IS 360 Cybersecurity in Business - Midterm
Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the exposure factor (EF)? A) 20 percent B) 10 percent C) 1 percent D) 50 percent
A) 20 percent
Isabella is in charge of the disaster recovery plan (DRP) team. She needs to ensure that data center operations will transfer smoothly to an alternate site in the event of a major interruption. She plans to run a complete test that will interrupt the primary data center and transfer processing capability to a hot site. What option is described in this scenario? A) Full-interruption test B) Simulation test C) Parallel test D) Structured walk-through
A) Full-interruption test
The Common Vulnerabilities and Exposures (CVE) list is maintained by the _____ and, together with NVD, provides information about vulnerabilities and how to _____them with software patches and updates. A) MITRE Corporation; mitigate B) NIST; mitigate C) MITRE Corporation; assess D) NIST; assess
A) MITRE Corporation; mitigate
Which type of attack involves capturing data packets from a network and retransmitting them to produce an unauthorized effect? The receipt of duplicate, authenticated Internet Protocol (IP) packets may disrupt service or produce another undesired consequence. A) Replay B) Man-in-the-middle C) IP Spoofing D) Hijacking
A) Replay
This section of a formal Penetration Test Report defines the restrictions on the aggressiveness of a penetration test, describes the methods that a pen tester will use to reach a target, and provides a list of the planned/executed tests. A) Scope section B) Target(s) section C) Summary of Findings section D) Conclusion section
A) Scope section
Unauthorized access to data centers and downtime of servers are risks to which domain of an IT infrastructure? A) System/Application Domain B) Remote Access Domain C) Wide Area Network (WAN) Domain D) Workstation Domain
A) System/Application Domain
User IDs and passwords sent through ______ are sent as ______ and are readable with Wireshark. A) Telnet; clear text B) Telnet; encrypted text C) SSHv2; clear text D) SSHv2; encrypted text
A) Telnet; clear text
Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing? A) Procedure B) Standard C)Policy D) Guideline
A)Procedure
What is the maximum value for any octet in an Internet Protocol version 4 (IPv4) address? A) 513 B) 255 C) 65 D) 129
B) 255
Carl recently joined a new organization. He noticed that the firewall technology used by the firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used? A) Stateful inspection B) Application proxying C) Network address translation D) Packet filtering
B) Application Proxying
Which security control is most helpful in protecting against eavesdropping on wide area network (WAN) transmissions? A) Deploying an intrusion detection systems/intrusion prevention system(IDS/IPS) B) Encrypting transmissions with virtual private networks (VPN) C) Applying filters on exterior Internet Protocol (IP) stateful firewalls D) Blocking Transmission Control Protocol (TCP) synchorize(SYN) open connections.
B) Encrypting transmissions with virtual private networks (VPN)
Which of the following is not a defining aspect of using TCP as a connection-orientated protocol? A) Three-way handshake between the sender and receiver B) Encryption of packet payload C) Sequence numbers assigned to each packet D) Acknowledgement packet sent for each packet received
B) Encryption of packet payload
Aditya recently assumed an information security role for a financial institution located in the United States. He is tasked with assessing the institution's risk profile and cybersecurity maturity level. What compliance regulation applies specifically to Aditya's institution? A) FISMA B) FFIEC C) PCI DSS D) HIPAA
B) FFIEC
Which type of attack involves eavesdropping on transmissions and redirecting them for unauthorized use? A) Fabrication B) Interception C) Interruption D) Modification
B) Interception
Zenmap and Nessus can identify devices, operating systems, applications, database servers, and services on those devices. Which of the two applications can also identify known vulnerabilities or bugs on the devices being scanned? A) Only Zenmap B) Only Nessus C) Both Zenmap and Nessus D) Neither Zenmap nor Nessus
B) Only Nessus
Susan is troubleshooting a problem with a computer's network cabling. At which layer of the Open Systems Interconnection (OSI) Reference Model is she working? A) Application B) Physical C) Session D) Presentation
B) Physical
In OpenVAS, the _____ measures how reliable a vulnerability's severity score is. A) GSM B) QoD score C) CVSS score D) CVE Value
B) QoD score
Hajar is investigating a denial of service attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place? A) Land B) Smurf C) Teardrop D) Cross-site scripting (XSS)
B) Smurf
Forensics and incident response are examples of __________ controls. A) deterrent B) corrective C) detective D) preventive
B) corrective
As a follow-up to her annual testing, Isabella would like to conduct quarterly disaster recovery tests. These tests should include role-playing and introduce as much realism as possible without affecting live operations. What type of test should Isabella conduct? A) Checklist test B) Parallel test C) Structured walk-through D) Simulation Test
D) Simulation Test
Which Nmap switch would attempt to guess a target host's operating system? A) -sV B) -sS C) -O D) Nmap doesn't detect a host's operating system
C) -O
In Wireshark, which of the follow Protocol column filters would displauy only packets transported over a wireless network? A) TCP B) Telnet C) 802.11 D)ICMP
C) 802.11
The _____ allows you to tailor the thoroughness of a vulnerability scan and can affect whether a scan is quick or longer. A) basic network scan is Nessus B) SYN scan in Zenmap C) assessment option in Nessus D) discovery option in Zenmap
C) Assessment option in Nessus
When examining data in Wireshark, the presence of _____ in the Packet List pane indicates that the data comes from a wireless network. A) IP addresses B) TCP packets C) Beacon frames D) MAC addresses
C) Beacon frames
A Nessus scan report identifies vulnerabilities by a ____ A) NASL B) CVSS score C) Plugin ID D) CVE Value
C) Plugin ID
Which of the following is an example of devices associated with the Transport Layer? A) Routers B) CATS cables or with signals C) Ports D) Switches or bridges
C) Ports
To capture Ethernet-based frames addressed to any/all IP addresses on a LAN segment, you need to use Wireshark in _______ mode. A) Monitor B) Passive C) Promiscuous D) Managed
C) Promiscuous
What is the main purpose of risk identification in an organization? A) To create a disaster recovery plan (DRP) B) To understand threats to critical resources C) To make the organization's personnel aware of existing risk D) To create a business continuity plan (BCP)
C) To make the organization's personnel aware of existing risk
Wen is a network engineer. He would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology is best to use? A) Network access control (NAC) B) Virtual Private Network (VPN) C) Virtual LAN (VLAN) D) Transport Layer Security (TLS)
C) Virtual LAN (VLAN)
Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross-site scripting attack against the server. What term describes the issue that Adam discovered? A) Risk B) Impact C) Vulnerability D)Threat
C) Vulnerability
What type of attack against a web application uses a newly discovered vulnerability that is not patchable? A) Cross-site request forgery (CSRF) B) Cross-site scripting (XSS) C) Zero-day attack D) Structured Query Language (SQL) injection
C) Zero-day attack
Which Nmap command would you run to execute a Ping scan on all hosts on the 172.30.0.0/224 subnet? A) nmap -Pn 172.30.0.0/24 B) nmap -sL 172.30.0.0/24 C) nmap -T4 -A -v 172.30.0.0/24 D) Nmap doesn't Ping hosts.
C) nmap -T4 -A -v 172.30.0.0/24
A ______ is limited to the scanning and enumeration phase of the cyber kill chain, while a ______ encompasses the full kill chain. A) port scan in Zenmap; basic network scan in Nessus B) basic network scan in Nessus ; port scan in Zenmap C) vulnerability assessment; penetration test D) penetration test; vulnerability assessment
C) vulnerability assessment; penetration test
You should enumerate recommended mitigations or next steps in this section of a formal Penetration Test Report. A) Scope section B) Target(s) section C) Summary of Findings section D) Conclusion section
D) Conclusion section
The Link Layer in the TCP/IP corresponds to the _______ and ______ Layers of the OSI Reference Model. A) Network; Transport B) Transport; Physical C) Data Link; Network D) Physical; Data Link
D) Physical; Data Link
The Transport Layer uses source and destination _______ to address the proper services on the respective source and destination computers. A) switches B) routers C) IP Addresses D) ports
D) Ports
The Data Link Layer organizes bits into collections called ______, while the Network Layer encapsulates that information into units called ______. A) packets; frames B) ethernet; internet C) internet; ethernet D) frames; packets
D) frames; packets
Wireshark can be filtered to show ______ data by applying the _____filter. A) ping; TCP B) ssh; TCP C) ssh; ICMP D) ping; ICMP
D) ping; ICMP
True or False? Authorization controls include biometric devices.
False
True or False? Bluejacking is an attack in which wireless traffic is sniffed between Bluetooth devices.
False
True or False? Corrective controls are implemented to address a threat in place that does not have a straightforward risk-mitigating solution.
False
True or False? Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure webpages.
False
True or False? Physical access to network equipment is required to eavesdrop on a network connection.
False
True or False? The business continuity plan (BCP) identifies the resources for which a business impact analysis (BIA) is necessary.
False
True or False? The term "risk methodology" refers to a list of identified risks that results from the risk identification process.
False
True or False? A border route can provide enhanced features to internal networks and help keep subnet traffic separate.
True
True or False? A disaster recovery plan (DRP) is part of a business continuity plan(BCP) and is necessary to ensure the restoration of resources required by the BCP to an available state.
True
True or False? An alteration threat violates information integrity.
True
True or False? Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.
True
True or False? Availability is the tenet of information security that deals with uptime and downtime.
True
True or False? Cryptography is the practice of making data unreadable.
True
True or False? Each layer of the Open Systems Interconnection (OSI) Reference Model needs to be able to talk to the layers above and below it.
True
True or False? For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public-domain categories.
True
True or False? In a masquerade attack, one user or computer pretends to be another user or computer.
True
True or False? Networks, routers, and equipment require continuous monitoring and management to keep wide area network(WAN) service available.
True
True or False? Storage segmentation is a mobile device control that physically separates personal data from business data.
True
True or False? The User Domain of a typical IT infrastructure defines the people and processes that access and organization's information systems.
True
True or False? The recovery time objective (RTO) expresses the maximum allowable time in which to recover the function after a major interruption.
True
True or False? The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them.
True
True or False? Transmission Control Protocol/Internet Protocol(TCP/IP) is a suite of protocols that operates at both the Network and Transport layers of the Open Systems Interconnection(OSI) Reference Model.
True