ISEC 5305 test 1
The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?
13
? Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?
443
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support the service?
80
Which password attack is typically used specifically against password files that contain cryptographic hashes?
Birthday attacks
Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs?
Collaboration
Jody would like to find a solution that allows realtime document sharing and editing between teams. Which technology would best suit her needs?
Collaboration
In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?
Correspondent node
In Mobile IP, what term describes a device that would like to communicate with a mobile node(MN)?
Correspondent node (CN)
? Which network device is capable of blocking network connections that are identified as potentially malicious?
Demilitarized Zone (DMZ)
Which risk is most effectively mitigated by an upstream Internet Service Provider (ISP)?
Distributed Denial of Service (DDoS)
What is the first step in a disaster recovery effort?
Ensure that everyone is safe
Which type of attack involves the creation of some deception in order to trick unsuspecting users?
Fabrication
?True or False: A VPN router is a security appliance that is used to filter IP packets
False
True or False: A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.
False
True or False: Denial of service (DoS) attacks are larger in scope than Distributed Denial of Service (DDoS) attacks
False
True or False: Store-and-Forward communications should be used when you need to talk to someone immediately.
False
True or False: You should use easy-to-remember personal information to create secure passwords
False
True or False: Cryptography is the process of transforming data from cleartext to ciphertext.
False (Encryption not Cryptography)
True or False: In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.
False: Apply first level and second level tokens and biometrics
True or False: Cryptography is the process of transforming data from cleartext into ciphertext
False: Encryption
True or False: A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.
False: Gap analysis
True or False: The anti-malware utility is one of the most popular backdoor tools in use today
False: Netcat
True or False: A phishing attack "poisons" a domain name on a domain name server.
False: Pharming
True or False: Vishing is a type of wireless network attack
False: Social Engineering attacks
True or False: User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity
False: Task-based
True or False: Bricks-and-mortar stores are completely obsolete now.
False: They have global reach
True or False: Voice patter biometrics are accurate for authentication because voices can't easily be replicated by computer software
False: easy to replicate
What compliance regulation applies specifically to the educational records maintained by schools about students?
Family Education Rights and Privacy Act (FERPA)
Which element of the security policy framework offers suggestions rather than mandatory actions?
Guideline
Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer?
HIPPA
Which law governs the use of the IoT by healthcare providers, such as physicians and hospitals
HIPPA
Which act governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals?
Health Insurance Portability and Accountability Act (HIPAA)
What do organizations expect to occur with the growth of the IoT?
Higher Risks
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?
Integrity
Which organization pursues standards for the IoT devices and is widely recognized as the authority for creating standards of the Internet?
Internet Society
Which IoT challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?
Interoperability
Which type of denial of service attack exploits the existence of software flaws to disrupt a service?
Logic attack
Which element of the security policy framework requires approval from upper management and applies to the entire organization?
Policy
Which tool can capture the packets transmitted between systems over a network?
Protocol analyzer
Which formula is typically used to describe the components of information security?
Risk = Threat X Vulnerabilities
Earl is preparing a risk register for his organization's risk management program. Which data is LEAST likely to be included in a risk register?
Risk Survey results
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?
Rule-based access control
Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?
Simulation Test
Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place?
Spim
Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?
Standard
Which term describes an action that can damage or compromise an asset?
Threat
What type of malicious software masquerades as legitimate software to entice the user to run it?
Trojan Horse
? True or False: IoT devices cannot share and communicate you IoT device data to other systems and applications without your authorization or knowledge
True
?True or False: Networks, routers, and equipment require continuous monitoring and management to keep WAN service available
True
True or False: A Chinese wall security policy defines a barrier and develops a set of rules that makes sure no subject gets to objects on the other side of the wall
True
True or False: A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.
True
True or False: A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.
True
True or False: A trusted operating system (TOS) provides features that satisfy specific government requirements for security.
True
True or False: An IT security policy framework is like an outline that identifies where security controls should be used
True
True or False: Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.
True
True or False: Authorization is the process of granting rights to use an organizations IT assets, systems, applications, and data to a specific user.
True
True or False: Bring your own device (BYOD) opens the door to considerable security risks
True
True or False: Cars that have Wi-Fi access and onboard computers require software patches and upgrades from the manufacturer.
True
True or False: Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it
True
True or False: Devices that combine the capabilities of mobile phones and personal digital assistants (PDAs) are commonly called smartphones
True
True or False: E-commerce systems and applications demand strict confidentiality, integrity, and availability (CIA) security controls.
True
True or False: Each 4g device has a unique Internet Protocol (IP) address and appears just like any other wired device on a network.
True
True or False: Encrypting the data within databases and storage devices gives an added layer of security
True
True or False: Failing to prevent an attack all but invites an attack
True
True or False: Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext.
True
True or False: IoT technology has a significant impact on developing economies, given that it can transform countries into e-commerce-ready nations
True
True or False: Metadata of IoT devices can be sold to companies seeking demographic marketing data about users and their spending habits
True
True or False: One of the first industries to adopt and widely use mobile applications was the healthcare industry
True
True or False: Organizations should start defining their IT security policy framework by defining as asset classification policy
True
True or False: Rootkits are malicious software programs designed to be hidden from normal methods of detection
True
True or False: The Director of IT security is generally in charge of ensuring that the Workstation Domain conforms to Policy
True
True or False: The Government Information Security Reform Act of 2000 focuses on management and evaluation of the security of unclassified and national security systems.
True
True or False: The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services
True
True or False: The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.
True
True or False: The system/application domain holds all the mission critical systems, applications, and data.
True
True or False: The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.
True
True or False: The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.
True
True or False: Using a secure logon and authentication process is one of the six steps to prevent malware.
True
True or False: When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks
True
Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?
Typosquatting
Which of the following is an example of a hardware security control? a) Security Policy b) NTFS permission c) MAC filtering d) ID badge
d
Which of the following is an example of two-factor authentication? a) personal identification number (PIN) and password b) token and smart card c) password and security questions d) smart card and personal identification number (PIN)
d
Which of the following is NOT an area of critical infrastructure where the Internet of Things (IOT) is likely to spur economic development in less developed countries? a) Water Supply management b) Agriculture c) Wastewater Treatment d) E-commerce
d) e-commerce
True or False: A bricks-and-mortar strategy includes marketing and selling goods and services on the Internet
false: e-commerce
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through it's online site. Which type of loss did the company experience as a result of lost sales?
opportunity cost