Cyber Security Test three
Joe is the CEO of a company that handles medical billing for several regional hospital systems. How would Joe's company be classified under the Health Insurance Portability and Accountability Act (HIPAA)?
Business associate of a covered entity
________ refers to a program of study approved by the State Department of Education in the state that a school operates.
Accredited
Which organization created a standard version of the widely used C programming language in 1989?
American National Standards Institute (ANSI)
Donna is building a security awareness program designed to meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS) 3.2. How often must she conduct training for all current employees?
Annually
Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) model. What other two layers of the model will her component need to interact with?
Application and Session
Taylor is a security professional working for a retail organization. She is hiring a firm to conduct the Payment Card Industry Data Security Standard (PCI DSS) required quarterly vulnerability scans. What credential should she seek in a vendor?
Approved scanning vendor (ASV)
What level of academic degree requires the shortest period of time to earn and does NOT require any other postsecondary degree as a prerequisite?
Associate's degree
Which of the following is NOT a role described in DoD Directive 8140, which covers cybersecurity training?
Attack
Howard is leading a project to commission a new information system that will be used by a federal government agency. He is working with senior officials to document and accept the risk of operation prior to allowing use. What step of the risk management framework is Howard completing?
Authorize the IT system for processing.
__________ is a continuous process designed to keep all personnel vigilant.
Awareness
Continuing professional education (CPE) credits typically represent ________ minutes of classroom time per CPE unit.
50
What file type is least likely to be impacted by a file infector virus?
.docx
What is the highest level of academic degree that may be earned in the field of information security?
Doctor of philosophy (PhD)
What entity is responsible for overseeing compliance with Family Educational Rights and Privacy Act (FERPA)?
Family Policy Compliance Office (FPCO)
What is NOT a common motivation for attackers?
Fear
How many years of post-secondary education are typically required to earn a bachelor's degree in a non-accelerated program?
Four
Jonas is an experienced information security professional with a specialized focus on evaluating computers for evidence of criminal or malicious activity and recovering data. Which GIAC certification would be most appropriate for Jonas to demonstrate his abilities?
GIAC Certified Forensic Examiner (GCFE)
Vincent recently went to work for a hospital system. He is reading about various regulations that apply to his new industry. What law applies specifically to health records?
Health Insurance Portability and Accountability Act (HIPAA)
Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI?
International Organization for Standardization (ISO)
Jim is an experienced security professional who recently accepted a position in an organization that uses Check Point firewalls. What certification can Jim earn to demonstrate his ability to administer these devices?
CCSA
Colin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. What certification would be most suitable for this purpose?
Certified Secure Software Lifecycle Professional (CSSLP)
Which of the following circumstances would NOT trigger mandatory security training for a federal agency under Office of Personnel Management (OPM) guidelines?
Change of senior leadership
Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank Y?
Customer
Which term accurately describes Layer 3 of the Open Systems Interconnection (OSI) model?
Network
What is NOT an area where the Internet Architecture Board (IAB) provides oversight on behalf of the Internet Engineering Task Force (IETF)?
Subject matter expertise on routing and switching
Which of the following items would generally NOT be considered personally identifiable information (PII)?
Trade secret
What is NOT a typical sign of virus activity on a system?
Unexpected power failures
Richard would like to earn a certification that demonstrates his ability to manage the information security function. What certification would be most appropriate for Richard?
Certified Information Security Manager (CISM)
What certification focuses on information systems audit, control, and security professionals?
Certified Information Systems Auditor (CISA)
What organization offers a variety of security certifications that are focused on the requirements of auditors?
ISACA
What ISO security standard can help guide the creation of an organization's security policy?
27002
Jane is a manager at a federal government agency and recently hired a new employee, Mark, who will work with sensitive information. How much time does Jane have from Mark's hire date to get him security training?
60 days
How many domains of knowledge are covered by the Certified Information Systems Security Professional (CISSP) exam?
8
What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities?
800
Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank X?
Consumer
Which Institute of Electrical and Electronics Engineers (IEEE) standard covers wireless LANs?
802.11
What DoD directive requires that information security professionals in the government earn professional certifications?
8140
Rod has been a Certified Information Systems Security Professional (CISSP) for 10 years. He would like to earn an advanced certification that demonstrates his ability in information security architecture. Which of the following CISSP concentrations would meet Rod's needs?
CISSP-ISSAP
Which of the following certifications cannot be used to satisfy the security credential requirements for the advanced Certified Internet Webmaster (CIW) certifications?
Certified Information Security Manager (CISM)
Which of the following certifications is considered the flagship Information Systems Security Certification Consortium, Inc. (ISC)2 certification and the gold standard for information security professionals?
Certified Information Systems Security Professional (CISSP)
Federal agencies are required to name a senior official in charge of information security. What title is normally given to these individuals?
Chief information security officer (CISO)
Betty visits a local library with her young children. She notices that someone using a computer terminal in the library is visiting pornographic websites. What law requires that the library filter offensive web content for minors?
Children's Internet Protection Act (CIPA)
Which of the following Cisco certifications demonstrates the most advanced level of security knowledge?
Cisco Certified Internetwork Expert (CCIE) Security
Alison discovers that a system under her control has been infected with malware, which is using a keylogger to report user keystrokes to a third party. What information security property is this malware attacking?
Confidentiality
Maya is creating a computing infrastructure compliant with the Payment Card Industry Data Security Standard (PCI DSS). What type of information is she most likely trying to protect?
Credit card information
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?
Cross-site scripting (XSS)
What program, released in 2013, is an example of ransomware?
Crypt0L0cker
Which element is NOT a core component of the ISO 27002 standard?
Cryptography
What is NOT one of the four main purposes of an attack?
Data import
What type of security communication effort focuses on a common body of knowledge?
Education
Tonya is working with a team of subject matter experts to diagnose a problem with her system. The experts determine that the problem likely resides at the Presentation Layer of the Open Systems Interconnection (OSI) model. Which technology is the most likely suspect?
Encryption
Which technology category would NOT likely be the subject of a standard published by the International Electrotechnical Commission (IEC)?
Encryption
Which organization creates information security standards that specifically apply within the European Union?
European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER)
Which of the following agencies is NOT involved in the Gramm-Leach-Bliley Act (GLBA) oversight process?
Federal Communications Commission (FCC)
Gary is troubleshooting a security issue on an Ethernet network and would like to look at the Ethernet standard. What publication should he seek out?
IEEE 802.3
Erin is a system administrator for a federal government agency. What law contains guidance on how she may operate a federal information system?
Federal Information Security Management Act (FISMA)
Which of the following is NOT an advantage to undertaking self-study of information security topics?
Fixed pace
What certification organization began as an offshoot of the SANS Institute training programs?
Global Information Assurance Certification (GIAC)
Which unit of measure represents frequency and is expressed as the number of cycles per second?
Hertz
What type of system is intentionally exposed to attackers in an attempt to lure them out?
Honeypot
Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management?
ISO 27002
Tim is implementing a set of controls designed to ensure that financial reports, records, and data are accurately maintained. What information security goal is Tim attempting to achieve?
Integrity
Fran is interested in learning more about the popular Certified Ethical Hacker (CEH) credential. What organization should she contact?
International Council of E-Commerce Consultants (EC-Council)
Which organization promotes technology issues as an agency of the United Nations?
International Telecommunication Union (ITU)
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block?
Internet Control Message Protocol (ICMP)
Which of the following graduate degree programs focuses on managing the process of securing information systems, rather than the technical aspects of information security?
MBA
Alison retrieved data from a company database containing personal information on customers. When she looks at the SSN field, she sees values that look like this: "XXX-XX-9142." What has happened to these records?
Masking
Helen is an experienced information security professional who earned a four-year degree while a full-time student. She would like to continue her studies on a part-time basis. What is the next logical degree for Helen to earn?
Master's degree
What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?"
National Institute of Standards and Technology (NIST)
What federal government agency is charged with the responsibility of creating information security standards and guidelines for use within the federal government and more broadly across industries?
National Institute of Standards and Technology (NIST)
What government agency sponsors the National Centers of Academic Excellence (CAE) for the Cyber Operations Program?
National Security Agency (NSA)
Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose?
Nmap
Brian is the information security training officer for a health care provider. He wants to develop a training program that complies with the provisions of Health Insurance Portability and Accountability Act (HIPAA). Which of the following topics must be included?
Password management
A security awareness program that focuses on an organization's Bring Your Own Device (BYOD) policy is designed to cover the use of what type of equipment?
Personally owned devices
Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?
Polymorphic virus
Which of the following programs requires passing a standardized examination that is based upon a job-task analysis?
Professional certification
Which document is the initial stage of a standard under the Internet Engineering Task Force (IETF) process?
Proposed Standard (PS)
What type of organizations are required to comply with the Sarbanes-Oxley (SOX) Act?
Publicly traded companies
What type of malicious software allows an attacker to remotely control a compromised computer?
Remote Access Tool (RAT)
What type of publication is the primary working product of the Internet Engineering Task Force (IETF)?
Request for comment (RFC)
Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, what type of safeguards must be implemented by all covered entities, regardless of the circumstances?
Required
Which of the following is NOT one of the rights afforded to students (or the parents of a minor student) under the Family Educational Rights and Privacy Act (FERPA)?
Right to delete unwanted information from records
What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4016?
Risk Analysts
Taylor is preparing to submit her company's Payment Card Industry Data Security Standard (PCI DSS) self-assessment questionnaire. The company uses a payment application that is connected to the Internet but does not conduct e-commerce. What self-assessment questionnaire (SAQ) should she use?
SAQ C
Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?
SQL injection
Helen has no experience in security. She would like to earn a certification that demonstrates that she has the basic knowledge necessary to work in the information security field. What certification would be an appropriate first step for her?
Security+
Which of the following study options provides little to no opportunity for feedback?
Self-study programs
What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4012?
Senior System Manager
Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?
Session hijacking
The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?
Spear phishing
Which type of virus targets computer hardware and software startup functions?
System infector
Ben is working toward a position as a senior security administrator and would like to earn his first International Information Systems Security Certification Consortium, Inc. (ISC)2 certification. Which certification is most appropriate for his needs?
Systems Security Certified Practitioner (SSCP)
How many years of specialized experience are required to earn one of the Certified Information Systems Security Professional (CISSP) concentrations?
Two
Bobbi recently discovered that an email program used within her health care practice was sending sensitive medical information to patients without using encryption. She immediately corrected the problem because it violated the company's security policy and standard rules. What level of the Health Insurance Portability and Accountability Act (HIPAA) violation likely took place?
Tier A
Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?
Trojan horse
Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating?
Whitelisting
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?
Whois
Allie is working on the development of a web browser and wants to make sure that the browser correctly implements the Hypertext Markup Language (HTML) standard. What organization's documentation should she turn to for the authoritative source of information?
World Wide Web Consortium (W3C)
What type of malware does NOT have an anti-malware solution and should be covered in security awareness training?
Zero-day
Security training programs typically differ from security education programs in their focus on ______________.
hands-on skills