ISMN 5730 exam 2 part 2

¡Supera tus tareas y exámenes ahora con Quizwiz!

An IP address is composed of

32 bits, 4 number 254 digits possible

A complete conceptual model of systems including software, hardware and users is known as... Infrastructure diagram Architecture diagram Network topology System map

Architecture diagram (because it includes USERS)

Enterprise security architecture does not address... Configurations for technical infrastructure Strategic alignment Process enhancement Business enablement

Configurations for technical infrastructure COMPONENTS OF ESA - Strategic alignment - Process enhancement - Business enablement - Security foundation - Aligned with best practices

Which of the following is a common framework used to develop an Enterprise Security Architecture? Zechman Plott Goal-Process-Fit Cost-Benefit

Zechman/Zachman Framework

What is the initial requirement to be performed in establishing a business continuity plan? Agree on the scope of the plan Determine the site to be used during a disaster Demonstrate adherence to standard disaster recovery process Identify the applications to be run during a disaster

Agree on the scope of the plan

Which of the following best describes a hot site: Fully equipped back up center with external interfaces (power, water ect) and telecommunications, as well as complete computing resources on site Parallel processing location with actively running identical systems Prepared off site storage location containing basic facilities such as data connections and telecommunications but no computing resources Relocation of equipment during critical times

HOT SITE: Fully equipped back up center with external interfaces (power, water etc) and telecommunications, as well as complete computing resources on site MIRROR SITE: Parallel processing location with actively running identical systems

Which of the following is NOT a key strategy for developing a physical security program? Surveillance with high visual control Management support for physical measurements of security Controlled flow of movement through limited access Territoriality culture among employees

Management support for physical measurements of security

The most important goal of any BCP is: Preserve human life Ensure the survivability of the business Provide clear guidance for defining a disaster Minimize the downtime of critical systems

preserve human life (this is also the primary concern for physical security)

Which is not true of Enterprise Security Architecture? Development of the architecture is primarily end-user driven A strategic prospective of the organization is required to develop an enterprise security architecture A focus on alignment with business processes is important Architectures should be designed to support organizational goals

Development of the architecture is primarily end-user driven

Which of the following is generally not considered part of a data network? File server Mainframe Workstation End User

End User

A video streaming applet written in Java and downloaded to clients from a server presents the greatest threat of which type of attack? Denial of Service Buffer Overflow Back/Trap Doors Mobile Code/Content

Mobile Code/Content

When application developers fail to provide appropriate means in application source code to truncate or limit input string size into interface fields, the application becomes susceptible to which type of attack? Trap/Back Doors Mobile Code/Content Buffer Overflow Denial of Service

Buffer Overflow

Which of the following best explains BIA? It is the process of analyzing all business functions to determine the effect of IT outages in the business It is the process of updating the functions of the business after a disaster It is the process of documenting events during a disaster It is the process of managing the recovery at non-primary business sites

It is the process of analyzing all business functions to determine the effect of IT outages in the business

To resolve IP numbers to names and names to IP numbers is the function of

The DNS (domain name system)

Which should be the first step in establishing organization control for remote access? configure the open inbound parts on all network hardware devices Establish rules for the IPS and IDS devices Review all business use cases for users requesting remote access Publish a clear policy on remote access

publish a clear policy on remote access

Examples of types of physical access controls include all of the following EXCEPT: Passwords Gates Locks Guard stations

Passwords

Regarding application security, which is not a common issue that poses a potential threat? Trap/Back Doors Garbage Collection Check Sum Redistribution Object Reuse

Check sum redistribution

All of the following are goals of physical security, EXCEPT Detain Delay Detect Deter

Detain the goals are deter, delay, detect, assess, respond

Which of the following statements about OSI and TCI/IP is correct? TCP/IP includes seven layers OSI is the model upon which the TCP/IP protocol is based TCP/IP is a seven layer model of OSI OSI has 4 operational layers

OSI is the model upon which the TCP/IP is protocol is based

Which of the following examples would best fit the "Deter" goal of physical security? A ultrasonic sensor system that is deployed on the loading dock at the rear of a manufacturing facility A biometric lock system installed at an entry door in a building A dry pipe sprinkler systems that is installed in a data center server room A sign on a fence that reads "WARNING: Electrified Fence" that is installed around the HVAC system on the side of a building

A sign on a fence that reads "WARNING: Electrified Fence" that is installed around the HVAC system on the side of a building

In order of least allowable downtime to most allowable downtime, rank these recovery strategies: Mirror Site, Hot Site, Warm Site, Cold Site Warm Site, Cold Site, Hot Site, Mirror Site Mirror Site, Cold Site, Warm Site, Hot Site Cold Site, Warm Site, Hot Site, Mirror Site

Mirror Site, Hot Site, Warm Site, Cold Site

A camera located outside a server room door supports which of the following physical security objectives Process Delay Detect Review

Detect

In testing phase of an application development project, which is NOT a desirable characteristic of test data that will be used to evaluate a newly developed application? It should represent a wide range of possible data that could be entered in the system by users. It should be live real-time online data from the current production system. It should be able to be validate both before and after test runs. It should provide a means of checking upper and lower bounds of the system regarding field sizes, time, and dates.

It should be live real-time online data from the current production system. YOU'RE USING TEST DATA TO TEST A NEW APPLICATION

In the Project initiation phase of the system development life cycle, which is NOT an important consideration for a security professional? Perform Unit test to evaluate the security of code Conduct of Risk Analysis Identify appropriate security frameworks Identification of Security Needs

Perform Unit test to evaluate the security of code (the code hasn't been written yet!)

Which is not a principal benefit of an Enterprise Security Architecture? Promote a positive perspective for systems management across the enterprise Consistently manage IT risk across the enterprise Allow decision makers to make better and quicker security-related decisions across for the enterprise Reduce the costs of managing IT risk

Promote a positive perspective for systems management across the enterprise


Conjuntos de estudio relacionados

Chapter 9: Maternal and Fetal Nutrition NCLEX

View Set

bus comm final - charles williams

View Set

respiratory practice questions success

View Set

NU 344 Aging: Myths and Realities

View Set

Merrill's ch 7 pelvis and proximal femur

View Set

Chapter 14 Vocabulary: World History

View Set

ISM4324 Computer Forensics Chapter 2

View Set

4. Osobní obchodní společnosti (veřejná obchodní společnost, komanditní společnost).

View Set