media networks to switched networks?
The only traffic that a node sees are packets sent explicitly to or from the node, as well as some broadcast traffic, reducing the risks of eavesdropping.
An auditor is reviewing an organization's change management process and has found that many changes are being performed without approval. What is the best approach for the organization to take?
The organization should reiterate its policy that no unapproved changes should be performed, and that this can result in termination of employment.
What is the primary disadvantage of a cutover disaster recovery (DR) test?
The risks associated with a cutover test are high.
Which of the following is the primary risk associated with third-party service providers?
The service provider will have access to some of the organization's sensitive information.
In an RDBMS, what is the relationship between foreign and primary keys?
There can be many matching foreign key fields for one primary key.
Which of the following best describes the term "crossover error rate" in the context of biometric authentication mechanisms?
This is the point at which the false reject rate (FRR) equals the false accept rate (FAR). This is the ideal point for a well-tuned biometric system.
What is the main purpose of change management?
To ensure that all proposed changes to an IT environment are vetted for suitability and risk, and to ensure that changes will not interfere with each other or with other planned or unplanned activities
What is the objective of war driving?
To locate nonsecure wireless networks that can be exploited
Why is regression testing important to the release process?
To make sure that functions that were confirmed to be working properly in prior releases continue to work as expected
Which of the following threats is uniquely vulnerable to Voice over IP systems in addition to the normal threats any IP-based network would face?
Toll fraud
What are the effects of humidity on computing equipment?
Too high humidity can result in condensation; too low can result in static buildup
A seemlingly harmless program that is supposed to perform one function but that actually performs another (or additional) undesired functions is called a:
Trojan horse
An organization that wants to establish a secure virtual private network (VPN) connection using IPsec will need to configure it to use which mode?
Tunnel mode
A system that filters incoming power spikes and other noise and supplies power for short periods through a bank of batteries is called a:
Uninterruptible power supply (UPS)
An organization operates a large (1,000+ servers) e-commerce environment from a single data center. Which of the following recovery strategies would be the most effective?
Use infrastructure from a cloud service provider only during disaster recovery (DR) testing and actual recovery operations.
What is the purpose of vulnerability scanning?
Use of tools that san or examine computers, network devices, or application programs with the purpose of finding vulnerabilities
How should physical media containing highly sensitive information be packaged and transported?
Using a courier; in a double-wrapped package, requiring a signature and secure storage
When designing a wireless network infrastructure, an organization that wants to create a secure network should use all of the following methods EXCEPT:
Using the maximum signal strength possible
Which of the following statements concerning viruses is true?
Viruses are fragments of code that attach themselves to .exe files (executable programs) and are activated when the program they're attached to is run.
Which encryption technique was originally designed to protect wireless networks from eavesdropping?
WEP
Which method of encryption is considered superior to WEP in terms of protecting wireless networks?
WPA2
An organization has initiated a business relationship with an outsourced service provider. The service provider will carry out many projects for the organization. How should the organization define and initiate each project?
Work orders
In ITIL terminology, if the incident has been seen before and its root cause is known, this is called a:
Known error
When a database's use is restricted so that personnel have only the permissions and privileges needed to perform their job, which access control principle is being followed?
Least privilege
All of the following are private key encryption algorithms EXCEPT:
MD5
What is the best type of tool to use for making a forensic copy of a system's hard drive?
Media copier
Which personnel should be chosen for a disaster recovery (DR) core team that would declare a disaster?
Middle and upper managers who are familiar with critical business operations
Which of the following types of information would be considered PUBLIC information?
Mission statement
Which is NOT one of the common types of incidents that should be included in an incident response plan?
Natural disasters
Which of the following are ways that intrusion detection systems (IDS) can be classified?
Network IDS (NIDS) and host-based IDS (HIDS)
Which types of devices would a "remote destruct" feature be enabled on in the event they are lost or stolen?
PDAs and laptops
Which of the following practices is NOT considered to be effective with regard to software licensing?
Allowing users to install only legally licensed software brought from home
What factor primarily determines if there is sufficient capacity in IT systems and IT processes?
An IT system or process has sufficient capacity if its performance falls within an acceptable range as specified in service level agreements (SLAs)
An auditor has discovered that several administrators share the administrative account in a hypervisor. All of the following are risks associated with this practice EXCEPT:
An intruder will be able to crack the administrative password more easily.
Which of the following normally would NOT be an indication that an incident is taking place?
A financial transaction processing with a delay
Which of the following statements describing hot, warm, and cold recovery sites is true?
A hot site is the best choice when the RTO is a small amount of time.
An audit of an organization's business continuity and disaster recovery programs should include all of the following EXCEPT:
A requirement that the organization initiate an unplanned cutover test
What is the primary disadvantage of simulation disaster recovery (DR) testing?
A simulation does not evaluate the organization's actual ability to recover from a disaster.
In the context of routers and firewalls, which of the following best describes the use of access control lists (ACLs)?
Access control lists are packet-filtering rules that make allow/deny decisions based on IP address, port, service, and other criteria.
Poor capacity planning can affect all of the different aspects of IT management EXCEPT:
Access control management
A cluster that can automatically transfer processing to a standby member of the cluster in the event of the failure of one of the other computers in the cluster is said to be in which type of mode?
Active-passive mode
Managing and controlling all of the activities that take place in an IS department means:
All actions and activities performed by operations personnel should be a part of a procedure, process, or project that has been approved by management.
All of the following are used to protect mobile devices EXCEPT:
Allowing the device to be used only in a controlled area, such as a server room
In order to support an organization's mission, goals, and objectives, network infrastructure design should include which of the following:
Physical and logical network architecture, data flow architecture, and network standards and services
Which type of attack attempts to discover open, and possibly vulnerable, ports on target systems?
Port scanning
Which type of water-pipe fire suppression method is usually considered best for data centers?
Pre-action
SET (Secure Electronic Transaction) is an older protocol used for secure transactions across the Internet that has been largely replaced with which method?
Secure Sockets Layer (SSL)
When an authorized user is able to access some portion of application source code and make a copy under strict management control, presumably to make a modification or perform analysis, this is referred to as:
Program check-out
An event where the confidentiality, integrity, or availability of information (or an information system) has been compromised is called a:
Security incident
Which level of RAID creates a "mirror," where data written to one disk in the array is also written to a second disk in the array, making the volume more reliable through the preservation of data even when one disk in the array fails?
RAID-1
Which level of RAID uses two parity blocks instead of a single parity block and can withstand the failure of any two disks in the array, instead of a single disk?
RAID-6
All of the following should be considered when determining if an individual requires access to sensitive or classified information EXCEPT:
Rank or position within the organization
A recovery site operated by another company or organization is called a:
Reciprocal site
Which of the following statements regarding single sign-on is FALSE?
Single sign-on refers to an environment where a centralized directory service such as LDAP (Lightweight Directory Access Protocol), RADIUS (Remote Access Dial-In User Service), or Microsoft Active Directory is used by several applications for authentication.
Two-factor authentication relies on using factors to successfully authenticate an individual EXCEPT?
Something you calculate (e.g., hash value)
Which of the following forms of attack perpetrated through e-mail contains messages that advertise legitimate goods and services as well as fakes, and could contain malware?
Spam
Which of the following involves the concept of dividing knowledge of a specific object or task between two persons?
Split custody
Which type of malware performs one or more surveillance-type actions on a computer reporting back to the malware owner?
Spyware
A stand-alone storage system that can be configured to contain several virtual volumes and connected to several servers through fiber optic cables, and is seen as "local" storage by servers' operating systems is called:
Storage area network (SAN)
Which device operates at layer 2 of the OSI model and is concerned with listening to traffic to learn the MAC address(es) associated with each of its ports and sending packets only to destination ports?
Switch
All of the following statements are true regarding the construction and use of passwords EXCEPT:
System administrators should have a listing of all users' passwords in the event of a user's termination or extended absence.
Which of the following statements concerning T-carrier circuits is true?
T1 (also known as DS-1) circuits contain 24 DS-0 channels.
An IS auditor is reviewing wireless networks that are used to support wireless point-of-sale terminals in retail locations. The IS auditor has observed that these wireless networks to not broadcast SSID, and they employ Wired Equivalent Privacy encryption with 64-bit keys that are changed each quarter. What action should the auditor take?
Recommend that better encryption be used
Which one of the following is NOT a characteristic of secure shell (SSH)?
SSH was replaced by SSL and HTTPS protocols.
In the context of protecting business information, which category of information should be treated with the utmost care and must be encrypted and labeled, never e-mailed, kept in secure containers, and destroyed with specialized procedures?
Secret
Which classification of information should never be stored on a mobile device and must be encrypted and properly labeled while in storage?
Secret
A network device that serves to control the flow of network messages between networks, usually placed at the boundary between the Internet and an organization's internal network, is called a:
Firewall
When each step of the release process undergoes formal review and approval before the next step is allowed to begin, this is called a:
Gate process
Which of the following spoofing techniques involves the altering of the OSI layer 3 addressing information?
IP address spoofing
Protocols that are found at the TCP/IP Internet layer include:
IP, ICMP, IGMP, and IPSec
Which of the following protocols may be used to encrypt a remote access connection?
IPSec
Who acts as the single point of contact for requests from customers?
IT service desk
An IS auditor is reviewing the disaster recovery (DR) plans for an online service provider, and has found that the DR plans are reviewed and updated annually. What statement best describes the finding that the auditor should write?
In a rapidly changing IT environment, DR plans should be reviewed more often.
When would you design an access control to "fail open"?
In the case of building access controls, which would need to permit evacuation of personnel in an emergency.
Which of the following fire suppression methods is considered the best one for computer/data centers?
Inert gas
Which of the following describes a policy that includes as its component a statement of executive support, roles and responsibilities, values of information-related assets, protection of information assets, acceptable behavior, enforcement and consequences, support for laws and regulations, and risk management?
Information security policy
Which electric power vulnerability is characterized by a sudden increase in current flowing to a device, usually associated with the startup of a large motor, and may cause a voltage drop that lasts several seconds?
Inrush
One potential weakness of certificate-based authentication is:
It may be possible to duplicate the digital certificate.
In the context of logical access control, what does the term "fail closed" mean?
It means that if an access control mechanism fails, all access will be denied.
Public key infrastructure (PKI) is based on what kind of keys?
Asymmetric, or public, key pairs
Which two elements are key to implementing remote access?
Authentication and encryption
When a message is signed using a private key and verified with a public key, this action fulfills the message:
Authenticity and integrity
Which of the following is true regarding protecting voice over IP (VoIP) communications?
Because VoIP systems communicate over TCP/IP, and because many are based on conventional operating systems, VoIP is protected through primarily the same measures that are used to protect other IT systems.
Firewalls are normally placed at all of the following locations EXCEPT:
Between user workstations and an internal file server
Which of the following terms describes an authentication system that uses physical attributes as part of its access control mechanism?
Biometric
How do managers in IT organizations determine if their operations are effective?
By measuring all aspects of operations need to measured, reviewing those measurements and reports, and carrying out management-directed changes
How do IT personnel determine whether incidents and problems are related to specific systems configurations?
By using an intelligent problem and incident management system that is able to access the configuration management database (CMDB)
How do centralized monitoring systems typically utilize networks to assist in monitoring and managing devices?
By using monitoring consoles that have the ability to send alert messages to the personnel who manage the systems being monitored
Two primary CPU architectures that are widely used are:
CISC and RISC
Directory services provide which of the following network-based services?
Centralized management services
Who signs a digital certificate, providing assurance that the certificate and the identifying information it contains is valid?
Certificate authority
The software that controls computer hardware and facilitates the use of software applications is called:
Computer operating systems
All of the following are characteristics of the TCP protocol EXCEPT:
Connectionless protocol
An organization is considering outsourcing a department to an offshore service provider. How can the organization best ensure that the offshore provider's service quality will be adequate?
Contractually link service quality to payments for service
An organization has established a system classification scheme for identifying the criticality of systems for disaster recovery purposes. The organization's primary e-commerce application has been classified as Critical. How should the organization's DNS servers be classified?
DNS servers should be classified as Critical so that customers can contact the e-commerce servers.
All of the following statements characterize denial of service (DOS) attacks EXCEPT:
DOS attacks can be caused by user errors that create software application error messages.
In order to make use of access controls to enforce database security, what must occur?
Databases must authenticate the identity of users.
All of the following are risks associated with the use of peer-to-peer computing EXCEPT:
Denial of service
Bidirectional replication has transaction concurrency issues that can be resolved using a:
Distributed lock manager
An option for system backup that permits organizations to back up their systems and data to an off-site location, which could be a storage system in another data center or a third-party service provider, is called.
E-valuting
How are emergency changes related to problem and incident management?
Emergency changes are often related to incidents or problems, and can reference those issues so they can be closed.
Threats that physical security measures attempt to address include which of the following?
Equipment theft, sabotage, and destruction by any person