ITM 350 finial

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What file type is least likely to be impacted by a file infector virus? A. .exe B. .docx C. .dll D. .com

.docx

Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?

Access to a higher level of expertise

Which type of computer crime often involves nation-state attacks by well-funded cybercriminals?

Cyberterrorism

What is the purpose of a disaster recovery plan (DRP)?

To enable an organization to make critical decisions ahead of time so personnel can manage and review decisions without the urgency of an actual disaster

True or False? Transport Layer Security (TLS) is an example of a transport encryption protocol

True

Isabella is a digital forensic specialist. She wants to recover deleted data from a computer disk. The computer is currently running. Which process should she take to do so without accidentally overwriting any deleted data?

Make an image of memory, shut down the computer, attach the disk drive to a forensic lab device, and read the data from the disk

what are the criteria for classifying information?

SCG- security classification guide

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?

System integrity monitoring

True or false: A SIEM is a security information and event management system that helps organizations manage the explosive growth of their log files by providing a common platform to capture and analyze entries.

true

true or false? Unlike viruses, worms do NOT require a host program in order to survive and replicate.

true

Which of the following should you avoid during a disaster and recovery?

Continue normal processes, such as separation of duties or spending limits

What program, released in 2013, is an example of ransomware? A. BitLocker B. Crypt0L0cker C. FileVault D. CryptoVault

Crypt0L0cker

Which type of evidence helps explain other evidence and includes visual aids such as charts and graphs?

Demonstrative

Which type of evidence is stored in a computer's memory, as well as on storage devices as in files, and must be accompanied by documentation that validates the evidence's authenticity?

Documentary

Which of the following is least likely to be needed when rebuilding systems that were damaged during a disaster?

Ensuring there are adequate operating system licenses

True or False? A digitized signature is a combination of a strong hash of a message and a secret key.

False

Antivirus, firewall, and email use policies belong to what part of a security policy hierarchy?

Functional policies in support of organization policy

What is a set of concepts and policies for managing IT infrastructure, development, and operations? The information is published in a series of books, each covering a separate IT management topic.

IT Infrastructure Library (ITIL)

what kind of bag essentially shields electromagnetic emanations for passing into or out of the bag?

Faraday cage

What is the least likely goal of an information security awareness program?

Punish users who violate policy

Which type of evidence is information collected from individuals that supports and helps to interpret other types of evidence?

Testimonial

Hajar is a network engineer. She is creating a system of access involving clearance and classification based on users and the objects they need in a secure network. She is restricting access to secure objects by users based on least privilege and which of the following?

need to know

true or false: The Committee of Sponsoring Organizations (COSO) of the Treadway Commission is a volunteer-run organization that gives guidance to executive management and government entities on critical aspects of organizational governance, business ethics, internal control, enterprise risk, fraud, and financial reporting.

true

Which of the following is not true of data backup options?

It is faster to create differential weekday backups than incremental backups.

Mia is her company's network security professional. She is developing access policies based on personnel security principles. As part of this effort, she is devising a method of taking high-security tasks and splitting them among several different employees so that no one person is responsible for knowing and performing the entire task. What practice is she developing?

Separation of duties

Which of the following is a type of denial of service (DoS) attack? A. Cross-site scripting (XSS) B. Synchronize (SYN) flood C. Logic bomb D. Structured Query Language (SQL) injection

Synchronize (SYN) flood

Which type of virus targets computer hardware and software startup functions? A. File infector B. System infector C. Hardware infector D. Data infector

System infector

Which of the following is not true of contingency planning?

The mean time between failures (MTBF) is closely associated with the recovery time objectives (RTOs) of several integrated critical business functions (CBFs).

match: 1. Starting point in planning for interruptions, define which function is critical to an organization 2. An analysis of CBFs to determine what kind of events could interrupt normal operations. This drives the choice of the recovery strategy and CBFs 3. most time a business can survive without a specific CBF. The maximum period of time that a business can survive a disabled critical function 4. Timeframe for restoring a CBF, MUST be shorter than or equal to the MTD. The amount of time needed to recover a business process 5. to figure out the amount of tolerable data loss for each CBF. For example, if a business can afford to lose up to one day's data, then nightly backups might be an acceptable solution. The point to which data must be recovered. 6. The place where the recovery team will meet and work during a disruption

1. Critical Business Function (CBF) 2.Busyness impact analysis (BIA) 3. Maximum tolerable downtime (MTD) 4. Recovery time objective (RTO) 5. Recovery point objective (RPO) 6. Emergency Operations Center (EOC)

match: 1. actions that the organization recommends? 2. basic configuration documents? 3. step-by-step systematic actions are taken to accomplish a security requirement, process, or objective 4. Sets direction for the management of an organization pertaining to security in such specific functionaries such as email, remote access, and international interaction 5. helps all employees understand the assets and principles the organization values 6. specifies to consumers how an organization collects, uses, and disposes of their personal information

1. guidelines 2.baseline 3. procedures 4. functional policy 5. security policy 6. privacy policy

what is the total of number of data classification standards criteria?

3

What is not a typical sign of virus activity on a system? A. Unexpected error messages B. Sudden sluggishness of applications C. Unexplained decrease in available disk space D. Unexpected power failures

Unexpected power failures

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations? A. Whois B. Ping C. Simple Network Management Protocol (SNMP) D. Domain Name System (DNS)

Whois

Juan is a wireless security professional. He is selecting a standard for wireless encryption protocols for access points and devices for his agency. For the highest security, which protocol should Juan choose?

Wi-Fi Protected Access version 3 (WPA3)

Which method of fault tolerance connects two or more computers to act like a single computer in a highly coordinated manner?

clustering

Security objectives add value to relationships between businesses or between businesses and their customers. Which objective binds a message or data to a specific entity?

digital signature

what type of attack occurs in real time and is often conducted against a specific target? a. unstructured b. structured c. direct d. indirect

direct

True / False: A reciprocal center is an organization that might contract for contingency carriers or supplies if its primary supply method fails.

false

True or False? A private key cipher is also called an asymmetric key cipher.

false

True or False? The term certificate authority (CA) refers to a trusted repository of all public keys.

false

true or false: False Positives are known as TYPE II errors, it fails to catch suspicious behavior

false

true or false: False negatives are known as TYPE 1 errors. Alerts seem malicious yet are not real security events

false

true or false? Worms operate by encrypting important files or even the entire storage device and making them inaccessible.

false

Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is not a good approach for destroying data?

formatting

Janette is the director of her company's network infrastructure group. She is explaining to the business owners the advantages and disadvantages of outsourcing network security. One consideration she presents is the question of who would be responsible for the data, media, and infrastructure. What consideration is she describing?

ownership

True or False? One way to harden a system is to turn off or disable unnecessary services.

true

True or False? Symmetric key ciphers require that both parties first exchange keys to be able to securely communicate.

true

True or False? The term "computer crime" typically refers to crimes that target computer resources, either data that computers store or the services they provide (or both).

true

True or false? The goal of a command injection is to execute commands on a host operating system.

true

true or false: A HIDS can detect inappropriate traffic that origniates INSDIE the network and recongize an anomaly that is specific to a particular machine or user

true

true or false: a parallel; test is conducted at an alternate site

true

true or false? the term "web defacement" refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server

true

what are the three roles that computer devices play in crime?

?

Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?

Alice's public key

Alice and Bob would like to communicate with each other using a session key, but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?

Diffie-Hellman

What is a goal of vulnerability testing?

Documenting the lack of security control or misconfiguration

What type of system is intentionally exposed to attackers in an attempt to lure them out? A. Database server B. Honeypot C. Web server D. Bastion host

Honeypot

Which of the following is not true of mobile devices and forensics?

Mobile devices do not need to follow ordinary chain of custody techniques.

True or False? A block cipher encrypts one byte (or bit) at a time, whereas a stream cipher encrypts an entire block of data at a time.

false

True or False? Change does not create risk for a business.

false

True or False? The U.S. government currently has no standard for creating cryptographic keys for classified applications.

false

true or false? demonstrative evidence helps explain other evidence

true

match: 1. a type of social engineering that uses threats or harassment to bully another person for information 2. compulsory time during which workers must step away from their work responsibilities, often used as a time to audit critical functions 3. The process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task 4. a strategy to minimize risk by rotating employees between various systems of duties 5. A property that indicates a specific subject needs access to a specific object. This is necessary to access the object in addition to processing the proper clearance for the object's classification

1. intimidation 2. mandatory vacation 3. separation of duties 4. job rotation 5. need to know

match tool is used for: 1. which tool is used for open source distribution of Linux that is favorite with a penetration tester 2. collection of command-line tools that are available for free to analyze disk images and recover files. food for the budget-conscious organization 3. used for popular commercial digital forensics investigation management package 4. create full disk forensics images, made by accessing data.

1. kali 2. sleuth kit (TSK) 3. Cellebrite UFED 4. FTK

In an accreditation process, who has the authority to approve a system for implementation?

Authorizing official (AO)

Applications represent the most common avenue for users, customers, and attackers to access data, which means you must build the software to enforce the security policy and to ensure compliance with regulations, including the privacy and integrity of both data and system processes. Regardless of the development model, the application must validate all input. Certain attacks can take advantage of weak validation. One such attack provides script code that causes a trusted user who views the input script to send malicious commands to a web server. What is this called?

Cross-site request forgery (XSRF)

Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she filter? A. User Datagram Protocol (UDP) B. Transmission Control Protocol (TCP) C. Hypertext Transfer Protocol (HTTP) D. Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP)

Wen is a network security professional. He wants to strengthen the security of his agency's network infrastructure defenses. Which control can he use to protect the network?

Use proxy services and bastion hosts to protect critical services

Maria receives a ciphertext message from her colleague Wen. What type of function does Maria need to use to read the plaintext message?

decryption

True or False? A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.

false

True or False? The process of collecting evidence is called evidence preservation.

false

Bob is sending a message to Alice. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Bob attempting to achieve?

integrity

which is an advantage of outsourcing?

reaching out to high level expertise that the organization may have not

Which type of evidence is any physical object that you can touch or otherwise directly observe, such as a hard drive?

real

Which intrusion detection system strategy relies on pattern matching?

signature detection

Which type of cipher works by rearranging the characters in a message?

transposition

True / False: In the event an incident goes to court, if evidence become inadmissible, it can not be fixed

true

True or False? A parallel test of a contingency plan is the same as a full-interruption test except that processing does not stop at the primary site.

true

True or False? A successful business impact analysis (BIA) maps the context, the critical business functions (CBFs), and the processes on which they rely.

true

True or False? American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 2 reports are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.

true

True or False? An American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).

true

True or False? An American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 3 report is intended for public consumption.

true

True or False? An organization can maintain a cloud-based disaster recovery site for a fraction of the cost of a physical site.

true

True or False? Any component that, if it fails, could interrupt business processing is called a single point of failure (SPOF).

true

True or False? Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.

true

true or false? beofre deploying a IDS or IPS, you need to create a baseline in order for it to be effective

true

true or false? cyberstalking is the art of using online media and assets to harass individuals?

true

true or false? the success of trojans is due to their reliance on social engineering to spread and operate: they have to trick users into running them

true

What is the only unbreakable cipher when it is used properly?

vernam

match: FAT32 NTFS ext3 3xt4 APFs

windows windows linux linux macOS


Kaugnay na mga set ng pag-aaral

MGT 291 Chapter 2 Exam Study Guide

View Set

Lifespan-5D: The Concept of Addiction

View Set

Section 12: Real Estate Contracts in Texas

View Set

Anatomy and Physiology (lecture 5)

View Set