Security Fundamentals Exam Study Guide (CIST 1601)

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time?

Online Certificate Status Protocol

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the single loss expectancy (SLE)?

$20,000

Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?

.docx

Which one of the following is an example of a logical access control?

A computer can check passwords to make sure they follow these rules.

Which of the following is NOT a benefit of cloud computing to organizations?

Able to provide services to many clients simultaneously.

What is NOT a good practice for developing strong professional ethics?

Assume that information should be free.

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?

Audit

What is NOT generally a section in an audit report?

Baselines

Which security model does NOT protect the integrity of information?

Bell-La Padula Model

Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement?

Bring Your Own Device (BYOD)

Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?

Brute Force Attack

Which information security objective allows trusted entities to endorse information?

Certification

Which activity manages the baseline settings for a system or device?

Configuration Control

With the use of Mobile IP, which device is responsible for keeping track of mobile nodes and forwarding packets to its current network?

Correspondent Node

What protocol is responsible for assigning IP addresses to hosts on most networks?

DHCP

What is NOT one of the four main purposes of an attack?

Data Import

Which one of the following is an advantage that the Internet of Things (IoT) brings to economic development for countries?

Data analytics feed the growth, connectivity is everywhere, and IP-based networking is globally adopted.

Which network device is capable of blocking network connections that are identified as potentially malicious?

Demilitarized Zone (DMZ)

What information should an auditor share with the client during an exit interview?

Details on Major Issues

What is the first step in a disaster recovery effort?

Disaster-Recovery Planning

Which risk is most effectively mitigated by an upstream ISP?

Distributed Denial of Service (DDoS)

Which organization creates information security standards that specifically apply within the European Union?

ETSI

Which one of the following is an example of a direct cost that might result from a business disruption?

Extreme weather, criminal activity, terrorist acts, operational, and application failure.

What is NOT a common endpoint for a VPN connection used for remote network access?

Firewalls

What type of firewall security feature limits the volume of traffic from individual hosts?

Floodguard

What type of system is intentionally exposed to attackers in an attempt to lure them out?

Honeypot

What is a set of concepts and policies for managing IT infrastructure, development, and operations?

Loss Expectency

Which agreement type is typically less formal than other agreements and expresses areas of common interest?

Memorandum of Understanding

What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities?

NIST SP 800-37

When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve?

Nonrepudiation

Matthew captures traffic on his network and notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol uses secure, encrypted connections?

Port 22

Which document is the initial stage of a standard under the Internet Engineering Task Force (IETF) process?

Post-Standards

Which tool can capture the packets transmitted between systems over a network?

Protocol Analyzer

Which group is the most likely target of a social engineering attack?

Receptionists and Administrative Assisting

Purchasing an insurance policy is an example of the ____________ risk management strategy.

Reduce

What is the correct order of steps in the change control process?

Request -> Impact Assessment -> Approval -> Build/Test -> Implement -> Monitor

What term describes the longest period of time that a business can survive without a particular critical system?

Residual Risk

Which formula is typically used to describe the components of information security risks?

Risk = Threat x Vulnerabilities

What firewall approach is shown in the figure?

Screen Subnet

Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of the IoT innovation?

Secure

From a security perspective, what should organizations expect will occur as they become more dependent upon the IoT?

Security risks will increase.

Which technology category would NOT likely be the subject of a standard published by the International Electrotechnical Commission (IEC)?

Solar Energy

Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place?

Spam

What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?

Switch

Which set of characteristics describes the Caesar cipher accurately?

Symmetric, stream, substitution.

What file type is least likely to be impacted by a file infector virus?

Text Document

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?

WHOIS Service

Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?

Warm Site

What is NOT a service commonly offered by unified threat management (UTM) devices?

Wireless Network Access

What is NOT one of the three tenets of information security?

accessibility


Conjuntos de estudio relacionados

MHR 422 - Chapter 4 Prototyping + lean startup

View Set

Chapter 23: Statement of Cash Flows

View Set

Unit 4: World History Renaissance and Reformation Q/A

View Set

Social Studies 4-8 Texas Certification - PACT

View Set

Mosby's Review: Chapter 4: Image Production (digital image acquisition)

View Set

Community Exam 2 (6, 7, 12, 14, 18)

View Set