Cyber Midterm
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?
80
Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?
Access to a high level of expertise
Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements?
Applying security updates promptly
Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?
Audit
Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?
Authorization
Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?
Decryption
Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?
Diffie-Hellman
Which type of attack involves the creation of some deception in order to trick unsuspecting users?
Fabrication
A report indicating that a system's disk is 80% full is a good indication that something is wrong with that system
False
Which of the following is an example of a hardware security control?
MAC filtering
Which one of the following measures the average amount of time that it takes to repair a system, application, or component?
Mean time to repair (MTTR)
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?
Opportunity cost
Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?
Passive wiretap
Which one of the following is an example of a logical access control?
Password
Which element of the security policy framework requires approval from upper management and applies to the entire organization?
Policy
Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?
Polymorphic virus
Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?
Preventive
Which approach to cryptography provides the strongest theoretical protection?
Quantum cryptography
Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take?
Reduce
Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?
Report writing
Which formula is typically used to describe the components of information security risks?
Risk = Threat X Vulnerability
Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?
Risk survey results
Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of Internet of Things (IoT) innovation?
Secure
Gina is preparing to monitor network activity using packet sniffing, Which technology is most likely to interfere with this effort if used on the network?
Secure Sockets Layer(SSL)
From a security perspective, what should organizations expect will occur as they become more dependent upon the Internet of Things (IoT)?
Security risks will increase.
Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for a timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?
Service level agreement (SLA)
Which one of the following is an example of two-factor authentication?
Smart card and personal identification number (PIN)
What type of security monitoring tool would most likely to identify an unauthorized change to a computer system?
System Integrity Monitoring
Which type of virus targets computer hardware and software startup functions?
System infector
Which term describes an action that can damage or compromise an asset?
Threat
Which term describes any action that could damage an asset?
Threat
Which type of cipher works by rearranging the characters in a message?
Transposition
An SOC 1 report primarily focuses on security
True
What is NOT a typical sign of virus activity on a system?
Unexpected power failures
Which one of the following is NOT a commonly accepted best practice for password security?
Use at least six alphanumeric characters.
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?
Whois
What type of network connects systems over the largest geographic area?
Wide area network (WAN)
What is NOT a good practice for developing strong professional ethics?
Assume that information should be free
During which phase of the access control process does the system answer the question,"What can the requestor access?"
Authorization
Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement?
Bring Your Own Device (BYOD)
Which information security objective allows trusted entities to endorse information?
Certification
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?
Discretionary access control (DAC)
Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of the audit?
Does the firewall properly block unsolicited network connection attempts?
What protocol is responsible for assigning IP addresses to hosts on most networks?
Dynamic Host Configuration Protocol (DHCP)
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place
Evil twin
A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.
False
Change doesn't create risk for a business.
False
Configuration changes can be made at any time during a system life cycle and no process is required.
False
Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events
False
The weakest link in the security of an IT infrastructure is the server.
False
You must always use the same algorithm to encrypt information and decrypt the same information.
False
Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an admin connects to a server using Secure Shell(SSH). What type of error is occurring?
False positive error
Which one of the following is NOT a market driver for the Internet of Things (IoT)?
Global adoption of non-IP networking
Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?
Integrity
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?
Integrity
Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?
Is the security control likely to become obsolete in the near future?
Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?
SOC 3
Which of the following is not a Tenant of Information Systems Security
Security
Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?
Trojan horseq
An alteration threat violates information integrity.
True
Anomaly-based intrusion detection systems compare current activity with stored profiles of normal(expected) activity
True
Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet.
True
In security testing, reconnaissance involves reviewing a system to learn as much as possible about he organization, its systems, and its networks
True
Purchasing an insurance policy is an example of the ____________ risk management strategy.
transfer