IAS Final

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Devaki is a network engineer. She is diagnosing an issue with a small business customer's wireless local area network (WLAN). She knows the Institute of Electrical and Electronics Engineers (IEEE) has created the standards involved in various network technologies. While WLAN standards cover a wide array of subsets, which general standard does she need to consult that addresses all WLANs?

802.11

Which of the following is not true of mobile devices and forensics?

Although options are available for breaking mobile device access controls, there is no guarantee that you will be able to access the device's data without the owner's cooperation.

Under the Federal Information Security Management Act (FISMA) of 2002, which of the following broadens the scope of FISMA beyond a federal agency and is important because IT systems and functions are often outsourced?

An agency must protect the IT systems that support its operations even if another agency or contractor owns the IT systems.

In the Open Systems Interconnection (OSI) Reference Model, which layer has the user interface that displays information to the user?

Application

Hajar has been an (ISC) 2 Certified Information Systems Security Professional (CISSP) for 10 years. She would like to earn an advanced certification that demonstrates her ability in systems security engineering. Which of the following CISSP concentrations would meet Hajar's needs?

CISSP-ISSEP

Which of the following certifications cannot be used to satisfy the security credential requirements for the advanced Certified Internet Web Professional (CIW) certifications?

Certified Information Security Manager (CISM)

What certification focuses on information systems audit, control, and security professionals?

Certified Information Systems Auditor (CISA)

Which of the following certifications is considered the flagship International Information Systems Security Certification Consortium (ISC) 2 certification and targets middle- and senior-level managers?

Certified Information Systems Security Professional (CISSP)

Colin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. What certification would be most suitable for this purpose?

Certified Secure Software Lifecycle Professional (CSSLP)

Maria is an IT security professional for a large health care corporation. She has been working with the compliance team on a few projects and is expanding her skills to include risk management as well as control and assurance activities. What ISACA certification would be the best fit?

Certified in Risk and Information Systems Control (CRISC)

Betty visits a local library with her young children. She notices that someone using a computer terminal in the library is visiting pornographic websites. What law requires that the library filter offensive web content for minors?

Children's Internet Protection Act (CIPA)

Oscar is a network engineer. He is responsible for the networks and security protections, such as firewalls, in his local government agency. He is beginning a professional development journey and trying to determine an entry-level or associate-level security certification that is a good match with his current knowledge and skills. Which certification should he pursue?

Cisco Certified Network Associate (CCNA)

Which method of fault tolerance connects two or more computers to act like a single computer in a highly coordinated manner?

Clustering

Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank X?

Consumer

Which of the following should you avoid during a disaster and recovery?

Continue normal processes, such as separation of duties or spending limits

Which element is not a core component of the ISO 27002 standard?

Cryptography

Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank Y?

Customer

Which of the following provides IT and communications support to the White House, Secretary of Defense, and all military sectors that contribute to the defense of the United States of America?

Defense Information Systems Agency (DISA)

Which type of evidence helps explain other evidence and includes visual aids such as charts and graphs?

Demonstrative

Which of the following is not true of U.S. Department of Defense/military Directive (DoDD) 8140?

DoDD 8140 certifications are unique and will not include commercial certifications.

Which type of evidence is stored in a computer's memory, as well as on storage devices as in files, and must be accompanied by documentation that validates the evidence's authenticity?

Documentary

During which step of the incident-handling process should a lessons-learned review of the incident be conducted?

Documentation

Tonya is working with a team of subject matter experts to diagnose a problem with her system. The experts determine that the problem likely resides at the Transport Layer of the Open Systems Interconnection (OSI) model. Which functionality is the most likely suspect?

End-to-end communication maintenance

Which of the following is least likely to be needed when rebuilding systems that were damaged during a disaster?

Ensuring there are adequate operating system licenses

Which organization creates information security standards that specifically apply within the European Union (EU)?

European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER)

Which of the following agencies is not involved in the Gramm-Leach-Bliley Act (GLBA) oversight process?

Federal Communications Commission (FCC)

Lin works for a large financial institution. She has been asked to create a written information security program, which must state how the institution collects and uses customer data and must describe the controls used to protect that data. She is also in charge of running the program, conducting a risk assessment to identify risks to customer information, and assessing current safeguards to make sure they are effective, among other tasks. Which of the following is she trying to comply with?

GLBA Safeguards Rule

Which certification program enables credential holders to earn a Gold credential through the acceptance of a technical paper that covers an important area of information security?

Global Information Assurance Certification (GIAC)

Gary is troubleshooting a security issue on an Ethernet network. He would like to look at the relevant Ethernet standard. What publication should he seek out?

IEEE 802.3

Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management?

ISO 27002

Oscar is a digital forensic specialist. He has been given a suspect hard disk that has been physically damaged. He wants to try to recover data. What is the first step he should take?

Install it in a test system

Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) Reference Model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI?

International Organization for Standardization (ISO)

Lin is a digital forensic specialist who works in a forensic lab. She is evaluating diagnostic forensic software to add to the lab's toolkit. She wants a tool that is open source that can also be used for penetration testing. Which tool should she choose?

Kali Linux

Which term describes a process that requires an organization to preserve and not alter evidence that may be used in court? This process can help ensure that normal data-handling procedures do not contaminate or even delete data that may be needed for a case.

Legal hold

Taylor is a security professional working for a retail company. She is revising the company's policies and procedures to meet Payment Card Industry Data Security Standard (PCI DSS) objectives. One change she has made is to require the use of antivirus software on all systems commonly affected by malware and to keep them regularly updated. Which PCI DSS control objective is she attempting to meet?

Maintain a vulnerability management program

Isabella is a digital forensic specialist. She wants to recover deleted data from a computer disk. The computer is currently running. Which process should she take to do so without accidentally overwriting any deleted data?

Make an image of memory, shut down the computer, attach the disk drive to a forensic lab device, and read the data from the disk

What is the average time a device will function before it fails?

Mean time to failure (MTTF)

During which step of the incident-handling process is the goal to contain the incident?

Notification

Which of the following is a digital forensics specialist least likely to need in-depth knowledge of?

Operating systems, such as Windows, Linux, and macOS

A computing device does not play which role in a crime?

Perpetrator

During which step of the incident-handling process do you develop a formal communication plan and identify all key stakeholders?

Preparation

What type of organizations are required to comply with the Sarbanes-Oxley Act (SOX)?

Publicly traded companies

Which of the following is not true of requests for comments (RFCs)?

RFCs may be modified.

Which data source comes first in the order of volatility when conducting a forensic investigation?

Random access memory (RAM)

Which type of evidence is any physical object that you can touch or otherwise directly observe, such as a hard drive?

Real

Arturo is an IT manager for a school district. He is planning recovery options for a small data center that supports teacher and classroom activities for 5 of the 21 schools in his district. Many school districts in his state use similar classroom technology. Arturo is looking for a temporary alternate site that would be easy to cut over to and is affordable. Which option is most likely to fit Arturo's needs?

Reciprocal center

Isabella is an IT security manager for a state agency. The agency can survive for nine hours without a functioning data center. The power goes out in her data center. It takes six hours to move data center operations to an alternate site. Which of the following describes the time it takes for the move?

Recovery time objective (RTO)

Which of the following items would generally not be considered personally identifiable information (PII)?

Social media post

Susan is a digital forensic examiner. She is investigating a case in which a driver has been accused of vehicular homicide. She has the driver's mobile device and cellular records. What type of mobile device evidence is most likely to reveal whether the driver was actively using a mobile device when the incident occurred?

Text messages

How are the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS) alike?

They both have requirements that protect the confidentiality, integrity, and availability of data.

Marco is in a web development program. He is studying various web-related standards that apply to Cascading Style Sheets (CSS) and HyperText Markup Language (HTML). What authoritative source should he consult?

World Wide Web Consortium (W3C)

The ________ establishes that evidence was collected and handled using proper techniques and procedures, which is also a trusted method to determine the ________, or point of origin, of a piece of evidence.

chain of custody, provenance


Kaugnay na mga set ng pag-aaral

La famille Sandrine and Martin are talking about their own families and those of their friends. Choose the correct possessive adjectives to complete their statements.

View Set

[CS 2337] Chapter 13: Overloading and Templates

View Set

Pharmaceutical Calculations (GREEN)

View Set

Programming Languages Chapter 1/3

View Set

Ch. 27 - Community Mental Health Nursing

View Set

Chapter 1 (Part #1): The Life-Span Perspective

View Set

Psych Exam 1 - Ch. 32 (Serious Mental Illness)

View Set

Medical Terminology: Suffix Meanings

View Set

Chapter 8: Fluid and Electrolyte Management + Chapter 44: Diabetic Emergencies Questions & Answers

View Set