Fundamental Information Security Final Exam Review
Continuing professional education (CPE) credits typically represent ________ minutes of classroom time per CPE unit. 30 50 60 120
50
How many domains of knowledge are covered by the Certified Information Systems Security Professional (CISSP) exam? 7 8 9 10
8
Which Institute of Electrical and Electronics Engineers (IEEE) standard covers wireless LANs? 802.3 802.11 802.16 802.18
802.11
Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature? Alice's public key Alice's private key Bob's public key Bob's private key
Alice's private key
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature? Alice's public key Alice's private key Bob's public key Bob's private key
Alice's public key
Taylor is a security professional working for a retail organization. She is hiring a firm to conduct the Payment Card Industry Data Security Standard (PCI DSS) required quarterly vulnerability scans. What credential should she seek in a vendor? Qualified security assessor (QSA) Self-assessment vendor (SAV) Approved scanning vendor (ASV) Independent Scanning Assessor (ISA)
Approved scanning vendor (ASV)
Jim is an experienced security professional who recently accepted a position in an organization that uses Check Point firewalls. What certification can Jim earn to demonstrate his ability to administer these devices? CISSP CCIE Security+ CCSA
CCSA
Which information security objective allows trusted entities to endorse information? Validation Authorization Certification Witnessing
Certification
Which of the following certifications cannot be used to satisfy the security credential requirements for the advanced Certified Internet Webmaster (CIW) certifications? Security+ GIAC Certified Firewall Analyst (GCFW) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
What certification focuses on information systems audit, control, and security professionals? Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified in the Governance of Enterprise IT (CGEIT) Certified in Risk and Information Systems Control (CRISC)
Certified Information Systems Auditor (CISA)
Which of the following circumstances would NOT trigger mandatory security training for a federal agency under Office of Personnel Management (OPM) guidelines? Change of senior leadership Change in security environment Change in security procedures Change in employee responsibilities
Change of senior leadership
Federal agencies are required to name a senior official in charge of information security. What title is normally given to these individuals? Chief information officer (CIO) Chief technology officer (CTO) Chief information security officer (CISO) Chief financial officer (CFO)
Chief information security officer (CISO)
Which of the following items would generally NOT be considered personally identifiable information (PII)? Name Driver's license number Trade secret Social Security number
Trade secret
Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use? Firewall Unified threat management (UTM) Router VPN concentrator
VPN concentrator
Security training programs typically differ from security education programs in their focus on ______________. security topics hands-on skills theoretical models academic courses
hands-on skills
What is the highest level of academic degree that may be earned in the field of information security? Bachelor of science (BS) Master of business administration (MBA) Doctor of philosophy (PhD) Master of science (MS)
Doctor of philosophy (PhD)
Erin is a system administrator for a federal government agency. What law contains guidance on how she may operate a federal information system? Family Educational Rights and Privacy Act (FERPA) Federal Information Security Management Act (FISMA) Gramm-Leach-Bliley Act (GLBA) Sarbanes-Oxley (SOX) Act
Federal Information Security Management Act (FISMA)
What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature? Elliptic curve Decryption Encryption Hash
Hash
Vincent recently went to work for a hospital system. He is reading about various regulations that apply to his new industry. What law applies specifically to health records? Health Insurance Portability and Accountability Act (HIPAA) Sarbanes-Oxley (SOX) Act Payment Card Industry Data Security Standard (PCI DSS) Gramm-Leach-Bliley Act (GLBA)
Health Insurance Portability and Accountability Act (HIPAA)
Gary is troubleshooting a security issue on an Ethernet network and would like to look at the Ethernet standard. What publication should he seek out? NIST 800-53 IEEE 802.3 ANSI x.1199 ISO 17799
IEEE 802.3
What organization offers a variety of security certifications that are focused on the requirements of auditors? International Information Systems Security Certification Consortium, Inc. (ISC)2 CompTIA Global Information Assurance Certification (GIAC) ISACA
ISACA
Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management? ISO 17799 ISO 9000 ISO 27002 ISO 14001
ISO 27002
Tim is implementing a set of controls designed to ensure that financial reports, records, and data are accurately maintained. What information security goal is Tim attempting to achieve? Integrity Accountability Availability Confidentiality
Integrity
Alison retrieved data from a company database containing personal information on customers. When she looks at the SSN field, she sees values that look like this: "XXX-XX-9142." What has happened to these records? Encryption Truncation Hashing Masking
Masking
Which term accurately describes Layer 3 of the Open Systems Interconnection (OSI) model? Network Application Physical Session
Network
Brian is the information security training officer for a health care provider. He wants to develop a training program that complies with the provisions of Health Insurance Portability and Accountability Act (HIPAA). Which of the following topics must be included? Password management Medical records formats Prescribing procedures Patient safety
Password management
A security awareness program that focuses on an organization's Bring Your Own Device (BYOD) policy is designed to cover the use of what type of equipment? Servers Workstations Printers Personally owned devices
Personally owned devices
Taylor is preparing to submit her company's Payment Card Industry Data Security Standard (PCI DSS)self-assessment questionnaire. The company uses a payment application that is connected to the Internet but does not conduct e-commerce. What self-assessment questionnaire (SAQ) should she use? SAQ A SAQ B SAQ C SAQ D
SAQ C
Which of the following study options provides little to no opportunity for feedback? Self-study programs Certificate programs Undergraduate programs Graduate programs
Self-study programs
Barbara is investigating an attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place? Teardrop Land Smurf Cross-site scripting (XSS)
Smurf
Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall? 22 25 53 80
25
What is NOT a valid encryption key length for use with the Blowfish algorithm? 32 bits 64 bits 256 bits 512 bits
512 bits
Jane is a manager at a federal government agency and recently hired a new employee, Mark, who will work with sensitive information. How much time does Jane have from Mark's hire date to get him security training? 10 days 15 days 30 days 60 days
60 days
Which organization created a standard version of the widely used C programming language in 1989? Institute of Electrical and Electronics Engineers (IEEE) International Organization for Standardization (ISO) American National Standards Institute (ANSI) European Telecommunications Standards Institute (ETSI)
American National Standards Institute (ANSI)
Donna is building a security awareness program designed to meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS) 3.2. How often must she conduct training for all current employees? Monthly Semi-annually Annually Biannually
Annually
What level of academic degree requires the shortest period of time to earn and does NOT require any other postsecondary degree as a prerequisite? Bachelor's degree Master's degree Doctoral degree Associate's degree
Associate's degree
__________ is a continuous process designed to keep all personnel vigilant. Awareness Training Education Professional development
Awareness
Joe is the CEO of a company that handles medical billing for several regional hospital systems. How would Joe's company be classified under the Health Insurance Portability and Accountability Act (HIPAA)? Covered entity as a health plan Covered entity as a healthcare clearinghouse Covered entity as a provider Business associate of a covered entity
Business associate of a covered entity
Colin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. What certification would be most suitable for this purpose? Certified Information Systems Security Professional (CISSP) Certified Secure Software Lifecycle Professional (CSSLP) Certified Cyber Forensics Professional (CCFP) HealthCare Certified Information Security Privacy Practitioner (HCISPP)
Certified Secure Software Lifecycle Professional (CSSLP)
Betty visits a local library with her young children. She notices that someone using a computer terminal in the library is visiting pornographic websites. What law requires that the library filter offensive web content for minors? Children's Online Privacy Protection Act (COPPA) Sarbanes-Oxley Act (SOX) Family Educational Rights and Privacy Act (FERPA) Children's Internet Protection Act (CIPA
Children's Internet Protection Act (CIPA)
Which of the following Cisco certifications demonstrates the most advanced level of security knowledge? Cisco Certified Technician (CCT) Security Cisco Certified Network Associate (CCNA) Security Cisco Certified Network Professional (CCNP) Security Cisco Certified Internetwork Expert (CCIE) Security
Cisco Certified Internetwork Expert (CCIE) Security
What is NOT one of the four main purposes of an attack?\ Denial of availability Data import Data modification Launch point
Data import
What type of firewall security feature limits the volume of traffic from individual hosts? Loop protection Network separation Stateful inspection Flood guard
Flood guard
How many years of post-secondary education are typically required to earn a bachelor's degree in a non-accelerated program? Two Three Four Six
Four
Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database? Cross-site scripting (XSS) XML injection SQL injection LDAP injection
SQL injection
What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4012? Senior System Manager System Administrator Information Assurance Officer Risk Analyst
Senior System Manager
What firewall approach is shown in the figure? Border firewall Bastion host Screened subnet Multilayered firewall
Screened subnet
Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating? Blacklisting Context-based screening Packet filtering Whitelisting
Whitelisting
What wireless security technology contains significant flaws and should never be used? Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) WPA2 Remote Authentication Dial-In User Service (RADIUS)
Wired Equivalent Privacy (WEP)
Allie is working on the development of a web browser and wants to make sure that the browser correctly implements the Hypertext Markup Language (HTML) standard. What organization's documentation should she turn to for the authoritative source of information? International Electrotechnical Commission (IEC) National Institute of Standards and Technology (NIST) World Wide Web Consortium (W3C) Internet Engineering Task Force (IETF)
World Wide Web Consortium (W3C)