practice exam ISIN 308

Which of these best describes 3DES?

A FIPS compliant standard

What use is a TPM when implementing full disk encryption?

A Trusted Platform Module provides a secure mechanism for creating and storing the key used to encrypt the data. Access to the key is provided by configuring a password. The alternative is usually to store the private key on a USB stick.

What vulnerabilities might default error messages reveal?

A default error message might reveal the workings of the code to an attacker.

What physical security device could you use to ensure the safety of onsite backup tapes?

A fireproof safe

What is containerization?

A mobile app or workspace that runs within a partitioned environment to prevent other (unauthorized) apps from interacting with it.

Which of these would be best described as a false positive?

A scan infected a Microsoft RPC vulnerability on a Linux web server

What is meant by a public cloud?

A solution hosted by a third-party and shared between subscribers (multi-tenant). This sort of cloud solution has the greatest security concerns.

Which one of the following is the best example of an authorization control?

Access control lists

How might wireless connection methods be used to compromise the security of a mobile device processing corporate data?

An attacker might set up some sort of rogue access point (Wi-Fi) or cell tower (cellular) to perform eavesdropping or Man-in-the-Middle attacks. For Personal Area Network (PAN) range communications, there might be an opportunity for an attacker to run exploit code over the channel

What is the difference between authorization and authentication?

Authorization means granting a user account configured on the computer system the right to make use of a resource (allocating the user privileges on the resource). Authentication protects the validity of the user account by testing that the person accessing that account is who s/he says s/he is

Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?

Baseline

What is usually the purpose of the default rule on a firewall?

Block any traffic not specifically allowed (implicit deny)

What are the main components of BIA?

Business Impact Analysis identifies critical functions and assets plus the threats and level of risk to them.

Which of these enables your browser to trust a particular web site?

Certificate authority

What is a CISO?

Chief Information Security Officer

What three types of intruder alarms can be used in a security system?

Circuit, motion, and duress

What is a CSIRT?

Computer Security Incident Response Team

What is the principal use of symmetric encryption?

Confidentiality

What security properties are meant by the "CIA Triad"?

Confidentiality, Integrity, Availability

Which of these would be the best way to correct a buffer overflow vulnerability?

Correct the bug in the application

Which of these would be the best way to restrict app installations on a mobile device?

Create a whitelist on the MDM

Which of these would not be considered OS hardening?

Create an IPsec tunnel

Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices?

Data ownership

What is the difference between Disaster Recovery and Continuity of Operation planning?

Disaster recovery is about anticipating what could go wrong and drawing up contingency plans to follow if the worst happens. Continuity of operation planning is about risk assessments and ensuring high availability for systems, including planning for fault tolerance and providing resources (such as alternate sites) that could be utilized during disaster recovery.

What type of access control system is based on resource ownership?

Discretionary Access Control

What is the first step in a disaster recovery effort?

Ensure that everyone is safe

Which one of the following is an example of a direct cost that might result from a business disruption?

Facility repair

What compliance regulation applies specifically to the educational records maintained by schools about students?

Family Education Rights and Privacy Act (FERPA)

Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data?

Formatting

Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers?

HIPAA

Which of these would be an example of a cryptographic key function?

HMAC

What term is used to describe a property of a secure network where a sender cannot deny having sent a message?

Non-repudiation

Why is subnetting useful in secure network design?

It provides defense in depth. Subnet traffic is routed allowing it to be filtered by devices such as a firewall

Which of these authentication methods would you most commonly find in a Windows Active Directory environment?

Kerberos

A ________ examines the network layer address and routes packets based on routing protocol path determination decisions.

Layer 3 switch

What is the critical vulnerability associated with WPS?

Limited passphrase length

What attack type waits for a predefined event to occur?

Logic bomb

Which of these would be a false negative?

Malware infected computer without any warning or notification

Which one of the following is an example of a reactive disaster recovery control?

Moving to a warm site

What is NOT a commonly used endpoint security technique?

Network firewall

What level of technology infrastructure should you expect to find in a cold site alternative data center facility?

No technology infrastructure

Which of these would not be considered an authentication factor?

OS installation USB flash

What is OSINT?

Open Source Intelligence refers to searching for information that a company or individual has deliberately and inadvertently released to public sources

Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?

Parallel test

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?

Payment Card Industry Data Security Standard (PCI DSS)

Which of these would be the most useful attack to gain access to a WPA2-PSK network?

Perform a dictionary attack

Which port(s) and security methods should be used by a mail client to submit messages for delivery by an SMTP server?

Port 587 with STARTTLS (explicit TLS) or port 465 with implicit TLS.

What are the four phases of the incident response lifecycle defined by NIST?

Preparation; Detection and Analysis; Containment, Eradication, and Recovery; Post-incident Activity

Which of these would you not expect to find in an X.509 certificate?

Private key

How can malware perform activities on your computer that would not normally be possible with your OS permissions?

Privileged escalation

What metric would be put in-place to minimize acceptable downtime following a security incident?

Recovery Time Objective (RTO).

Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining?

Recovery time objective (RTO)

Which of these would be the most common use of Group Policy controls?

Require a smart card for authentication

What risk, apart from time-wasting, might employee use of social networking pose to an organization?

Reveal confidential information or information that could help an attacker pose as an insider.

Which formula is typically used to describe the components of information security risks?

Risk = Threat X Vulnerability

George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?

Risk Management Guide for Information Technology Systems (NIST SP800-30)

Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?

Risk survey results

What kind of malware can be invisible to the operating system?

Rootkit

Which of these would be commonly filtered by a WAF?

SQL injection

What is the most significant difference between Telnet and SSH?

SSH provides additional security

In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.

SYN flood attack

What is NOT one of the three tenets of information security?

Safety

What is a SIEM?

Security Information and Event Management

Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?

Service level agreement (SLA)

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?

Simulation test

What is a Type II hypervisor?

Software that manages virtual machines that has been installed to a guest OS. This is in contrast to a Type I (or "bare metal") hypervisor, which interfaces directly with the host hardware.

Which of these would be the best example of a qualitative risk?

The help desk staff is not properly trained on the new ERP software

What features of a one-time pad make the system cryptographically secure?

The pad must be generated randomly and must not be re-used

When using S/MIME, which key is used to encrypt a message?

The recipient's public key (principally). The public key is used to encrypt a symmetric session key and (for performance reasons) the session key does the actual data encoding.

Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions?

Threat

What is the purpose of a DMZ?

To publish services without allowing Internet hosts direct access to a private LAN or intranet

Which of these would be the best way of validating and restricting user input to an application?

WAF

Why is a trusted OS necessary to implement file system access control measures?

Trusted OS means that the OS fully mediates the access control system. If this is not the case, an attacker may be able to bypass the security controls

Why is continuing education critical to the success of a security awareness and training program?

Uses of technology and security threats and risks are always changing and employees' knowledge and skills must keep pace with these changes.

Which of these can effectively prevent session hijacking?

VPN connection

How can DLL injection be exploited to hide the presence of malware?

Various OS system functions allow one process to manipulate another and force it to load a Dynamic Link Library (DLL). This means that the malware code can be migrated from one process to another, evading detection.

Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation?

Warm site

Another way that malicious code can threaten businesses is by using mass bulk e-mail (spam), spyware, persistence cookies, and the like,consumingcomputing resources and reducinguser productivity. These are known as ________.

attacks against productivity and performance

Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.

availability

A __________ tries to break IT security and gain access to systems with no authorization, in order to prove technical prowess.

black-hat hacker

A ___________ gives priorities to the functions an organization needs to keep going.

business continuity plan (BCP)

A ___________ defines how a business gets back on its feet after a major disaster like a fire or hurricane.

disaster recovery plan (DRP)

A ___________ controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network.

firewall

A _____________ contains rules that define the types of traffic that can come and go through a network.

firewall

In popular usage and in the media, the term ________ often describes someone who breaks into a computer system without authorization.

hacker

Malicious code attacks all three information security properties.Malware can modify database records either immediately or over a period of time. This property is ________.

integrity

A ________ is a collection of computers connected to one another or to a common connection medium.

local area network (LAN)

A ___________ is a program that executes a malicious function of some kind when it detects certain conditions.

logic bomb

Loss of financial assets due to ________ is a worst-case scenario for all organizations.

malicious attacks

A method to restrict access to a network based on identity or other rules is the definition of ________.

network access control (NAC)

A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator is the definition of ________.

packet-filtering firewall

A ___________ is a software program that performs one of two functions: brute-forcepassword attack to gain unauthorized access to a system,or recovery of passwords stored in a computer system.

password cracker

Network ________ is gathering information about a network for use in a future attack.

reconnaissance

In a _________, attackers direct forged Internet Control Message Protocol (ICMP) echo-request packets to IP broadcast addresses from remote locations to generate denial of service attacks.

smurf attack

A ________ enables the virus to take control and execute before the computer can load most protective measures.

system infector

What protocol type (TCP/UDP) and port number is commonly used for secure terminal communication?

tcp/22

Black-hat hackers generally poke holes in systems, but do not attempt to disclose __________ they find to the administrators of those systems.

vulnerabilities