ITM 350 finial
What file type is least likely to be impacted by a file infector virus? A. .exe B. .docx C. .dll D. .com
.docx
Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?
Access to a higher level of expertise
Which type of computer crime often involves nation-state attacks by well-funded cybercriminals?
Cyberterrorism
What is the purpose of a disaster recovery plan (DRP)?
To enable an organization to make critical decisions ahead of time so personnel can manage and review decisions without the urgency of an actual disaster
True or False? Transport Layer Security (TLS) is an example of a transport encryption protocol
True
Isabella is a digital forensic specialist. She wants to recover deleted data from a computer disk. The computer is currently running. Which process should she take to do so without accidentally overwriting any deleted data?
Make an image of memory, shut down the computer, attach the disk drive to a forensic lab device, and read the data from the disk
what are the criteria for classifying information?
SCG- security classification guide
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
System integrity monitoring
True or false: A SIEM is a security information and event management system that helps organizations manage the explosive growth of their log files by providing a common platform to capture and analyze entries.
true
true or false? Unlike viruses, worms do NOT require a host program in order to survive and replicate.
true
Which of the following should you avoid during a disaster and recovery?
Continue normal processes, such as separation of duties or spending limits
What program, released in 2013, is an example of ransomware? A. BitLocker B. Crypt0L0cker C. FileVault D. CryptoVault
Crypt0L0cker
Which type of evidence helps explain other evidence and includes visual aids such as charts and graphs?
Demonstrative
Which type of evidence is stored in a computer's memory, as well as on storage devices as in files, and must be accompanied by documentation that validates the evidence's authenticity?
Documentary
Which of the following is least likely to be needed when rebuilding systems that were damaged during a disaster?
Ensuring there are adequate operating system licenses
True or False? A digitized signature is a combination of a strong hash of a message and a secret key.
False
Antivirus, firewall, and email use policies belong to what part of a security policy hierarchy?
Functional policies in support of organization policy
What is a set of concepts and policies for managing IT infrastructure, development, and operations? The information is published in a series of books, each covering a separate IT management topic.
IT Infrastructure Library (ITIL)
what kind of bag essentially shields electromagnetic emanations for passing into or out of the bag?
Faraday cage
What is the least likely goal of an information security awareness program?
Punish users who violate policy
Which type of evidence is information collected from individuals that supports and helps to interpret other types of evidence?
Testimonial
Hajar is a network engineer. She is creating a system of access involving clearance and classification based on users and the objects they need in a secure network. She is restricting access to secure objects by users based on least privilege and which of the following?
need to know
true or false: The Committee of Sponsoring Organizations (COSO) of the Treadway Commission is a volunteer-run organization that gives guidance to executive management and government entities on critical aspects of organizational governance, business ethics, internal control, enterprise risk, fraud, and financial reporting.
true
Which of the following is not true of data backup options?
It is faster to create differential weekday backups than incremental backups.
Mia is her company's network security professional. She is developing access policies based on personnel security principles. As part of this effort, she is devising a method of taking high-security tasks and splitting them among several different employees so that no one person is responsible for knowing and performing the entire task. What practice is she developing?
Separation of duties
Which of the following is a type of denial of service (DoS) attack? A. Cross-site scripting (XSS) B. Synchronize (SYN) flood C. Logic bomb D. Structured Query Language (SQL) injection
Synchronize (SYN) flood
Which type of virus targets computer hardware and software startup functions? A. File infector B. System infector C. Hardware infector D. Data infector
System infector
Which of the following is not true of contingency planning?
The mean time between failures (MTBF) is closely associated with the recovery time objectives (RTOs) of several integrated critical business functions (CBFs).
match: 1. Starting point in planning for interruptions, define which function is critical to an organization 2. An analysis of CBFs to determine what kind of events could interrupt normal operations. This drives the choice of the recovery strategy and CBFs 3. most time a business can survive without a specific CBF. The maximum period of time that a business can survive a disabled critical function 4. Timeframe for restoring a CBF, MUST be shorter than or equal to the MTD. The amount of time needed to recover a business process 5. to figure out the amount of tolerable data loss for each CBF. For example, if a business can afford to lose up to one day's data, then nightly backups might be an acceptable solution. The point to which data must be recovered. 6. The place where the recovery team will meet and work during a disruption
1. Critical Business Function (CBF) 2.Busyness impact analysis (BIA) 3. Maximum tolerable downtime (MTD) 4. Recovery time objective (RTO) 5. Recovery point objective (RPO) 6. Emergency Operations Center (EOC)
match: 1. actions that the organization recommends? 2. basic configuration documents? 3. step-by-step systematic actions are taken to accomplish a security requirement, process, or objective 4. Sets direction for the management of an organization pertaining to security in such specific functionaries such as email, remote access, and international interaction 5. helps all employees understand the assets and principles the organization values 6. specifies to consumers how an organization collects, uses, and disposes of their personal information
1. guidelines 2.baseline 3. procedures 4. functional policy 5. security policy 6. privacy policy
what is the total of number of data classification standards criteria?
3
What is not a typical sign of virus activity on a system? A. Unexpected error messages B. Sudden sluggishness of applications C. Unexplained decrease in available disk space D. Unexpected power failures
Unexpected power failures
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations? A. Whois B. Ping C. Simple Network Management Protocol (SNMP) D. Domain Name System (DNS)
Whois
Juan is a wireless security professional. He is selecting a standard for wireless encryption protocols for access points and devices for his agency. For the highest security, which protocol should Juan choose?
Wi-Fi Protected Access version 3 (WPA3)
Which method of fault tolerance connects two or more computers to act like a single computer in a highly coordinated manner?
clustering
Security objectives add value to relationships between businesses or between businesses and their customers. Which objective binds a message or data to a specific entity?
digital signature
what type of attack occurs in real time and is often conducted against a specific target? a. unstructured b. structured c. direct d. indirect
direct
True / False: A reciprocal center is an organization that might contract for contingency carriers or supplies if its primary supply method fails.
false
True or False? A private key cipher is also called an asymmetric key cipher.
false
True or False? The term certificate authority (CA) refers to a trusted repository of all public keys.
false
true or false: False Positives are known as TYPE II errors, it fails to catch suspicious behavior
false
true or false: False negatives are known as TYPE 1 errors. Alerts seem malicious yet are not real security events
false
true or false? Worms operate by encrypting important files or even the entire storage device and making them inaccessible.
false
Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is not a good approach for destroying data?
formatting
Janette is the director of her company's network infrastructure group. She is explaining to the business owners the advantages and disadvantages of outsourcing network security. One consideration she presents is the question of who would be responsible for the data, media, and infrastructure. What consideration is she describing?
ownership
True or False? One way to harden a system is to turn off or disable unnecessary services.
true
True or False? Symmetric key ciphers require that both parties first exchange keys to be able to securely communicate.
true
True or False? The term "computer crime" typically refers to crimes that target computer resources, either data that computers store or the services they provide (or both).
true
True or false? The goal of a command injection is to execute commands on a host operating system.
true
true or false: A HIDS can detect inappropriate traffic that origniates INSDIE the network and recongize an anomaly that is specific to a particular machine or user
true
true or false: a parallel; test is conducted at an alternate site
true
true or false? the term "web defacement" refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server
true
what are the three roles that computer devices play in crime?
?
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?
Alice's public key
Alice and Bob would like to communicate with each other using a session key, but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?
Diffie-Hellman
What is a goal of vulnerability testing?
Documenting the lack of security control or misconfiguration
What type of system is intentionally exposed to attackers in an attempt to lure them out? A. Database server B. Honeypot C. Web server D. Bastion host
Honeypot
Which of the following is not true of mobile devices and forensics?
Mobile devices do not need to follow ordinary chain of custody techniques.
True or False? A block cipher encrypts one byte (or bit) at a time, whereas a stream cipher encrypts an entire block of data at a time.
false
True or False? Change does not create risk for a business.
false
True or False? The U.S. government currently has no standard for creating cryptographic keys for classified applications.
false
true or false? demonstrative evidence helps explain other evidence
true
match: 1. a type of social engineering that uses threats or harassment to bully another person for information 2. compulsory time during which workers must step away from their work responsibilities, often used as a time to audit critical functions 3. The process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task 4. a strategy to minimize risk by rotating employees between various systems of duties 5. A property that indicates a specific subject needs access to a specific object. This is necessary to access the object in addition to processing the proper clearance for the object's classification
1. intimidation 2. mandatory vacation 3. separation of duties 4. job rotation 5. need to know
match tool is used for: 1. which tool is used for open source distribution of Linux that is favorite with a penetration tester 2. collection of command-line tools that are available for free to analyze disk images and recover files. food for the budget-conscious organization 3. used for popular commercial digital forensics investigation management package 4. create full disk forensics images, made by accessing data.
1. kali 2. sleuth kit (TSK) 3. Cellebrite UFED 4. FTK
In an accreditation process, who has the authority to approve a system for implementation?
Authorizing official (AO)
Applications represent the most common avenue for users, customers, and attackers to access data, which means you must build the software to enforce the security policy and to ensure compliance with regulations, including the privacy and integrity of both data and system processes. Regardless of the development model, the application must validate all input. Certain attacks can take advantage of weak validation. One such attack provides script code that causes a trusted user who views the input script to send malicious commands to a web server. What is this called?
Cross-site request forgery (XSRF)
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she filter? A. User Datagram Protocol (UDP) B. Transmission Control Protocol (TCP) C. Hypertext Transfer Protocol (HTTP) D. Internet Control Message Protocol (ICMP)
Internet Control Message Protocol (ICMP)
Wen is a network security professional. He wants to strengthen the security of his agency's network infrastructure defenses. Which control can he use to protect the network?
Use proxy services and bastion hosts to protect critical services
Maria receives a ciphertext message from her colleague Wen. What type of function does Maria need to use to read the plaintext message?
decryption
True or False? A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.
false
True or False? The process of collecting evidence is called evidence preservation.
false
Bob is sending a message to Alice. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Bob attempting to achieve?
integrity
which is an advantage of outsourcing?
reaching out to high level expertise that the organization may have not
Which type of evidence is any physical object that you can touch or otherwise directly observe, such as a hard drive?
real
Which intrusion detection system strategy relies on pattern matching?
signature detection
Which type of cipher works by rearranging the characters in a message?
transposition
True / False: In the event an incident goes to court, if evidence become inadmissible, it can not be fixed
true
True or False? A parallel test of a contingency plan is the same as a full-interruption test except that processing does not stop at the primary site.
true
True or False? A successful business impact analysis (BIA) maps the context, the critical business functions (CBFs), and the processes on which they rely.
true
True or False? American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 2 reports are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.
true
True or False? An American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
true
True or False? An American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 3 report is intended for public consumption.
true
True or False? An organization can maintain a cloud-based disaster recovery site for a fraction of the cost of a physical site.
true
True or False? Any component that, if it fails, could interrupt business processing is called a single point of failure (SPOF).
true
True or False? Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.
true
true or false? beofre deploying a IDS or IPS, you need to create a baseline in order for it to be effective
true
true or false? cyberstalking is the art of using online media and assets to harass individuals?
true
true or false? the success of trojans is due to their reliance on social engineering to spread and operate: they have to trick users into running them
true
What is the only unbreakable cipher when it is used properly?
vernam
match: FAT32 NTFS ext3 3xt4 APFs
windows windows linux linux macOS