CIS 560 CH11-15 Test 3

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What file type is least likely to be impacted by a file infector virus?

.docx

During which decade did active content pose the greatest problem?

2000s

What ISO security standard can help guide the creation of an organization's security policy?

27002

Which NIST SP series deals with IT security?

800

The purpose of DoD Directive _____________ is to reduce the possibility that unqualified personnel can gain access to secure information.

8570.01

Which of the following is the definition of continuing professional education (CPE)?

A standard unit of credit that equals 50 minutes of instruction. They are typically needed to maintain certification or licensing.

Which standards organization primarilyaddresses software development?

ANSI

"________" refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.

Accredited

The International Information Systems Security Certification Consortium [usually abbreviated '(ISC)2'] considers the ____________ to be its flagship credential. It demonstrates competency in the eight domains of the (ISC)2 body of knowledge, such as Asset Security and Security/Risk Management. It is targeted at middle- and senior-level security managers. It also costs $599 just to take the exam.

CISSP

Which (ISC)2 security certification addresses software development?

CSSLP

Which vendor-specific certification offers five progressive levels?

Cisco

Which certification organization is best known for an entry-level information security certification

CompTIA

A graduate school wants to require a vendor-neutral security certification as one of the entrance requirements for its cybersecurity degree program. Which of the following would best meet that requirement?

CompTIA Security+

A successful denial of service (DoS) attack may create so much network congestion that authorized users cannot access network resources.

True

ActiveX is used by developers to create active content.

True

ActiveX is used by developers to create active content.A computer virus is an executable program that attaches to, or infects, other executable programs

True

An electronic mail bomb is a form of malicious macro attack that typically involves an email attachment that contains macros designed to inflict maximum damage.

True

Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily.

True

Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents.

True

The function of homepage hijacking is to change a browser's homepage to point to the attacker's site.

True

The goal of a command injection is to execute commands on a host operating system.

True

Unlike viruses, worms do NOT require a host program in order to survive and replicate.

True

The term "web defacement" refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server.

Trye

Cascading Style Sheets (CSS), Common Gateway Interface (CGI), and Hypertext Markup Language (HTML) are standards developed or endorsed by the ____________.

W3C

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?

Whois

Which type of attack usually employs text messages?

botnets

An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________.

continuing education

What phase of an attack is most likely to involve log files?

covering tracks.

Which of the following resources for information security would be the least current?

local library

Which type of infectors usually affect office applications?

macro

Which type of virus involves encryption?

polymorphic

Which of the following is not usually administered by a college or university?

professional certification

ISO/IEC 27002 does not address_______

Ethernet Standards

Spyware does NOT use cookies.

False

The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks.

False

Trojans are self-contained programs designed to propagate from one host machine to another using the host's own network communications protocols.

False its worms

_________ standards address a wide variety of topics, including power generation, power transmission and distribution, commercial and consumer electrical appliances, semiconductors, electromagnetics, batteries, solar energy, and telecommunications.

IEC

Which organization created the popular 802 standard for wireless Internet?

IEEE

Which standards organization attempts to "make the internet work better"?

IEFC

________ is an international security standard that documents a comprehensive set of controls that represent information systems best practices.

ISO/IEC 27000 series

During a meeting, somebody brings up a wireless LAN standard called 802.11ad. You could search Google, but instead you would rather go directly to the source. What organization is responsible for creating and managing the 802-series of standards?

Institute of Electrical and Electronic Engineers (IEEE)

Which of the following is not an advantage of self-study?

Interaction

Which type of degree is more focused on the managment of information security resources?

MBA

Which government organization has set standards for information security programs?

NSA

Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose?

Nmap

A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information.

Phishing

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?

Polymorphic Virus

What type of malicious software allows an attacker to remotely control a compromised computer?

RAT remote access tool.

Which certification organizaion focuses mainly on network security topics?

SCP

Which (ISC)2 secuirty certification is designed for network security engineers, senior security systems analysts, or senior security administrators?

SSCP

Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged into Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?

Session hijacking

Which type of virus targets computer hardware and software startup functions?

System infector

A certification that focuses on a specific vendor's product or product line is known as _______________________. Examples include Cisco CCNA and Microsoft MCSE.

vendor-specific

What is the National Institute of Standards and Technology (NIST)?

A federal agency within the U.S. Department of Commerce whose mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life."


Kaugnay na mga set ng pag-aaral

P&C Chapter 14 - Workers' Compensation Insurance

View Set

Consolidated Statements (Exam 1)

View Set

Incorrect NCLEX PassPoint Questions

View Set

Wordly Wise Grade Seven: Lesson Eight

View Set

Worksheet 01.1: Sources of American Law

View Set

HDEV Chapter 19, HDEV Ch 16-19 (Final), HDEV PSY 200 Quiz Chapter 18, hdev chapter 17 middle and late adulthood, HDEV Chapters 17-19 Study Guide, Psychology 17-19 (HDEV), HDEV 17-18, HDEV Chapter 17

View Set