itm 350 final

¡Supera tus tareas y exámenes ahora con Quizwiz!

Threat

Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is not normally used to make these types of classification decisions?

Diffie-Hellman

Alice and Bob would like to communicate with each other using a session key, but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?

Bob's public key

Alice would like to send a message to Bob securely and wishes to use asymmetric encryption to encrypt the contents of the message. What key does she use to encrypt this message?

Alice's private key

Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?

Functional policies in support of organization policy

Antivirus, firewall, and email use policies belong to what part of a security policy hierarchy?

Slow virus

Arturo discovers a virus on his system that resides only in the computer's memory and not in a file. What type of virus has he discovered?

Event logs

Biyu is a network administrator. She is developing the compliance aspect of her company's security policy. Currently, she is focused on the records of actions that the organization's operating system or application software creates. What aspect of compliance is Biyu focusing on?

Structured Query Language (SQL) injection

Bob is developing a web application that depends on a backend database. What type of attack could a malicious individual use to send commands through his web application to the database?

Formatting

Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is not a good approach for destroying data?

Session Hijacking

Devaki is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Devaki's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?

Copies of all software configurations for routers and switches

Donnelly is an IT specialist. He is in charge of the server and network appliances inventory. The infrastructure roadmap calls for a network systems reconfiguration in the next six months. Adina, the security expert, asks Donnelly to prepare a standardized list of all current and proposed equipment and then to present it to her in a hardware configuration chart. What does Adina tell Donnelly that the chart should include?

botnets

Hacking groups create _______ to launch attacks whereby they infect vulnerable machines with agents that perform various functions at the command of the controller.

Need to know

Hajar is a network engineer. She is creating a system of access involving clearance and classification based on users and the objects they need in a secure network. She is restricting access to secure objects by users based on least privilege and which of the following?

Ownership

Janette is the director of her company's network infrastructure group. She is explaining to the business owners the advantages and disadvantages of outsourcing network security. One consideration she presents is the question of who would be responsible for the data, media, and infrastructure. What consideration is she describing?

Wi-Fi Protected Access version 3 (WPA3)

Juan is a wireless security professional. He is selecting a standard for wireless encryption protocols for access points and devices for his agency. For the highest security, which protocol should Juan choose?

Remote Access Tool (RAT)

Karen is a hacker. She wants to access a server and control it remotely. The tool she plans to use is a type of Trojan. What tool will Karen use for this purpose?

Cross-site scripting (XSS)

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?

Trojan horse

Lin installed a time-management utility that she downloaded from the Internet. Now several applications are not responding to normal commands. What type of malware did she likely encounter?

Project initiation and planning

Marguerite is creating a budget for a software development project. What phase of the system life cycle is she undertaking?

Decryption

Maria receives a ciphertext message from her colleague Wen. What type of function does Maria need to use to read the plaintext message?

Access to a higher level of expertise

Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?

Separation of duties

Mia is her company's network security professional. She is developing access policies based on personnel security principles. As part of this effort, she is devising a method of taking high-security tasks and splitting them among several different employees so that no one person is responsible for knowing and performing the entire task. What practice is she developing?

Intimidation

Rodrigo has just received an email at work from an unknown person. The sender claims to have incriminating evidence against Rodrigo and threatens to release it to his employer and his family unless he discloses certain confidential information about his employer's company. Rodrigo does not know that several other people in the organization received the same email. What form of social engineering has occurred?

Blacklisting

Tonya would like to protect her users and the network when users browse to known dangerous sites. She plans to maintain a list of those sites and drop messages from those websites. What type of approach is Tonya advocating?

False

True or False? Mandatory vacations minimize risk by rotating employees among various systems or duties.

True

True or False? Revocation is a security measure that stops authorization for access to data.

True

True or False? Symmetric key ciphers require that both parties first exchange keys to be able to securely communicate.

False

True or False? The U.S. government currently has no standard for creating cryptographic keys for classified applications.

False

True or False? The term certificate authority (CA) refers to a trusted repository of all public keys.

Field theory

ome ciphers, regardless of type, rely on the difficulty of solving certain mathematical problems, which is the basis for asymmetric key cryptography. Which of the following is a branch of mathematics that involves multiplicative inverses that these ciphers use?

False

rue or False? In a known-plaintext attack (KPA), the cryptanalyst has access only to a segment of encrypted data and has no choice as to what that data might be.

Macro virus

Alison is a security professional. A user reports that, after opening an email attachment, every document he saves is in a template format and other Microsoft Word documents will not open. After investigating the issue, Alison determines that the user's Microsoft Office normal.dot template has been damaged, as well as many Word files. What type of virus is the most likely cause?

Cross-site request forgery (XSRF)

Applications represent the most common avenue for users, customers, and attackers to access data, which means you must build the software to enforce the security policy and to ensure compliance with regulations, including the privacy and integrity of both data and system processes. Regardless of the development model, the application must validate all input. Certain attacks can take advantage of weak validation. One such attack provides script code that causes a trusted user who views the input script to send malicious commands to a web server. What is this called?

Confidentiality

Bob is sending a message to Alice. He wants to ensure that nobody can read the content of the message while it is in transit. What goal of cryptography is Bob attempting to achieve?

Integrity

Bob is sending a message to Alice. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Bob attempting to achieve?

Alice's public key

Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?

Authorizing official (AO)

In an accreditation process, who has the authority to approve a system for implementation?

Baseline

Lin is creating a template for the configuration of Windows servers in her organization. The configuration includes the basic security settings that should apply to all systems. What type of document should she create?

Encouraging the adoption of ethical guidelines and standards

Omar is an infrastructure security professional. After reviewing a set of professional ethics issued by his company, he is learning and adopting ethical boundaries in an attempt to demonstrate them to others. What is this called?

Compartmentalized

Rylie is a newly hired cybersecurity expert for a government agency. Rylie used to work in the private sector. She has discovered that, whereas private sector companies often had confusing hierarchies for data classification, the government's classifications are well known and standardized. As part of her training, she is researching data that requires special authorization beyond normal classification. What is this type of data called?

Digital signature

Security objectives add value to relationships between businesses or between businesses and their customers. Which objective binds a message or data to a specific entity?

This scenario is a classic example of a spear phishing attack, highly targeted at an individual and including information about the company.

The chief executive officer (CEO) of a company recently fell victim to an attack. The attackers sent the CEO an email that appeared to come from the company's attorney. The email informed the CEO that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?

True

True or False? A blanket purchase agreement (BPA) creates preapproved accounts with qualified suppliers to fulfill recurring orders for products or services.

False

True or False? A block cipher encrypts one byte (or bit) at a time, whereas a stream cipher encrypts an entire block of data at a time.

False

True or False? A digitized signature is a combination of a strong hash of a message and a secret key.

True

True or False? A functional policy declares an organization's management direction for security in such specific functional areas as email use, remote access, and Internet interaction (including social media).

True

True or False? A keyword mixed alphabet cipher uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet.

False

True or False? A private key cipher is also called an asymmetric key cipher.

False

True or False? A product cipher is an encryption algorithm that has no corresponding decryption algorithm.

True

True or False? A salt value is a set of random characters you can combine with an input key to create an encryption key.

True

True or False? A security awareness program should address the requirements and expectations of an organization's security policy.

True

True or False? An algorithm is a repeatable process that produces the same result when it receives the same input.

True

True or False? Change control is the management of changes to the configuration of a system.

False

True or False? Change does not create risk for a business.

True

True or False? Classification scope determines what data to classify; classification process determines how to handle classified data.

True

True or False? Company-related classifications are not standard; therefore, there may be some differences of meaning between the terms "private" and "confidential" in different companies.

False

True or False? Configuration changes can be made at any time during a system life cycle, and no process is required.

True

True or False? Digital signatures require asymmetric key cryptography.

True

True or False? Elliptic curve cryptography (ECC) relies on algebraic structures of elliptic curves over finite fields.

True

True or False? In cryptography, a keyspace is the number of possible keys to a cipher.


Conjuntos de estudio relacionados

Life insurance policy provisions, options and riders

View Set

Ch 19: Alterations in Women's Health

View Set

ExamFX, Life Insurance Policy Provisions, Options and Riders, I. Settlement Options

View Set

Global Manager Ch 1, 3, 5, 8, 9, and 10

View Set

The Middle Ages Warm Period -- New Agricultural Technologies

View Set

Chapter 21: Vulnerable Populations: An Overview

View Set

Oligopoly & Mono. Comp. Practice

View Set