ITM 350 midterm study guide

Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted several subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. If the exposure factor (EF) for a $10 million facility is 20 percent, what is the single loss expectancy (SLE)? Answers: A.$2,000 B.$200,000 C.$2,000,000 D.$20,000

2,000,000 given

Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the exposure factor (EF)? Answers: A.10 percent B.1 percent C.20 percent D.50 percent

20 % $mill

Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the annualized loss expectancy (ALE)? Answers: A.$2,000,000 B.$2,000 C.$20,000 D.$200,000

20,000 1%(2,000,000)

Devaki is capturing traffic on her network. She notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted connections? A.80 B.23 C.20 D.22

22 Reason: The Secure Shell (SSH) protocol uses port 22. SSH is a network protocol for performing remote terminal access to another device. SSH encrypts data for maintaining the confidentiality of communications. Port 20 corresponds to the File Transfer Protocol (FTP), which is a cleartext protocol. Port 23 corresponds to the Telnet protocol, which is a cleartext protocol. Port 80 corresponds to the Hypertext Transfer Protocol (HTTP), which is a cleartext protocol.

What network port number is used for unencrypted web-based communication by default?

80

Juan's web server was down for an entire day in April. It experienced no other downtime during that month. What represents the web server uptime for that month? A.96.67% B.3.33% C.1.03% D.99.96%

96.67% reason: April has 30 days, so the web server had 29 days of uptime: 29/30 = 0.9667 or 96.67%.

Devaki is evaluating different biometric systems. She understands that users might not want to subject themselves to retinal scans due to privacy concerns. Which concern of a biometric system is she considering?

Acceptability

Jackson is a cybercriminal. He is attempting to keep groups of a company's high-level users from accessing their work network accounts by abusing a policy designed to protect employee accounts. Jackson attempts to log in to their work accounts repeatedly using false passwords. What security method is he taking advantage of?

Account lockout policies

A hacker has stolen logon IDs and passwords. The hacker is now attempting to gain unauthorized access to a public-facing web application by using the stolen credentials one by one. What type of attack is taking place? A. Birthday attack B. Replay attack C. Phreaking D. Credential harvesting

Credential harvesting

Which attack is typically used specifically against password files that contain cryptographic hashes?

Birthday

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort? A. Disaster recovery plan (DRP) B. Business continuity plan (BCP) C. Service-level agreement (SLA) D. Business impact analysis (BIA)

Business continuity plan (BCP)

A company's IT manager has advised the business's executives to use a method of decentralized access control rather than centralized to avoid creating a single point of failure. She selects a common protocol that hashes passwords with a one-time challenge number to defeat eavesdropping-based replay attacks. What is this protocol?

Challenge-Handshake Authentication Protocol (CHAP)

A hacker has stolen logon IDs and passwords. The hacker is now attempting to gain unauthorized access to a public-facing web application by using the stolen credentials one by one. What type of attack is taking place?

Credential harvesting

Arturo is a network engineer. He wants to implement an access control system in which the owner of the resource decides who can change permissions, and permission levels can be granted to specific users, groups of people in the same or similar job roles, or by project. Which of the following should Arturo choose?

Discretionary access control (DAC)

Maria is using accounting software to compile sensitive financial information. She receives a phone call and then momentarily leaves her desk. While she's gone, Bill walks past her cubicle and sees that she has not locked her desktop and left data exposed. Bill uses his smartphone to take several photos of this data with the intent of selling it to the company's competitor. What access control compromise is taking place?

Eavesdropping by observation

Lincoln is a network security specialist. He is updating the password policy for his company's computing infrastructure. His primary method of improving password policy involves lowering the chance that an attacker can compromise and use the password before it expires. What does he do?

Enables a 30-day password change policy

Aditya recently assumed an information security role for a financial institution located in the United States. He is tasked with assessing the institution's risk profile and cybersecurity maturity level. What compliance regulation applies specifically to Aditya's institution? A. HIPAA B. FISMA C. PCI DSS D. FFIEC

FFIEC

True or False? An information system is a safeguard or countermeasure an organization implements to help reduce risk.

False

True or False? Bluejacking is an attack in which wireless traffic is sniffed between Bluetooth devices.

False

True or False? Corrective controls are implemented to address a threat in place that does not have a straightforward risk-mitigating solution.

False

True or False? Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure webpages.

False

Anya is a cybersecurity engineer for a high-secrecy government installation. She is configuring biometric security that will either admit or deny entry using facial recognition software. Biometric devices have error rates and certain types of accuracy errors that are more easily tolerated depending on need. In this circumstance, which error rate is she likely to allow to be relatively high?

False rejection rate (FRR)

Bob is the information security and compliance manager for a financial institution. Which regulation is most likely to directly apply to Bob's employer? A.Gramm-Leach-Bliley Act (GLBA) B.Federal Information Security Management Act (FISMA) C.Children's Internet Protection Act (CIPA) D.Health Insurance Portability and Accountability Act (HIPAA)

Federal information security management act (FISMA) reason: GLBA requires all types of financial institutions to protect customer's private financial information.

Arturo would like to connect a fibre channel storage device to systems over a standard data network. What protocol should he use? A. Secure Shell (SSH) B. Fibre Channel (FC) C. Internet Small Computer System Interface (iSCSI) D. Fibre Channel over Ethernet (FCoE)

Fibre Channel over Ethernet (FCoE)

Isabella is in charge of the disaster recovery plan (DRP) team. She needs to ensure that data center operations will transfer smoothly to an alternate site in the event of a major interruption. She plans to run a complete test that will interrupt the primary data center and transfer processing capability to a hot site. What option is described in this scenario? A. Parallel test B. Simulation test C. Structured walk-through D. Full-interruption test

Full-interruption test

Carrie is a network technician developing the Internet Protocol (IP) addressing roadmap for her company. While IP version 4 (IPv4) has been the standard for decades, IP version 6 (IPv6) can provide a much greater number of unique IP addresses. Which addressing system should she designate for primary use on her roadmap and why? A. IPv6 is only slowly being adopted. She should make IPv4 the primary addressing scheme in her roadmap until IPv6 is more widely adopted. B. IPv6 is rapidly replacing IPv4 worldwide. She should make IPv6 the primary addressing scheme in her roadmap. C. There will be adequate IPv4 addresses available well into the future. She should make IPv4 the primary addressing scheme. D. Few commercial businesses still use IPv4. She should feature IPv6 strongly in her roadmap rather than have her company fall behind technologically.

IPv6 is only slowly being adopted. She should make IPv4 the primary addressing scheme in her roadmap until IPv6 is more widely adopted.

Keisha is a network administrator. She wants a cloud-based service that will allow her to load operating systems on virtual machines and manage them as if they were local servers. What service is Keisha looking for?

Infrastructure as a Service (IaaS)

Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If that is correct, which one of the tenets of information security did this attack violate? A.Nonrepudiation B.Integrity C.Confidentiality D.Availability

Integrity

What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?

Kerberos

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals? A. Payment Card Industry Data Security Standard (PCI DSS) B. Federal Information Security Management Act (FISMA) C. Federal Financial Institutions Examination Council (FFIEC) D. Health Insurance Portability and Accountability Act (HIPAA)

Payment Card Industry Data Security Standard (PCI DSS)

An automatic teller machine (ATM) uses a form of constrained user interface to limit the user's ability to access resources in the system. Specifically for ATMs, which method is being used?

Physically constrained user interfaces

Hajar is developing a business impact assessment for her organization. She is working with business units to determine the target state of recovered data that allows the organization to continue normal processing after a major interruption. Which of the following is Hajar determining? A. Recovery point objective (RPO) B. Recovery time objective (RTO) C. Business recovery requirements D. Technical recovery requirements

Recovery point objective (RPO)

A brute-force password attack and the theft of a mobile worker's laptop are risks most likely found in which domain of a typical IT infrastructure? A.Remote Access Domain B.User Domain C.Local Area Network (LAN) Domain D.Workstation Domain

Remote Access Domain

Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?

Separation of duties

As a follow-up to her annual testing, Isabella would like to conduct quarterly disaster recovery tests. These tests should include role-playing and introduce as much realism as possible without affecting live operations. What type of test should Isabella conduct? A. Checklist test B. Simulation test C. Parallel test D. Structured walk-through

Simulation test

What is an example of two-factor authentication (2FA)?

Smart card and personal identification number (PIN)

Hajar is investigating a denial of service attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place? A. Land B. Smurf C. Teardrop D. Cross-site scripting (XSS)

Smurf

Which of the following principles is not a component of the Biba integrity model? A subject may not ask for service from subjects that have a higher integrity level. B. Subjects cannot read objects that have a lower level of integrity than the subject C. Subjects cannot change objects that have a lower integrity level. D. Subjects at a given integrity level can call up only subjects at the same integrity level or lower.

Subjects cannot change objects that have a lower integrity level.

True or False? A data classification standard provides a consistent definition for how an organization should handle and secure different types of data.

True

True or False? Impact refers to the amount of risk or harm caused by a threat or vulnerability that is exploited by a perpetrator.

True

True or False? A social engineering consensus tactic relies on the position that "everyone else has been doing it" as proof that it is okay or acceptable to do.

True

True or False? An IT security policy framework is like an outline that identifies where security controls should be used.

True

True or False? An alteration threat violates information integrity.

True

True or False? Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.

True

True or False? Availability is the tenet of information security that deals with uptime and downtime.

True

True or False? Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext.

True

True or False? In a browser or uniform resource locator (URL) hijacking attack, users are directed to websites other than what they requested, usually to fake pages that attackers have created.

True

True or False? In a masquerade attack, one user or computer pretends to be another user or computer.

True

True or False? Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available.

True

True or false: A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing.

True

Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use? A. Router B. Firewall C. VPN concentrator D. Unified threat management (UTM)

VPN concentrator

Wen is a network engineer. For several months, he has been designing a system of controls to allow and restrict access to network assets based on various methods and information. He is currently configuring the authentication method. What does this method do?

Verifies that requestors are who they claim to be

Which of the following is used to perform a scan of the network and create a network topology chart?

Zenmap

Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place? Answers: A.Internet Protocol (IP) address spoofing B.Address resolution protocol (ARP) poisoning C.Christmas attack D.Uniform resource locator (URL) hijacking

address resolution protocol (ARP) poisoning

Carl recently joined a new organization. He noticed that the firewall technology used by the firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used? A. Application proxying B. Packet filtering C. Stateful inspection D. Network address translation

application proxy firewall

Maria is writing a policy that defines her organization's data classification standard. The policy designates the IT assets that are critical to the organization's mission and defines the organization's systems, uses, and data priorities. It also identifies assets within the seven domains of a typical IT infrastructure. Which policy is Maria writing? A.Asset protection policy B.Asset classification policy C.Security awareness policy D.Asset management policy

asset classification policy

Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create? Guideline Policy Procedure Baseline

baseline

Which security model does not protect the integrity of information? Clark-Wilson Brewer-Nash Biba Bell-LaPadula

bell-laPadula

True or False? Common methods used to identify a user to a system include username, smart card, and biometrics.

true

Miriam is a network administrator. She would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy? A. Lightweight Extensible Authentication Protocol (LEAP) B. Protected Extensible Authentication Protocol (PEAP) C. Captive portal D. Remote Authentication Dial-In User Service (RADIUS)

captive portal

Rodrigo is a security professional. He is creating a policy that gives his organization control over mobile devices used by employees while giving them some options as to the type of device they will use. Which approach to mobile devices is Rodrigo focusing on in the policy? A. Choose Your Own Device (CYOD) B. Bring Your Own Device (BYOD) C. Company-owned business-only (COBO) D. Company-owned/personally enabled (COPE)

choose your own device (CYOD)

Forensics and incident response are examples of __________ controls. Answers: A.deterrent B.detective C.preventive D.corrective

corrective

Which of the following is the point at which two error rates of a biometric system are equal and is the measure of the system's accuracy expressed as a percentage?

crossover error rate (CER)

The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control.

security kernel

Which type of password attack is used on weak passwords and compares a hashed value of the passwords to the system password file to find a match?

dictionary attack

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?

evil twin

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? Answers: A.Jamming/interference B.Evil twin C.Near field communication D.Bluesnarfing

evil twin

True or False? A border router can provide enhanced features to internal networks and help keep subnet traffic separate.

false

True or False? A dictionary password attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.

false

True or False? A packet-filtering firewall remembers information about the status of a network communication.

false

True or False? A router is a security appliance that is used to filter Internet Protocol (IP) packets and block unwanted packets.

false

True or False? A smart card is an example of a logical access control.

false

True or False? An authentication, authorization, and accounting (AAA) server, such as Remote Authentication Dial-In User Service (RADIUS), is a type of decentralized access control.

false

True or False? An uninterruptible power supply (UPS) is an example of a reactive component of a disaster recovery plan (DRP).

false

True or False? Another name for a border firewall is a demilitarized zone (DMZ) firewall.

false

True or False? Authentication by characteristics/biometrics is based on something you have, such as a smart card, a key, a badge, or either a synchronous or asynchronous token.

false

True or False? Authorization controls include biometric devices.

false

True or False? In mandatory access control (MAC), access rules are closely managed by the security administrator and not by the system owner or ordinary users for their own files.

false

True or False? In most organizations, focusing on smaller issues rather than planning for the most wide-reaching disaster results in a more comprehensive disaster recovery plan.

false

True or False? Internet Protocol version 4 (IPv4) uses the Internet Control Message Protocol (ICMP) within a network to automatically assign an Internet Protocol (IP) address to each computer.

false

True or False? Kerberos is an example of a biometric method.

false

True or False? Passphrases are less secure than passwords.

false

True or False? Regarding data-center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time.

false

True or False? Service-level agreements (SLAs) are a common part of the Local Area Network (LAN)-to-Wide Area Network (WAN) Domain of a typical IT infrastructure.

false

True or False? Temporal isolation is commonly used in combination with rule-based access control.

false

True or False? The business continuity plan (BCP) identifies the resources for which a business impact analysis (BIA) is necessary.

false

True or False? The four central components of access control are users, resources, actions, and features.

false

True or False? The number of failed logon attempts that trigger an account action is called an audit logon event.

false

True or False? Voice pattern biometrics are accurate for authentication because voices cannot easily be replicated by computer software.

false

true or false: Configuration changes can be made at any time during a system life cycle and no process is required.

false

true or false: Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks.

false

True or False? A phishing attack "poisons" a domain name on a domain name server (DNS).

false Pharming is another type of attack that seeks to obtain personal or private financial information through domain spoofing. A pharming attack doesn't use messages to trick victims into visiting spoofed websites that appear legitimate, however. Instead, pharming "poisons" a domain name on the domain name server (DNS), a process known as DNS poisoning.

True or False? A smishing attack is a type of phishing attack involving voice communication.

false a vishing attack is a type of phishing attack involving voice communication

Dawn is selecting an alternative processing facility for her organization's primary data center. She needs a facility with the least switchover time, even if it's the most expensive option. What is the most appropriate option in this situation? A. Hot site B. Cold site C. Mobile site D. Warm site

hot site

Remote access security controls help to ensure that the user connecting to an organization's network is whom the user claims to be. A username is commonly used for _______, whereas a biometric scan could be used for _______. A.authentication, authorization B.authorization, accountability C.identification, authorization D.identification, authentication

identification, authentication

Maria is a freelance network consultant. She is setting up security for a small business client's wireless network. She is configuring a feature in the wireless access point (WAP) that will allow only computers with certain wireless network cards to connect to the network. This feature filters out the network cards of any wireless computer not on the list. What is this called? A. Service set identifier (SSID) broadcasting B. Uniform Resource Locator (URL) filtering C. Media Access Control (MAC) address filtering D. Subnetting

media access control (MAC) address filtering

Isabella is a network engineer. She would like to strengthen the security of her organization's networks by adding more requirements before allowing a device to connect to a network. She plans to add authentication to the wireless network and posture checking to the wired network. What technology should Isabella use? A. Virtual private network (VPN) B. Virtual LAN (VLAN) C. A demilitarized zone (DMZ) D. Network access control (NAC)

network access control (NAC)

Because network computers or devices may host several services, programs need a way to tell one service from another. To differentiate services running on a device, networking protocols use a(n) ________, which is a short number that tells a receiving device where to send messages it receives. A. ping B. Internet Protocol (IP) address C. Media Access Control (MAC) address D. network port

network port

which type of authentication includes smart cards?

ownership

What is an example of a logical access control?

password

Which one of the following is an example of logical access control? Password Fence Key for a lock Access card

password

Susan is troubleshooting a problem with a computer's network cabling. At which layer of the Open Systems Interconnection (OSI) Reference Model is she working? A. Physical B. Application C. Session D. Presentation

physical

Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing? A.Policy B.Guideline C.Procedure D.Standard

procedure

Aditya is the security manager for a mid-sized business. The company has suffered several serious data losses when laptops were stolen. Aditya decides to implement full disk encryption on all laptops. What risk response did Aditya take? A. Avoid B. Accept C. Transfer D. Reduce

reduce

Hakim is a network engineer. He is configuring a virtual private network (VPN) technology that is available only for computers running the Windows operating system. Which technology is it? A. Secure Socket Tunneling Protocol (SSTP) B. OpenVPN C. Internet Protocol Security (IPSec) D. Point-to-Point Tunneling Protocol (PPTP)

secure socket tunneling protocol (SSTP)

There are a large number of protocols and programs that use port numbers to make computer connections. Of the following, which ones do not use port numbers? A. Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) B. Simple Mail Transfer Protocol (SMTP) or Post Office Protocol v3 (POP3) C. Secure Sockets Layer (SSL) or Transport Layer Security (TLS) D. File Transfer Protocol (FTP) data transfer or FTP control

secure sockets layer (SSL) or transport layer security (TLS)

In which type of attack does the attacker attempt to take over an existing connection between two systems? Answers: A.Session hijacking B.Uniform resource locator (URL) hijacking C.Man-in-the-middle attack D.Typosquatting

session hijacking

A ________ is used to identify the part of an Ethernet network where all hosts share the same host address. A. switch B. access point C. router D. subnet mask

subnet mask

On early Ethernet networks, all computers were connected to a single wire, forcing them to take turns on a local area network (LAN). Today, this situation is alleviated on larger networks because each computer has a dedicated wire connected to a ___________ that controls a portion of the LAN. A. server B. firewall C. router D. switch

switch

The availability of commands in the Cisco IOS (Internetwork Operating System) is based on:

the privilege level of the user

Purchasing an insurance policy is an example of the ____________ risk management strategy. Answers: A.accept B.transfer C.reduce D.avoid

transfer

True or False? A Chinese wall security policy defines a barrier and develops a set of rules to ensure that no subject gets to objects on the other side.

true

True or False? A business continuity plan (BCP) directs all activities required to ensure that an organization's critical business functions continue when an interruption occurs that affects the organization's viability.

true

True or False? A degausser creates a magnetic field that erases data from magnetic storage media.

true

True or False? A disaster recovery plan (DRP) is part of a business continuity plan (BCP) and is necessary to ensure the restoration of resources required by the BCP to an available state.

true

True or False? A firewall can be used to segment a network.

true

True or False? A home user connecting to a website over the Internet is an example of a wide area network (WAN) connection.

true

True or False? A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.

true

True or False? A network protocol governs how networking equipment interacts to deliver data across the network.

true

True or False? A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded link or opening an email attachment.

true

True or False? A protocol is a set of rules that govern the format of messages that computers exchange.

true

True or False? A threat analysis identifies and documents threats to critical resources, which means considering the types of disasters that are possible and what kind of damage they can cause.

true

True or False? A unified threat management (UTM) device can provide content inspection, where some or all network packet content is inspected to determine whether the packet should be allowed to pass.

true

True or False? A wireless access point (WAP) is the connection between a wired network and wireless devices.

true

True or False? Access control lists (ACLs) are used to permit and deny traffic in an Internet Protocol (IP) router.

true

True or False? Anti-malware programs and firewalls cannot detect most phishing scams because the scams do not contain suspect code.

true

True or False? Authentication by action is based on something you do, such as typing.

true

True or False? Authentication by knowledge is based on something the user knows, such as a password, passphrase, or personal identification number (PIN).

true

True or False? Authentication controls include passwords and personal identification numbers (PINs).

true

True or False? Changes to external requirements, such as legislation, regulation, or industry standards, that require control changes can result in a security gap for an organization.

true

True or False? Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it.

true

True or False? Cryptography is the practice of making data unreadable.

true

True or False? Each layer of the Open Systems Interconnection (OSI) Reference Model needs to be able to talk to the layers above and below it.

true

True or False? Encrypting data within databases and storage devices gives an added layer of security.

true

True or False? For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public-domain categories.

true

True or False? If a company informs employees that email sent over the company's network is monitored, the employees can no longer claim to have an expectation of privacy.

true

True or False? Log files are one way to prove accountability on a system or network.

true

True or False? Mobile device management (MDM) includes a software application that allows organizations to monitor, control, data wipe, or data delete business data from a personally owned device.

true

True or False? OCTAVE is an approach to risk-based strategic assessment and planning.

true

True or False? Physically disabled users might have difficulty with biometric system accessibility, specifically with performance-based biometrics.

true

True or False? Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.

true

True or False? Screen locks are a form of endpoint device security control.

true

True or False? Single sign-on (SSO) can provide for greater security because with only one password to remember, users are generally willing to use stronger passwords.

true

True or False? Storage segmentation is a mobile device control that physically separates personal data from business data.

true

True or False? The Gramm-Leach-Bliley Act (GLBA) addresses information security concerns in the financial industry.

true

True or False? The Local Area Network (LAN) Domain of a typical IT infrastructure includes both physical network components and logical configuration of services for users.

true

True or False? The Local Area Network (LAN)-to-Wide Area Network (WAN) Domain is where the IT infrastructure links to a WAN and the Internet.

true

True or False? The recovery time objective (RTO) expresses the maximum allowable time in which to recover the function after a major interruption.

true

true or false: A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.

true

true or false: Failing to prevent an attack all but invites an attack.

true

An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using? A.Vishing B.Urgency C.Authority D.Whaling

urgency

In which domain of a typical IT infrastructure is the first layer of defense for a layered security strategy? A.Local Area Network (LAN) Domain B.System/Application Domain C.Workstation Domain D.User Domain

user domain

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross-site scripting attack against the server. What term describes the issue that Adam discovered? A. Vulnerability B. Impact C. Threat D. Risk

vulnerability