Intro to Information Security Final
Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the single loss expectancy (SLE)? $20,000 $200,000 $2,000 $2,000,000
$2,000,000
What is NOT one of the four main purposes of an attack? Denial of availability Data import Launch point Data modification
Data import
Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message? Hashing Validation Encryption Decryption
Decryption
What is a key principle of risk management programs? Security controls should be protected through the obscurity of their mechanisms. Apply controls in ascending order of risk. Don't spend more to protect an asset than it is worth. Risk avoidance is superior to risk mitigation.
Don't spend more to protect an asset than it is worth
David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use? Secure Shell (SSH) Fibre Channel over Ethernet (FCoE) Fibre Channel (FC) Internet Small Computer System Interface (iSCSI)
Fibre Channel over Ethernet (FCoE)
Jonas is an experienced information security professional with a specialized focus on evaluating computers for evidence of criminal or malicious activity and recovering data. Which GIAC certification would be most appropriate for Jonas to demonstrate his abilities? GIAC Certified Firewall Analyst (GCFW) GIAC Certified Penetration Tester (GPEN) GIAC Systems and Network Auditor (GSNA) GIAC Certified Forensic Examiner (GCFE)
GIAC Certified Forensic Examiner (GCFE)
What type of system is intentionally exposed to attackers in an attempt to lure them out? Honeypot Bastion host Database server Web server
Honeypot
Which recovery site option provides readiness in minutes to hours? Multiple sites Cold site Warm site Hot site
Hot site
Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues? Router Hub Firewall Switch
Hub
Gary is troubleshooting a security issue on an Ethernet network and would like to look at the Ethernet standard. What publication should he seek out? ANSI x.1199 IEEE 802.3 NIST 800-53 ISO 17799
IEEE 802.3
What organization offers a variety of security certifications that are focused on the requirements of auditors? CompTIA ISACA International Information Systems Security Certification Consortium, Inc. (ISC)2 Global Information Assurance Certification (GIAC)
ISACA
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block? Hypertext Transfer Protocol (HTTP) Transmission Control Protocol (TCP) Internet Control Message Protocol (ICMP) User Datagram Protocol (UDP)
Internet Control Message Protocol (ICMP)
Which of the following graduate degree programs focuses on managing the process of securing information systems, rather than the technical aspects of information security? MSc MScIT MS MBA
MBA
Brian needs to design a control that prevents piggybacking, only allowing one person to enter a facility at a time. What type of control would best meet this need? Biometrics Video surveillance Motion detectors Mantraps
Mantraps
What government agency sponsors the National Centers of Academic Excellence (CAE) for the Cyber Operations Program? National Security Agency (NSA) National Institute of Standards and Technology (NIST) Federal Bureau of Investigation (FBI) Central Intelligence Agency (CIA)
National Security Agency (NSA)
Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time? Certificate revocation list (CRL) Online Certificate Status Protocol (OCSP) Transport Layer Security (TLS) International Data Encryption Algorithm (IDEA)
Online Certificate Status Protocol (OCSP)
Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered? Cross-platform virus Multipartite virus Polymorphic virus Stealth virus
Polymorphic virus
Which of the following programs requires passing a standardized examination that is based upon a job-task analysis? Bachelor's degree Doctoral degree Professional certification Certificate of completion
Professional certification
Which document is the initial stage of a standard under the Internet Engineering Task Force (IETF) process? Standard (STD) Proposed Standard (PS) Best Current Practice (BCP) Draft Standard (DS)
Proposed Standard (PS)
What term describes the risk that exists after an organization has performed all planned countermeasures and controls? Business risk Total risk Residual risk Transparent risk
Residual risk
Helen has no experience in security. She would like to earn a certification that demonstrates that she has the basic knowledge necessary to work in the information security field. What certification would be an appropriate first step for her? GIAC Security Expert (GSE) Security+ Certified Information Systems Security Professional (CISSP) CompTIA Advanced Security Practitioner (CASP)
Security+
Which of the following study options provides little to no opportunity for feedback? Self-study programs Graduate programs Certificate programs Undergraduate programs
Self-study programs
What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4012? Risk Analyst Senior System Manager Information Assurance Officer System Administrator
Senior System Manager
Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged into Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place? Cross-site scripting XML injection SQL injection Session hijacking
Session hijacking
What is NOT an area where the Internet Architecture Board (IAB) provides oversight on behalf of the Internet Engineering Task Force (IETF)? Confirmation of IETF chairs Architecture for Internet protocols and procedures Editorial and publication procedures for requests for comments (RFCs) Subject matter expertise on routing and switching
Subject matter expertise on routing and switching
What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows? Access point Router Switch Hub
Switch
Which type of cipher works by rearranging the characters in a message? Asymmetric Substitution Transposition Steganographic
Transposition
Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter? Trojan horse Worm Logic bomb Virus
Trojan horse
What is the only unbreakable cipher when it is used properly? Elliptic Curve Diffie-Hellman in Ephemeral mode (ECDHE) Blowfish Rivest-Shamir-Adelman (RSA) Vernam
Vernam
Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use? Virtual LAN (VLAN) Firewall Transport Layer Security (TLS) Virtual private network (VPN)
Virtual LAN (VLAN)
Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered? Threat Vulnerability Impact Risk
Vulnerability
Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime? Warm site Clustering Load balancing Redundant Array of inexpensive Disks (RAID)
Warm site
Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating? Blacklisting Context-based screening Whitelisting Packet filtering
Whitelisting
What file type is least likely to be impacted by a file infector virus? .com .docx .exe .dll
.docx
Continuing professional education (CPE) credits typically represent ________ minutes of classroom time per CPE unit. 30 120 60 50
50
What is NOT a valid encryption key length for use with the Blowfish algorithm? 512 bits 64 bits 32 bits 256 bits
512 bits
How many domains of knowledge are covered by the Certified Information Systems Security Professional (CISSP) exam? 7 9 10 8
8
Which Institute of Electrical and Electronics Engineers (IEEE) standard covers wireless LANs? 802.16 802.3 802.11 802.18
802.11
Jim is an experienced security professional who recently accepted a position in an organization that uses Check Point firewalls. What certification can Jim earn to demonstrate his ability to administer these devices? CCIE Security+ CCSA CISSP
CCSA
Which of the following certifications is considered the flagship Information Systems Security Certification Consortium, Inc. (ISC)2 certification and the gold standard for information security professionals? Systems Security Certified Practitioner (SSCP) Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP) Certified Authorization Professional (CAP)
Certified Information Systems Security Professional (CISSP)
Colin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. What certification would be most suitable for this purpose? Certified Cyber Forensics Professional (CCFP) Certified Information Systems Security Professional (CISSP) Certified Secure Software Lifecycle Professional (CSSLP) HealthCare Certified Information Security Privacy Practitioner (HCISPP)
Certified Secure Software Lifecycle Professional (CSSLP)
Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking? Confidentiality Availability Accounting Integrity
Confidentiality
What type of malware does NOT have an anti-malware solution and should be covered in security awareness training? Worm Ransomware Zero-day Virus
Zero-day
What mathematical problem forms the basis of most modern cryptographic algorithms? Quantum mechanics Factoring large primes Traveling salesman problem Birthday problem
Factoring large primes
Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI? National Institute of Standards and Technology (NIST) Information Systems Audit and Control Association (ISACA) Ocean Surveillance Information System (OSIS) International Organization for Standardization (ISO)
International Organization for Standardization (ISO)
What term describes the longest period of time that a business can survive without a particular critical system? Emergency operations center (EOC) Maximum tolerable downtime (MTD) Recovery point objective (RPO) Recovery time objective (RTO)
Maximum tolerable downtime (MTD)
Which term accurately describes Layer 3 of the Open Systems Interconnection (OSI) model? Network Session Application Physical
Network
A security awareness program that focuses on an organization's Bring Your Own Device (BYOD) policy is designed to cover the use of what type of equipment? Personally owned devices Workstations Printers Servers
Personally owned devices
What type of publication is the primary working product of the Internet Engineering Task Force (IETF)? Request for comment (RFC) ISO standard Special Publication (SP) Public service announcement (PSA)
Request for comment (RFC)
What type of security role is covered by the Committee on National Security Systems (CNSS) Training Standard CNSS-4016? Information Assurance Officers System Administrators Risk Analysts Senior System Managers
Risk Analysts
Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database? LDAP injection XML injection SQL injection Cross-site scripting (XSS)
SQL injection
The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? Pharming Spear phishing Adware Command injection
Spear phishing
Joe is responsible for the security of the industrial control systems for a power plant. What type of environment does Joe administer? Embedded Supervisory Control and Data Acquisition (SCADA) Mobile Mainframe
Supervisory Control and Data Acquisition (SCADA)
Which type of virus targets computer hardware and software startup functions? Hardware infector Data infector System infector File infector
System infector
Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) model. What other two layers of the model will her component need to interact with? Session and Transport Application and Transport Application and Session Network and Session
Application and Session
What level of academic degree requires the shortest period of time to earn and does NOT require any other postsecondary degree as a prerequisite? Associate's degree Doctoral degree Master's degree Bachelor's degree
Associates degree
Which of the following is NOT a role described in DoD Directive 8140, which covers cyber security training? Investigate Attack Protect and defend Operate and maintain
Attack
__________ is a continuous process designed to keep all personnel vigilant. Awareness Education Training Professional development
Awareness
Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy? Remote Authentication Dial-In User Service (RADIUS) Lightweight Extensible Authentication Protocol (LEAP) Captive portal Protected Extensible Authentication Protocol (PEAP)
Captive Portal
Which information security objective allows trusted entities to endorse information? Witnessing Authorization Validation Certification
Certification
Richard would like to earn a certification that demonstrates his ability to manage the information security function. What certification would be most appropriate for Richard? Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified in the Governance of Enterprise IT (CGEIT)
Certified Information Security Manager (CISM)
Which of the following certifications cannot be used to satisfy the security credential requirements for the advanced Certified Internet Webmaster (CIW) certifications? Security+ GIAC Certified Firewall Analyst (GCFW) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Which of the following circumstances would NOT trigger mandatory security training for a federal agency under Office of Personnel Management (OPM) guidelines? Change in security environment Change in employee responsibilities Change of senior leadership Change in security procedures
Change of senior leadership
Which of the following Cisco certifications demonstrates the most advanced level of security knowledge? Cisco Certified Network Associate (CCNA) Security Cisco Certified Technician (CCT) Security Cisco Certified Network Professional (CCNP) Security Cisco Certified Internetwork Expert (CCIE) Security
Cisco Certified Internetwork Expert (CCIE) Security
Maya is creating a computing infrastructure compliant with the Payment Card Industry Data Security Standard (PCI DSS). What type of information is she most likely trying to protect? Health records Credit card information Educational records Trade secrets
Credit card information
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered? Command injection SQL injection XML injection Cross-site scripting (XSS)
Cross-site scripting (XSS)
What program, released in 2013, is an example of ransomware? Crypt0L0cker CryptoVault FileVault BitLocker
Crypt0L0cker
What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities? 600 700 900 800
800
What is the highest level of academic degree that may be earned in the field of information security? Bachelor of science (BS) Doctor of philosophy (PhD) Master of science (MS) Master of business administration (MBA)
Doctor of philosophy (PhD)
What protocol is responsible for assigning IP addresses to hosts on most networks? Virtual LAN (VLAN) Transport Layer Security (TLS) Simple Mail Transfer Protocol (SMTP) Dynamic Host Configuration Protocol (DHCP)
Dynamic Host Configuration Protocol (DHCP)
What type of security communication effort focuses on a common body of knowledge? Education Emails Professional development Acceptable use policy (AUP)
Education
Tonya is working with a team of subject matter experts to diagnose a problem with her system. The experts determine that the problem likely resides at the Presentation Layer of the Open Systems Interconnection (OSI) model. Which technology is the most likely suspect? User interface Routing Encryption Signaling
Encryption
What is NOT a common motivation for attackers? Revenge Money Fame Fear
Fear
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature? Alice's public key Bob's public key Bob's private key Alice's private key
Alice's public key
Norm recently joined a new organization. He noticed that the firewall technology used by his new firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used? Application proxying Stateful inspection Network address translation Packet filtering
Application proxying
Which of the following is NOT an advantage to undertaking self-study of information security topics? Low cost Self-motivation Fixed pace Flexible materials
Fixed pace
How many years of post-secondary education are typically required to earn a bachelor's degree in a non-accelerated program? Three Two Six Four
Four
Which unit of measure represents frequency and is expressed as the number of cycles per second? Joule Gauss Weber Hertz
Hertz
Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management? ISO 14001 ISO 27002 ISO 9000 ISO 17799
ISO 27002
Adam's company recently suffered an attack where hackers exploited an SQL injection issue on their web server and stole sensitive information from a database. What term describes this activity? Incident Incursion Outage Event
Incident
Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve? Authentication Integrity Confidentiality Nonrepudiation
Integrity
Rod has been a Certified Information Systems Security Professional (CISSP) for 10 years. He would like to earn an advanced certification that demonstrates his ability in information security architecture. Which of the following CISSP concentrations would meet Rod's needs? CISSP-ISASP CISSP-ISSEP CISSP-ISSAP CISSP-ISSMP
CISSP-ISSAP
What certification organization began as an offshoot of the SANS Institute training programs? Global Information Assurance Certification (GIAC) Certified Internet Webmaster (CIW) International Information Systems Security Certification Consortium, Inc. (ISC)2 CompTIA
Global Information Assurance Certification (GIAC)
Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis? Qualitative Objective Financial Quantitative
Qualitative
Which approach to cryptography provides the strongest theoretical protection? Asymmetric cryptography Elliptic curve cryptography Classic cryptography Quantum cryptography
Quantum cryptography
Which data source comes first in the order of volatility when conducting a forensic investigation? RAM Swap and paging files Logs Data files on disk
RAM
What type of malicious software allows an attacker to remotely control a compromised computer? Armored virus Worm Polymorphic virus Remote Access Tool (RAT)
Remote Access Tool (RAT)
Barbara is investigating an attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place? Teardrop Smurf Land Cross-site scripting (XSS)
Smurf
Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore? 2 4 3 1
2
Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall? 25 80 22 53
25
What is the maximum value for any octet in an IPv4 IP address? 65 255 513 129
255
What ISO security standard can help guide the creation of an organization's security policy? 27002 42053 17259 12333
27002
Henry's last firewall rule must allow inbound access to a Windows Terminal Server. What port must he allow? 443 989 3389 143
3389
Jane is a manager at a federal government agency and recently hired a new employee, Mark, who will work with sensitive information. How much time does Jane have from Mark's hire date to get him security training? 10 days 60 days 30 days 15 days
60 days
What DoD directive requires that information security professionals in the government earn professional certifications? 8140 8540 8270 8088
8140
How many years of specialized experience are required to earn one of the Certified Information Systems Security Professional (CISSP) concentrations? Four Two Five Three
Two
What is NOT an effective key distribution method for plaintext encryption keys? Paper Unencrypted email Smart card CD
Unencrypted email
What is NOT a typical sign of virus activity on a system? Unexplained decrease in available disk space Unexpected power failures Unexpected error messages Sudden sluggishness of applications
Unexpected power failures
Gary is configuring a Smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity? 3G Digital subscriber line (DSL) 4G Wi-Fi
Wi-Fi
What type of network connects systems over the largest geographic area? Storage area network (SAN) Wide area network (WAN) Local area network (LAN) Metropolitan area network (MAN)
Wide area network (WAN)
What is NOT a service commonly offered by unified threat management (UTM) devices? Malware inspection Content inspection Wireless network access URL filtering
Wireless network access
Forensics and incident response are examples of __________ controls. detective corrective deterrent preventive
corrective
A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime. incident disaster emergency event
disaster
Security training programs typically differ from security education programs in their focus on ______________. academic courses theoretical models hands-on skills security topics
hands-on skills
Purchasing an insurance policy is an example of the ____________ risk management strategy. accept avoid transfer reduce
transfer
________ refers to a program of study approved by the State Department of Education in the state that a school operates. Certificate of completion Continuing education Accredited Continuing professional education (CPE)
Accredited
Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature? Alice's public key Bob's public key Bob's private key Alice's private key
Alice's private key
Which organization created a standard version of the widely used C programming language in 1989? International Organization for Standardization (ISO) Institute of Electrical and Electronics Engineers (IEEE) American National Standards Institute (ANSI) European Telecommunications Standards Institute (ETSI)
American National Standards Institute (ANSI)
Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the annualized loss expectancy (ALE)? $2,000 $20,000 $2,000,000 $200,000
$20,000
Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the exposure factor? 1 percent 20 percent 10 percent 50 percent
20 percent
Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication? 80 143 443 3389
443
Donna is building a security awareness program designed to meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS) 3.2. How often must she conduct training for all current employees? Semi-annually Annually Monthly Biannually
Annually
Alice would like to send a message to Bob securely and wishes to encrypt the contents of the message. What key does she use to encrypt this message? Bob's public key Alice's private key Alice's public key Bob's private key
Bob's public key
What certification focuses on information systems audit, control, and security professionals? Certified Information Systems Auditor (CISA) Certified in the Governance of Enterprise IT (CGEIT) Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works? Chosen plaintext Chosen ciphertext Known plaintext Ciphertext only
Chosen plaintext
Which element is NOT a core component of the ISO 27002 standard? Asset management Access control Cryptography Risk assessment
Cryptography
Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key? Message digest algorithm (MD5) Diffie-Hellman Blowfish Rivest, Shamir, Adelman (RSA)
Diffie-Hellman
Which technology category would NOT likely be the subject of a standard published by the International Electrotechnical Commission (IEC)? Consumer appliances Encryption Solar energy Semiconductors
Encryption
Which organization creates information security standards that specifically apply within the European Union? Institute of Electrical and Electronics Engineers (IEEE) American National Standards Institute (ANSI) International Telecommunication Union (ITU) European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER)
European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER)
What type of firewall security feature limits the volume of traffic from individual hosts? Loop protection Network separation Stateful inspection Flood guard
Flood guard
What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature? Hash Encryption Decryption Elliptic curve
Hash
Fran is interested in learning more about the popular Certified Ethical Hacker (CEH) credential. What organization should she contact? The International Society of Forensic Computer Examiners Software Engineering Institute – Carnegie Mellon University High Tech Crime Network International Council of E-Commerce Consultants (EC-Council)
International Council of E-Commerce Consultants (EC-Council)
Which organization promotes technology issues as an agency of the United Nations? International Telecommunication Union (ITU) American National Standards Institute (ANSI) Internet Assigned Numbers Authority (IANA) Institute of Electrical and Electronics Engineers (IEEE)
International telecommunication Union (ITU)
Helen is an experienced information security professional who earned a four-year degree while a full-time student. She would like to continue her studies on a part-time basis. What is the next logical degree for Helen to earn? Associate's degree Master's degree Bachelor's degree Doctoral degree
Master's degree
What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?" National Aeronautics and Space Administration (NASA) National Institute of Standards and Technology (NIST) Federal Trade Commission (FTC) Federal Communications Commission (FCC)
National Institute of Standards and Technology (NIST)
Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose? Ping Remote Access Tool (RAT) Simple Network Management Protocol (SNMP) agent Nmap
Nmap
When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve? Confidentiality Nonrepudiation Integrity Authentication
Nonrepudiation
Brian is the information security training officer for a health care provider. He wants to develop a training program that complies with the provisions of Health Insurance Portability and Accountability Act (HIPAA). Which of the following topics must be included? Patient safety Medical records formats Prescribing procedures Password management
Password management
Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working? Presentation Session Application Data Link
Presentation
Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed? Corrective Preventive Deterrent Detective
Preventive
Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take? Transfer Reduce Accept Avoid
Reduce
What is NOT a symmetric encryption algorithm? Rivest-Shamir-Adelman (RSA) Carlisle Adams Stafford Tavares (CAST) International Data Encryption Algorithm (IDEA) Data Encryption Standard (DES)
Rivest-Shamir-Adelman (RSA)
Which set of characteristics describes the Caesar cipher accurately? Asymmetric, block, substitution Symmetric, stream, substitution Symmetric, block, transposition Asymmetric, stream, transposition
Symmetric, stream, substitution
Ben is working toward a position as a senior security administrator and would like to earn his first International Information Systems Security Certification Consortium, Inc. (ISC)2 certification. Which certification is most appropriate for his needs? Systems Security Certified Practitioner (SSCP) Certified Cloud Security Professional (CCSP) Certified Secure Software Lifecycle Professional (CSSLP) Certified Information Systems Security Professional (CISSP)
Systems Security Certified Practitioner (SSCP)
Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use? Firewall Unified threat management (UTM) Router VPN concentrator
VPN concentrator
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations? Ping Whois Simple Network Management Protocol (SNMP) Domain Name System (DNS)
Whois
What standard is NOT secure and should never be used on modern wireless networks? Wi-Fi Protected Access version 2 (WPA2) 802.11ac Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA)
Wired Equivalent Privacy (WEP)
What wireless security technology contains significant flaws and should never be used? Wi-Fi Protected Access (WPA) Remote Authentication Dial-In User Service (RADIUS) WPA2 Wired Equivalent Privacy (WEP)
Wired Equivalent Privacy (WEP)
Allie is working on the development of a web browser and wants to make sure that the browser correctly implements the Hypertext Markup Language (HTML) standard. What organization's documentation should she turn to for the authoritative source of information? National Institute of Standards and Technology (NIST) Internet Engineering Task Force (IETF) International Electrotechnical Commission (IEC) World Wide Web Consortium (W3C)
World Wide Web Consortium (W3C)