Vargas Final Ch.8-15

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following best describes a dual-homed ISP connection? A) An ISP connection using two firewalls. B) Connecting two LANs to the Internet using a single ISP connection. C) A network that maintains two ISP connections. D) Using two routers to split a single ISP connection into two subnets.

A network that maintains two ISP connections.

Background Check

A process to uncover any evidence of past behavior that might indicate a prospect is a security risk.

What does it mean when there are differences between the last security configuration baseline and the current security configuration settings? A) Unauthorized changes have occurred. B) Authorized changes have occurred. C) Changes have occurred (either authorized or unauthorized). D) Unapproved changes are awaiting deployment.

Changes have occurred (either authorized or unauthorized)

Business Drivers

Components including people, information, and conditions, that support enterprise objectives.

Which type of agreement can protect the ability to file a patent application? A) Relinquish Ownership Agreement B) Security Clearance Waiver C) Background Check Agreement D) Confidentiality Agreement

Confidentiality Agreement

Which type of control only reports that a violation has occurred? A) Preventative B) Detective C) Corrective D) Restorative

Detective

RACI Matrix

Documents tasks and personnel responsible for the assignments. R- Responsible A- Accountable C- Consulted I- Informed

________ cabling provides excellent protection from interference but can be expensive.

Fiber optic

Which type of network devices is most commonly used to filter network traffic? A) Router B) Firewall C) Switch D) IDS

Firewall

The __________ property of the C-I-A triad provides the assurance the information cannot be changed by unauthorized users.

Integrity

Which security-related act requires organizations to protect all personal medical information? A) HIPAA B) GLBA C) SOX D) SCM

HIPAA

Which of the following is the process of verifying credentials of a specific user? A) Authorization B) Identification C) Authentication D) Revocation

Identification

Which of the following best describes the purpose of auditing? A) It finds the root causes of violation issues. B) It assists investigators in identifying blame for violations. C) It verifies that systems are operating in compliance. D) It searches for hidden unacceptable use of IT resources.

It verifies that systems are operating in compliance

Detective Controls

Mechanisms such as motion detectors or usage log analysis tools, recognize when an undesired action has occurred.

Which of the following controls would comply with the directive to limit access to payroll data to computers in the HR department? A) User-Based authorization B) Group-based authorization C) Media Access Control-based authorization D) Smartcard-based authorization

Media Access Control-based authorization

Which of the following describes a common LAN protocol deployed to a network the size of a city? A) IPSec Man B) Urban Ethernet C) TCP MAN D) Metro Ethernet

Metro Ethernet

The _________ feature speeds up routing network packets by adding a label to each packet with routing information.

Multi-Protocol Label Switching (MPLS)

Which of the following is a solution that defines and implements a policy that describes the requirements to access your network? A) NAC B) NAT C) NIC D) NOP

NAC

When using a DAC, a subject must possess sufficient clearance as well as ________ to access an object.

Need to Know

A(n) _________ is a dedicated computer on a LAN that runs network management software.

Network Monitoring Platform (NMP)

Which of the following is a series of individual tasks that users accomplish to comply with one or more goals? A) Policy B) Standard C) Procedure D) Guideline

Procedure

What are the types of malware? (Select two) A) Programs that actively spread or infect B) Programs that slow down data transfer C) Programs that cause damage D) Programs that hide

Programs that actively spread or infect Programs that hide

A(n) ________ makes requests for remote services on behalf of local clients.

Proxy server

Which access control method is based on granting permissions? A) DAC B) MAC C) RBAC D) OAC

RBAC

Security Procedure

Refers to individual tasks users must complete to comply with one or more security standards.

Separation of Duties

Requires that users from at least two distinct riles be required to accomplish any business-critical task.

Using a RACI matrix, which attribute refers to the party that actually carries out the work? A) Responsible B) Accountable C) Consulted D) Informed

Responsible

Which of the following terms ensures at least two people must perform a series of actions to complete a task? A) Separation of Duties B) Least Privilege C) Need to Know D) User Clearance

Separation of Duties

The ________ contains the guaranteed availability for your WAN connection.

Service Level Agreement (SLA)

If you only have one connection to the Internet and that connection fails, your organization loses its Internet connection. This is an example of a(n) _________ .

Single point of failure

Which of the following is a collection of requirements the users must meet? A) Policy B) Standard C) Procedure D) Guideline

Standard

What condition must exist for a background check to be governed by FCRA? A) The investigation includes credit history. B) The investigation is performed by a third party. C) The investigation is performed by the prospective employer. D) The investigation includes criminal history.

The investigation is performed by the prospective employer.

Matrix (R)aci:

The person who actually performs the work to accomplish the task. May be multiple people.

Matrix rac(I):

The person who desires to be kept up to date on a task's progress. May be multiple people.

Matrix r(A)ci:

The person who is accountable for the proper completion of the task. Likely the R's manager.

How can some smart routers attempt to stop a DoS attack in progress? A) They can alert an attack responder. B) They can log all traffic coming from the source of the attack. C) They can terminate any connections with the source of the attack. D) They can reset all connections.

They can terminate any connections with the source of the attack.

Which of the following would be the best use for a packet sniffer? A) To approve or deny traffic based on the destination address. B) To encrypt confidential data. C) To analyze packet contents for known inappropriate traffic. D) To track configuration changes to specific LAN devices.

To analyze packet contents for known inappropriate traffic.

A distributed application is one in which the components that make up the application reside on different computers. True or False

True

Descretionary access control is based on roles and granted permissions. True or False

True

Even the newest wireless protocols are slower than using high-quality physical cable. True or False

True

You should back up LAN device configuration settings as part of a LAN backup. True or False

True

A _________ makes it easy to establish what appears to be a dedicated connection over a WAN.

Virtual Private Network (VPN)

Many organizations use a(n) ________ to allow remote users to connect to internal network resources.

Virtual Private Network (VPN)

Some attackers use the process of ________ to find modems that may be used to attack a computer.

War dialing

Mandatory Access Control (MAC)

When the operating system makes the decision to grant or deny access to any data object by matching the object's classification on the user's clearance.

Discretionary Access Control (DAC)

When you define permissions based on roles, or groups, you allow object owners and administrators to grant access rights.

A ________ is a type of malware that is a self-contained program that replicates and sends copies of itself to other computers.

Worm

Contractors

A group within the user domain. This group may bring specialized skills to an organization, but they also pose potential risks. (Some trust is neccesary/ Parital Access)

Guests/ Third Parties

A group within the user domain. This group may have no duties related to sensitive information, but might still have access to an organization's network. (Least trusted/ Limited Access)

Security Policy

A high-level statement that defines an organization's commitment to security and the definition of a secure system.

Which of the following best describes the term honeypot? A) A server that is deliberately set up in an unsecure manner to attract attackers. B) A server that contains extremely sensitive data. C) A collection of computers that are vlunerable to attack and could allow your network to be compromised. D) Vulnerable servers in your network that would not be dangerous if compromised.

A server that is deliberately set up in an unsecure manner to attract attackers.

Acceptable Use Policy (AUP)

A statement for each type of user that serves as a training guide and direction document for other controls.

Human Resources (HR) Manuals

A type of documentation within the user domain. Includes security awareness, education, and documentation of an organization's policies and procedures. Provides information on how people within an organization should conduct themselves in any situation.

Email AUPs

A type of documentation within the user domain. Provides guidance and defines proper/improper use of an organization's email.

Internet AUPs

A type of documentation within the user domain. Provides guidance and defines proper/improper use of an organization's internet.

IT asset AUPs

A type of documentation within the user domain. Provides guidance for personnel on proper use of resources.

Which of the following is the process of providing additional private credentials that match the user ID or username? A) Authroization B) Identification C) Authentication D) Revocation

Authentication

Preventative Controls

Mechanisms such as locked doors or computer access controls, keep an undesired action from happening.

Which of the following is commonly the primary security control for data entering LAN-to-WAN Domain? A) Filtering B) NAT C) Encryption D) Address Validation

Filtering

Corrective Controls

Mechanisms such as the procedure to remove viruses or a firewall to block an attacking system, repair damage caused by an undesired action and limit further damage.

Which of the following devices repeats input received to all ports? A) Switch B) Hub C) Gateway D) Router

Hub

Which department should take lead in User Domain compliance accountability? A) Information Technology B) Information Security C) Human Resources D) Security

Human Resources

Which of the following devices detect potential intrusions? (Select two) A) Firewall B) IPS C) IDS D) Load Balancer

IPS and IDS

Which of the following terms defines a strategy in which you grant access that allows a suer to complete assigned tasks and nothing else? A) Separation of Duties B) Least Privilege C) Need to Know D) User Clearance

Least Privilege

Which WAN technology is a cost effective solution for connecting multiple locations? A) MPLS B) ISDN C) MAN D) L2TP

MPLS

Which LAN device commonly has the ability to filter packets and deny traffic based on the destination address? A) Router B) Gateway C) Hub D) Switch

Router

Which of the following is an internal control report for the services provided by a service provider? A) SLA B) WAN C) SOC D) MPLS

SOC

Need to Know

Simply means you have a need to access an object to do your job. Supports least privilege.

Why is mapping a LAN a productive exercise? A) Visual maps help to identify unnecessary controls. B) Visual maps help in understanding your LAN design. C) A LAN map is required before physically installing any hardware or connection media. D) A visual map is the only way to define paths between devices.

Visual maps help in understanding your LAN design.

A(n) __________ can exclude unnecessary traffic from the WAN.

WAN optimizer

Who writes SLAs? A) Subscribing organization B) Telecom Company C) WAN service provider D) SOC

WAN service provider

Which entity is responsible for controlling access to network traffic in the WAN? A) WAN optimizer B) Your organization C) WAN service provider D) Network management platform

Your organization

A successful DoS attack violates the ________ property of C-I-A.

Availability

The term ________ defines the components, including people, information, and conditions that support business objectives.

Business Drivers

Most WAN protocols operate at which level in the OSI reference model? A) 7 B) 3 C) 2 D) 1

2

Security Guideline

A collection of best practices or suggestions that help users comply with procedures and standards.

Security Standard

A collection of requirements the users must meet, typically within a specific system or environment.

Confidentiality Agreement

A document that that communicates your organization's security policy. Also known as a Non-Disclosure Agreement (NDA).

Employees

A group within the user domain. This group has the greatest stake in the organization. (Most Trusted/ Full Access)

Which of the following types of policies defines prohibited actions? A) Access Control Policy B) Password Usage Policy C) Acceptable Use Policy D) Violation Action Policy

Acceptable Use Policy

You only need written authorization prior to conducting a penetration test that accesses resources outside your organization. True or False

False

Why is LAN device configuration control important? A) Configuration control helps to detect violations of LAN resource access controls. B) Configuration control can detect changes an attacker might have made to allow harmful traffic in a LAN. C) It reduces the frequency of changes because they are more difficult to implement with configuration control. D) Configuration control ensures LAN devices are set up once and never changed.

Configuration control can detect changes an attacker might have made to allow harmful traffic in a LAN.

A(n) _________ is an isolated part of a network that is connected both to the internet and your internal secure network and is a common home for internet-facing web servers.

DMZ

Which type of WAN generally has the highest speed and is most secure? A) Dedicated Line B) Circuit Switching C) Packet Switching D) MPLS network

Dedicated line

Fair Credit Reporting Act (FCRA)

Defines national standards for all consumer reports, and how to conduct background checks.

Which of the following choices protect your system from users transferring private data files from a server to a workstation? (Select two) A) Increase the frequency of object access audits. B) Deliver current security policy training. C) Place access control to prohibit innappropriate actions. D) Enable access auditing for all private data files.

Deliver current security policy training. Place access control to prohibit innappropriate actions.

Which of the following is the primary type of control employed in the WAN domain? A) Firewalls B) Encryption C) Hashing D) Compression

Encryption

A LAN is a network that generally spans several city blocks. True or False

False

A confidentiality agreement sets the expectations of each employee and sets job performance standards. True or False

False

A local resource is any resource connected to the local LAN. True or False

False

By definition, VPN traffic is encrypted. True or False

False

PCI DSS allows merchants to store the CVV number. True or False

False

The WAN Domain commonly contains a DMZ. True or False

False

The primary concern for remote access is availability. True or False

False

WAN subscription cost tends to decrease as availability increases. True or False

False

__________ means the ongoing attention and care an organization places on security and compliance.

Due Dilligence

Where must sensitive information be encrypted to ensure its confidentiality? (Select two.) A) While in use on a workstation B) During transmission over the network C) As it is stored on disk D) In memory

During transmission over the network As it is stored on disk

Matrix ra(C)i:

The person who provides input that is helpful in completing a task. May be multiple people.

NAT is helpful to hide internal IP Addresses from the outside world. True or False

True

One of the most important concerns when sending data across a WAN is confidentiality. True or False

True


Conjuntos de estudio relacionados

Pedi Exam #3 ATI Practice Questions

View Set

Wills, Trusts & Probate Admin: Key Terms

View Set

Real Estate Fundamentals - Chapter 2

View Set

History 2111 Final Exam Study Guide

View Set

Quiz 8: Public Gds, Common Resources

View Set

Investments Final (CH 8,9,13,18) Study Set

View Set

Investment Vehicle Characteristics Series 65

View Set

Nursing 101 - Ch. 4 - Health of the Individual, Family, and Community

View Set

Basic Human Nutrition Exam 6 Study Guide

View Set