ITM 350 midterm
What network port number is used for unencrypted web-based communication by default? A. 443 B. 143 C. 3389 D. 80
80
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place? A. Address resolution protocol (ARP) poisoning B. Internet Protocol (IP) address spoofing C. Christmas attack D. Uniform resource locator (URL) hijacking
A. Address resolution protocol (ARP) poisoning
Juan's web server was down for an entire day in April. It experienced no other downtime during that month. What represents the web server uptime for that month? A. 1.03% B. 96.67% C. 99.96% D. 3.33%
B. 96.67%
What protocol is responsible for assigning Internet Protocol (IP) addresses to hosts on many networks? A. Simple Mail Transfer Protocol (SMTP) B. Dynamic Host Configuration Protocol (DHCP) C. IP D. Transport Layer Security (TLS)
B. Dynamic Host Configuration Protocol (DHCP)
Which of the following is an example of an authorization control? A. One-time password B. Biometric device C. Access control list D. Digital certificate
C. Access control list
Which security model does not protect the integrity of information? A. Biba B. Clark-Wilson C. Brewer-Nash D. Bell-LaPadula
D. Bell-LaPadula
What compliance regulation is similar to the European Union (EU) General Data Protection Regulation (GDPR) of 2016 and focuses on individual privacy and rights of data owners? A. Gramm-Leach-Bliley Act (GLBA) B. Sarbanes-Oxley Act (SOX) C. California Security Breach Information Act (SB 1386) of 2003 D. California Consumer Privacy Act (CCPA) of 2018
D. California Consumer Privacy Act (CCPA) of 2018
Aditya recently assumed an information security role for a financial institution located in the United States. He is tasked with assessing the institution's risk profile and cybersecurity maturity level. What compliance regulation applies specifically to Aditya's institution? A. HIPAA B. FISMA C. PCI DSS D. FFIEC
FFIEC
True or False? The Sarbanes-Oxley Act (SOX) requires all types of financial institutions to protect customers' private financial information.
False
Which element of the security policy framework offers suggestions rather than mandatory actions? A. Standard B. Policy C. Guideline D. Procedure
Guideline
Which element of the security policy framework requires approval from upper management and applies to the entire organization? A. Standard B. Procedure C. Guideline D. Policy
Policy
What is a U.S. federal government classification level that applies to information that would cause serious damage to national security if it were disclosed? A. Private B. Top secret C. Secret D. Confidential
Secret
Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used? A. Policy B. Standard C. Guideline D. Procedure
Standard
True or False? The System/Application Domain of a typical IT infrastructure consists of hardware, operating system software, applications, and data and includes hardware and its logical design.
True
True or False? The User Domain of a typical IT infrastructure defines the people and processes that access an organization's information systems.
True
Which attack is typically used specifically against password files that contain cryptographic hashes? A. Birthday B. Hijack C. Replay D. Social engineering
birthday
Which risk is most effectively mitigated by an upstream Internet service provider (ISP)? A. Distributed denial of service (DDoS) B. Firewall configuration error C. Unauthorized remote access D. Inherently insecure Transmission Control Protocol/Internet Protocol (TCP/IP) applications
distributed denial of service
What type of firewall security feature limits the volume of traffic from individual hosts? A. Flood guard B. Stateful inspection C. Network segmentation D. Loop protection
flood guard
Which type of attack involves eavesdropping on transmissions and redirecting them for unauthorized use? A. Interruption B. Interception C. Modification D. Fabrication
interception
Which term describes the level of exposure to some event that has an effect on an asset, usually the likelihood that something bad will happen to an asset? A. Countermeasure B. Vulnerability C. Risk D. Threat
risk
A ________ is used to identify the part of an Ethernet network where all hosts share the same host address. A. router B. subnet mask C. access point D. switch
subnet mask
True or False? Cryptography is the practice of making data unreadable.
true
In which domain of a typical IT infrastructure is the first layer of defense for a layered security strategy? A. Workstation Domain B. Local Area Network (LAN) Domain C. System/Application Domain D. User Domain
user domain
True or False? The protocols in the Transmission Control Protocol/Internet Protocol (TCP/IP) suite work together to allow any two computers to be connected and thus create a network.
True
Miriam is a network administrator. She would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy? A. Lightweight Extensible Authentication Protocol (LEAP) B. Protected Extensible Authentication Protocol (PEAP) C. Remote Authentication Dial-In User Service (RADIUS) D. Captive portal
captive portal
Which of the following is an example of a direct cost that might result from a business disruption? A. Damaged reputation B. Lost customers C. Lost market share D. Facility repair
facility repair
True or False? Physical access to network equipment is required to eavesdrop on a network connection.
false
True or False? Preventive controls merely attempt to suggest that a subject not take a specific action, whereas corrective controls do not allow the action to occur.
false
True or False? Temporal isolation is commonly used in combination with rule-based access control.
false
True or False? The computer game Solitaire operates at the Application Layer of the Open Systems Interconnection (OSI) Reference Model.
false
True or False? The four central components of access control are users, resources, actions, and features.
false
True or False? The number of failed logon attempts that trigger an account action is called an audit logon event.
false
True or False? The ping utility identifies the path that packets travel through a network.
false
True or False? The term "risk methodology" refers to a list of identified risks that results from the risk identification process.
false
True or False? The type of wireless access point antenna in use, rather than its placement, can present a security risk.
false
True or False? To create the most secure network, configure the firewall to allow all messages except the ones that are explicitly denied.
false
True or False? Voice pattern biometrics are accurate for authentication because voices cannot easily be replicated by computer software.
false
Which network device is designed to block network connections that are identified as potentially malicious? A. Router B. Intrusion detection system (IDS) C. Web server D. Intrusion prevention system (IPS)
intrusion prevention systems (IPS)
What measures the average amount of time between failures for a particular system? A. Recovery time objective (RTO) B. Mean time to repair (MTTR) C. Uptime D. Mean time to failure (MTTF)
mean time repair (MTTR)
What is not a commonly used endpoint security technique? A. Network firewall B. Application control C. Full device encryption D. Remote wiping
network firewall
What is an example of a logical access control? A. Password B. Access card C. Fence D. Key for a lock
password
Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed? A. Detective B. Corrective C. Preventive D. Deterrent
preventive
Which type of attack involves capturing data packets from a network and retransmitting them to produce an unauthorized effect? The receipt of duplicate, authenticated Internet Protocol (IP) packets may disrupt service or produce another undesired consequence. A. Man-in-the-middle B. Hijacking C. IP spoofing D. Replay
replay
What term describes the risk that exists after an organization has performed all planned countermeasures and controls? A. Residual risk B. Qualitative risk C. Exposure D. Total risk
residual risk
What is an example of an alteration threat? A. System or data modification B. Denial of service C. Espionage D. Intentional information leak
system or data modification
Unauthorized access to data centers and downtime of servers are risks to which domain of an IT infrastructure? A. System/Application Domain B. Workstation Domain C. Remote Access Domain D. Wide Area Network (WAN) Domain
system/application domain
Which term describes an action that can damage or compromise an asset? A. Countermeasure B. Risk C. Vulnerability D. Threat
threat
True or False? A home user connecting to a website over the Internet is an example of a wide area network (WAN) connection.
true
True or False? A network protocol governs how networking equipment interacts to deliver data across the network.
true
True or False? A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded link or opening an email attachment.
true
True or False? In a watering-hole attack, a targeted user is lured to a commonly visited website on which malicious code has been planted.
true
True or False? Not all risks are inherently bad; some risks can lead to positive results.
true
True or False? Physically disabled users might have difficulty with biometric system accessibility, specifically with performance-based biometrics.
true
True or False? Safeguards address gaps or weaknesses in the controls that could otherwise lead to a realized threat.
true
True or False? Single sign-on (SSO) can provide for greater security because with only one password to remember, users are generally willing to use stronger passwords.
true
True or False? The Data Link Layer of the Open Systems Interconnection (OSI) Reference Model is responsible for transmitting information on computers connected to the same local area network (LAN).
true
True or False? The Physical Layer of the Open Systems Interconnection (OSI) Reference Model must translate the binary ones and zeros of computer language into the language of the transport medium.
true
True or False? The term "risk management" describes the process of identifying, assessing, prioritizing, and addressing risks.
true
True or False? The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them.
true
True or False? The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.
true
True or False? Theft of intellectual property and its release to competitors or to the public can nullify an organization's competitive advantage.
true
True or False? Transmission Control Protocol/Internet Protocol (TCP/IP) is a suite of protocols that operates at both the Network and Transport layers of the Open Systems Interconnection (OSI) Reference Model.
true
True or False? Transmitting private or sensitive data unencrypted is a risk in both the Local Area Network (LAN) and Wide Area Network (WAN) Domains of a typical IT infrastructure.
true
True or False? When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks.
true
What is a primary risk to the Workstation Domain, the Local Area Network (LAN) Domain, and the System/Application Domain? A. Mobile worker token or other authentication stolen B. Unauthorized network probing and port scanning C. Unauthorized access to systems D. Downtime of IT systems for an extended period after a disaster
unauthorized access to systems
What type of attack against a web application uses a newly discovered vulnerability that is not patchable? A. Cross-site scripting (XSS) B. Zero-day attack C. Structured Query Language (SQL) injection D. Cross-site request forgery (CSRF)
zero-day attack
A company's IT manager has advised the business's executives to use a method of decentralized access control rather than centralized to avoid creating a single point of failure. She selects a common protocol that hashes passwords with a one-time challenge number to defeat eavesdropping-based replay attacks. What is this protocol? A. Challenge-Handshake Authentication Protocol (CHAP) B. Kerberos C. Password Authentication Protocol (PAP) D. Lightweight Directory Access Protocol (LDAP)
A. Challenge-Handshake Authentication Protocol (CHAP)
Which type of password attack is used on weak passwords and compares a hashed value of the passwords to the system password file to find a match? A. Dictionary attack B. Social engineering attack C. Rainbow table attack D. Brute-force attack
A. Dictionary attack
Which type of authentication includes smart cards? A. Ownership B. Action C. Knowledge D. Location
A. Ownership
Wen is a network engineer. He would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology is best to use? A. Virtual LAN (VLAN) B. Virtual private network (VPN) C. Network access control (NAC) D. Transport Layer Security (TLS)
A. Virtual LAN (VLAN)
What is the first priority when responding to a disaster recovery effort? A. Following the disaster recovery plan (DRP) B. Ensuring that everyone is safe C. Communicating with all affected parties D. Determining the cause of the event
B. Ensuring that everyone is safe
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If that is correct, which one of the tenets of information security did this attack violate? A. Availability B. Integrity C. Nonrepudiation D. Confidentiality
B. Integrity
An automatic teller machine (ATM) uses a form of constrained user interface to limit the user's ability to access resources in the system. Specifically for ATMs, which method is being used? A. Menus B. Physically constrained user interfaces C. Encryption D. Database views
B. Physically constrained user interfaces
Which is the typical risk equation? A. Risk = Vulnerability x Cost B. Risk = Threat x Vulnerability C. Risk = Likelihood x Vulnerability D. Risk = Threat x Likelihood
B. Risk = Threat x Vulnerability
What is an example of two-factor authentication (2FA)? A. PIN and password B. Smart card and personal identification number (PIN) C. Token and smart card D. Password and security questions
B. Smart card and personal identification number (PIN)
What is the main purpose of risk identification in an organization? A. To understand threats to critical resources B. To make the organization's personnel aware of existing risk C. To create a business continuity plan (BCP) D. To create a disaster recovery plan (DRP)
B. To make the organization's personnel aware of existing risk
Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross-site scripting attack against the server. What term describes the issue that Adam discovered? A. Threat B. Vulnerability C. Risk D. Impact
B. Vulnerability
Which of the following is not true of gap analysis? A. Threats that you do not address through at least one control indicate gaps in the security. B. The difference between the security controls that are in place and the controls that are necessary to address all vulnerabilities is called the security gap. C. A gap analysis can be performed only through a formal investigation. D. One important aspect of a gap analysis is determining the cause of the gap.
C. A gap analysis can be performed only through a formal investigation.
Which regulation requires schools to receive written permission from a parent or an eligible student before releasing any information contained in a student's education record? A. California Security Breach Information Act (SB 1386) of 2003 B. Government Information Security Reform Act (Security Reform Act) of 2000 C. Family Education Rights and Privacy Act (FERPA) D. Children's Online Privacy Protection Act (COPPA)
C. Family Education Rights and Privacy Act (FERPA)
What compliance regulation focuses on management and evaluation of the security of unclassified and national security systems? A. Gramm-Leach-Bliley Act (GLBA) B. Federal Information Security Management Act (FISMA) C. Government Information Security Reform Act (Security Reform Act) of 2000 D. The USA PATRIOT Act of 2001
C. Government Information Security Reform Act (Security Reform Act) of 2000
A brute-force password attack and the theft of a mobile worker's laptop are risks most likely found in which domain of a typical IT infrastructure? A. User Domain B. Workstation Domain C. Remote Access Domain D. Local Area Network (LAN) Domain
C. Remote Access Domain
Which of the following principles is not a component of the Biba integrity model? A. Subjects at a given integrity level can call up only subjects at the same integritylevel or lower. B. Subjects cannot read objects that have a lower level of integrity than the subject. C. Subjects cannot change objects that have a lower integrity level. D. A subject may not ask for service from subjects that have a higher integrity level.
C. Subjects cannot change objects that have a lower integrity level.
Because network computers or devices may host several services, programs need a way to tell one service from another. To differentiate services running on a device, networking protocols use a(n) ________, which is a short number that tells a receiving device where to send messages it receives. A. ping B. Media Access Control (MAC) address C. network port D. Internet Protocol (IP) address
C. network port
A hacker has stolen logon IDs and passwords. The hacker is now attempting to gain unauthorized access to a public-facing web application by using the stolen credentials one by one. What type of attack is taking place? A. Replay attack B. Birthday attack C. Phreaking D. Credential harvesting
D. Credential harvesting
Which of the following is an example of a reactive disaster recovery plan? A. Antivirus software B. Surge suppression C. Disk mirroring D. Moving to a warm site
D. Moving to a warm site
What level of technology infrastructure should you expect to find in a cold site alternative data center facility? A. Hardware and data that mirror the primary site B. Basic computer hardware C. Hardware that mirrors the primary site, but no data D. No technology infrastructure
D. No technology infrastructure
A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals? A. Federal Financial Institutions Examination Council (FFIEC) B. Federal Information Security Management Act (FISMA) C. Health Insurance Portability and Accountability Act (HIPAA) D. Payment Card Industry Data Security Standard (PCI DSS)
D. Payment Card Industry Data Security Standard (PCI DSS)
Hakim is a network engineer. He is configuring a virtual private network (VPN) technology that is available only for computers running the Windows operating system. Which technology is it? A. Point-to-Point Tunneling Protocol (PPTP) B. Internet Protocol Security (IPSec) C. OpenVPN D. Secure Socket Tunneling Protocol (SSTP)
D. Secure Socket Tunneling Protocol (SSTP)
Wen is a network engineer. For several months, he has been designing a system of controls to allow and restrict access to network assets based on various methods and information. He is currently configuring the authentication method. What does this method do? A. Grants or denies a requestor access and what they can do on a network B. Determines how actions can be traced to an individual C. Answers the question "who is asking to access the asset?" D. Verifies that requestors are who they claim to be
D. Verifies that requestors are who they claim to be
Which security control is most helpful in protecting against eavesdropping on wide area network (WAN) transmissions? A. Deploying an intrusion detection system/intrusion prevention system (IDS/IPS) B. Applying filters on exterior Internet Protocol (IP) stateful firewalls C. Blocking Transmission Control Protocol (TCP) synchronize (SYN) open connections D. Encrypting transmissions with virtual private networks (VPNs)
Encrypting transmissions with virtual private networks (VPNs)