ITS415 cyber security
Jim has worked in human relations, payroll, and customer service roles in his company over the past few years. What type of process should his company perform to ensure that he has appropriate rights?
Jim has worked in human relations, payroll, and customer service roles in his company over the past few years. What type of process should his company perform to ensure that he has appropriate rights?
Kolin is searching for a network security solution that will allow him to help reduce zero-day attacks while using identities to enforce a security policy on systems before they connect to the network. What type of solution should Kolin implement?
NAC system
Tommy handles access control requests for his organization. A user approaches him and explains that he needs access to the human resources database to complete a headcount analysis report requested by the chief financial officer (CFO). According to which rule has the user demonstrated successfully to Tommy regarding access for the database?
Need to know
Which of the following can put the organization completely out of existence and, along the way, inflict significant levels of pain and suffering on its employees? Each correct answer represents a complete solution. Choose all that apply.
anamoly destruction disruption
ARO stands for which of the following with regards to a risk event?
annualized rate of occurrence
Which of the following is verification that a process has been completed according to the policy or plan?
auditing
Which of the following statements about man-in-the-middle (MITM) attacks is most correct?
b MITM attacks can occur at any layer and against connectionless or connection-oriented protocols.
Question 59 : Which of the following is an organized disassembling of the rights and privileges of the user account as well as archiving any folders, data, or other user-specific information as required by the policy?
contingent operations planning
Which plane provides all of the processes, functions, and protocols for switching, routing, address resolution, and related activities?
control plan
Which of the following are the key characteristics of information? Each correct answer represents a complete solution. Choose all that apply.
confidentiality, integrity, privacy
A(n) ________ hides the internal network's IP address and presents a single IP address to the outside world.
proxy server
In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other's identity?
public cloud
Question 20 : Which of the following is an example of risk transference?
purchasing insurance
Which of the following protocols uses port number 22?
ssh
Which of the following encompasses any effort to learn about the people in the organization and find exploitable weaknesses via those people?
social engineering
Voice pattern recognition is what type of authentication factor?
something you are
Which type of hacking occurs due to user interaction with a website?
Web attack
Which statement about business continuity planning and information security is most correct?
d Planning should continuously bring plans and procedures in tune with ongoing operational reality.
Which plan would you expect to be driven by assessments such as SLE, ARO, or ALE?
d Risk management plan
Which statement about privacy and data protection is most correct?
d Sometimes, it seems cheaper to run the risk of fines or loss of business from a data breach involving privacy-related data than to implement proper data protection to prevent such a loss. Although this might make financial sense, it is not legal or ethical to do so.
You've been asked to investigate a possible intrusion on your company's networks. Which set of protocols or design concepts would you find most valuable, and why? Choose the most correct statement.
d You'll most likely need TCP/IP, the OSI 7-layer reference model, and the data, control, and management diagrams and information about your company's networks to fully understand and contain this incident.
Protection is accomplished by ensuring which three requirements?
Confidentiality, integrity, and availability
How many possible keys exist when using a cryptographic algorithm that has an 8-bit binary encryption key?
256
Question 95 : IPv4 has address lengths of how many bits?
34
Jim is building a research computing system that benefits from being part of a full mesh topology between systems. In a five-node full mesh topology design, how many connections will an individual system have?
4
Question 120 : How many possible keys exist in a cryptographic algorithm that uses 6-bit encryption keys?
64
Which of the following options includes standards or protocols that exist in Layer 6 or the Presentation layer of the OSI model?
MPEG, ASCII, and FIELDATA
Which of the following is not an example of technical control?
policy document
Which of the following activities is an example of an authorization process?
A system consulting an access control list
Which of the following are the layers of the TCP/IP model?
Application Network Link
Which of the following are examples of routing protocols? Each correct answer represents a complete solution. Choose all that apply.
BGP and this is correct answer B option B RIPand this is correct answer C option C OSPF
Which TCP/IP protocol operates on port 80 and displays webpages?
HTTP
Which of the following information should be reflected in the business impact analysis? Each correct answer represents a complete solution. Choose all that apply.
Inform, guide, and shape risk management decisions by senior leadership Provide the insight to choose a balanced, prudent mix of risk mitigation tactics and techniques. Guide the organization in accepting residual risk to goals, objectives, processes, or assets in areas where this is appropriate.
Which of the following stands behind the idea that cryptographic algorithms should be open to public inspection?
Kerckhoff's principle
SMTP, HTTP, and IMAP all occur at what layer of the OSI model?
Layer 7
Which of the following is designed to prevent a web server going offline from becoming a single point of failure in a web application architecture?
Load balancing
In an organization, an employee should have the necessary permissions and rights to fulfill their job function. Which of the following does this mean?
Principle of least privilege
What RADIUS alternative has been widely refined by the Cisco system and provides greater command logging and central management features?
TACACS+
The process by which cryptologic systems are cleared of all keying materials, plaintext, ciphertext, and control parameters is known as which of the following?
Zeroization
Which of the following models emphasized protecting the confidentiality of information?
bell lapadula
Which of the following refers to any unauthorized person or entity that tries to access your systems and the information in them with malicious intent?
black hat
An attacker tries to develop a long-term relationship with staff members within the target organization. They may pose as a prospective employee and gather significant information about software (applications and systems) being used at the target company, how tightly it is controlled, and how well it is maintained. Offering a sympathetic ear to complaints about the systems being used, attackers can spot potential vulnerabilities—either in those systems or with other humans in the organization to target with social engineering efforts. According to the scenario, this describes which of the following attacks?
catfish
Jasper Diamonds is a jewelry manufacturer that markets and sells custom jewelry through its website. Bethany is the manager of Jasper's software development organization, and she is working to bring the company into line with industry standard practices. She is developing a new change management process for the organization and wants to follow commonly accepted approaches. Jasper would like to establish a governing body for the organization's change management efforts. What individual or group within an organization is typically responsible for reviewing the impact of proposed changes?
change control board
The combined study of cryptography and cryptanalysis is called ______________.
cryptology
Google's identity integration with a variety of organizations and applications across domains is an example of which of the following?
federation
Which one of the following provides an authentication mechanism that would be appropriate for pairing with a password to achieve multifactor authentication?
fingerprint scan
Using the OSI model, what format does the Data Link layer use to format messages received from higher up the stack?
frame
Which formula is used to determine risk?
risk=threat*vulnerability
Tom is considering locating a business in the downtown area of Miami, Florida. He consults the FEMA flood plain map for the region and determines that the area he is considering lies within a 100-year flood plain. What is ARO of a flood in this area?
.01
What is the proper range for a Class B IP address?
128.0.0.0 - 191.255.255.255
What is the length of the longest encryption key supported by the Advanced Encryption Standard (AES) algorithm?
256 bits
Question 38 : Which of the following are the layers of the OSI model? Each correct answer represents a complete solution. Choose all that apply.
Application and this is correct answer B option B Presentationand this is correct answer C option C Data Link
What is the process of identifying everything that could be a key or valuable thing and adding it to an inventory system that tracks information about its acquisition costs, direct users, physical (or logical) location, and any relevant licensing or contract details?
Asset management
Ann is a security professional for a midsize business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization's intrusion detection system. The system typically generates several dozen alerts each day, and many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system gave an alert because the network began to receive an unusual high volume of the inbound traffic. Ann received this alert and began looking into the origin of the traffic. Ann continues her investigation and realizes that the traffic generating the alert is abnormally high volumes of inbound UDP traffic on port 53. What service typically uses this port?
DNS
What are the goals of network access control? Each correct answer represents a complete solution. Choose all that apply.
Encryption of network traffic, using a variety of protocols Authorization, authentication, and accounting of network connections Automation and support of role-based network security
Which of the following statements are true of zero trust architectures? Each correct answer represents a complete solution. Choose all that apply.
Ensure that all accesses to all objects, by all subjects, are fully authenticated and authorized each time. Combine attributes about subjects, objects, and types of access with a time of day, location, or other environmental or context information. Adopt and enforce a least privilege strategy.
This is what we mean by the condition of being oneself.
Identity
florian is building a disaster recovery plan for his organization and would like to determine the amount of time that a particular IT service may be down without causing serious damage to business operations. What variable is Florian calculating?
MTO
Which of the following is not one of the canons of the (ISC)2 Code of Ethics?
Maintain competent records of all investigations and assessments.
Which of the following statements are true about a standalone system? Each correct answer represents a complete solution. Choose all that apply.
Meets some specific business needs but is not as integrated into organizational systems planning, management, and control as other systems are and this is correct answer B option B May be kept apart for valid reasons, such as to achieve a more cost-effective solution to data protection needs or to support product, software, or systems development and testing and this is correct answer C option C Based on obsolete technologies, have been inherited from earlier business ventures or organizational structure
Which of the following statements are true of a network operations center (NOC)? Each correct answer represents a complete solution. Choose all that apply.
Performs valuable roles in maintaining the day-to-day operation of the network infrastructure Investigates problems that users report and responds to service requestsand this is correct answer C option C Focuses on getting the network to work, keeping it working, and modifying and maintaining it to meet changing organizational needs
Question 47 : Alex has been employed by his company for more than a decade and has held a number of positions in the company. During an audit, it is discovered that he has access to shared folders and applications because of his former roles. What issue has Alex's company encountered?
Privilege creep
Remediation deals with the everyday occurrence that some legitimate users and their endpoints may fail to meet all required security policy conditions. What are the strategies used in achieving remediation? Each correct answer represents a complete solution. Choose all that apply.
Quarantine network Captive portal
Kim is a security administrator of his company. Jack, a team member, reports Kim about an e-mail that displays a message demanding a fee to be paid for his system to work again. Which type of threat is described in the scenario?
Ransomware
Which of the following are the legitimate ways to transfer a risk?
Recognize that government agencies have the responsibility to contain, control, or prevent the risk, which your taxes pay them to do.,, Shift the affected business processes to a service provider, along with contractually making sure they are responsible for controlling that risk or have countermeasures in place to address it, Pay insurance premiums for a policy that provides for payment of claims and liabilities in the event the risk occurs.
Which of the following are the stages of the waterfall model? Each correct answer represents a complete solution. Choose all that apply.
Systems analysis Operational deployment Development and test
Which of the following terms is defined as the basic logical geometry by which different elements of a network connect together?
Topology
What type of access control is composed of policies and procedures that support regulations, requirements, and the organization's own policies?
administrative
The Wi-Fi Protected Access Version 2 (WPA2) security protocol is based on which common encryption scheme?
aes
Carla has worked for her company for 15 years and has held a variety of different positions. Each time she changed positions, she gained the new privileges associated with that position, but no privileges were ever taken away. What concept describes the sets of privileges she has accumulated?
aggregation
Which of the following represents the annual loss expectancy (ALE) calculation?
ale=sle*aro
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. Alice would like to digitally sign the message that she sends to Bob. What key should she use to create the digital signature?
alices private key
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. Which of the following keys would Bob not possess in this scenario?
alices private key
The preamble of the (ISC)2 Code of Ethics reminds us of which of the following?
all of these
Which of the following are the datacenter's logging and monitoring system activities that are worth raising alarm for any incident that might occur?
all of these
When an application or system allows a logged-in user to perform specific actions, it is an example of what?
authorization
Which statement about precursors and indicators is most correct?
b Precursors are the observable signals from an event, which may suggest that an information systems security event may happen later.
Which of the following are the types of Bluetooth attacks? Each correct answer represents a complete solution. Choose all that apply.
bluebugging, bluesnarfing bluejacking
What network topology is shown in the following figure?
bus
Which of the following network topologies connects multiple nodes together, one after the other, in series?
bus
An investment has been made in obtaining and producing information. The competitive advantage this information investment gives us is that others cannot take this information away and neutralize our advantage. Which of the following is about protecting such investment?
confidentiality
Which of the following come under the CIA triad? Each correct answer represents a complete solution. Choose all that apply.
confidentiality, integrity, availability
During which phase does the incident response team limit the damage caused by an incident?
containment
Ann is a security professional for a midsize business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization's intrusion detection system. The system typically generates several dozen alerts each day, and many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system gave an alert because the network began to receive an unusual high volume of the inbound traffic. Ann received this alert and began looking into the origin of the traffic. As Ann analyzes the traffic further, she realizes that the traffic is coming from many different sources and has overwhelmed the network, preventing legitimate uses. The inbound packets are responses to queries that she does not see in the outbound traffic. The responses are abnormally large for their type. What type of attack should Ann suspect?
denial of service
Frank is the security administrator for a web server that provides news and information to people located around the world. His server received an unusual high volume of traffic that it could not handle and was forced to reject requests. Frank traced the source of the traffic back to a botnet. What type of attack took place?
denial of service
The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider. How can Jack detect issues like this using his organization's new centralized logging?
deploy and use siem
Which of the following types of controls do describe a mantrap? Each correct answer represents a complete solution. Choose all that apply.
deterrent, preventative, physical
At a murder crime scene, a laptop is found which is password protected. The investigation team has hired a hacker to access the laptop to get all the relevant information of the deceased. The hacker is trying to access the laptop by systematically entering every word/phrase as a password. Which type of attack does this describe?
dictionary
hich of the following tools is used to achieve the goal of nonrepudiation?
digital signature
What is the process that occurs when the header and footer are added to the data?
encapsulation
GAD Systems is concerned about the risk of hackers stealing sensitive information stored on a file server. They choose to pursue a risk mitigation strategy. Which one of the following actions would support that strategy?
encrypting the file
Jack, a security administrator, wants to actively find and exploit vulnerabilities in an organization's information security posture, processes, procedures, and systems. Which testing should he perform to accomplish the task?
ethical penetration
Which of the following is the process of taking raw data from numerous sources, assimilating and processing it, and presenting the result in a way that can be easily interpreted and acted upon?
event data analysis
Which of the following provides cloud services tailored to meet the needs of the U.S. federal government, whether for a single agency or for an interagency federation of activities?
govcloud
Don's company is considering the use of an object-based storage system where data is placed in a vendor-managed storage environment through the use of API calls. What type of cloud computing service is in use?
iaas
A cloud-based service that delivers integrated sets of identity management services and access control capabilities is known as which of the following?
idaas
Jim is implementing an IDaaS solution for his organization. What type of technology is he putting in place?
identity as a service
Alan is installing a fire suppression system that will kick in after a fire breaks out and protect the equipment in the data center from extensive damage. What metric is Alan attempting to lower?
impact
Question 9 : You are conducting a qualitative risk assessment for your organization. The two important risk elements that should weigh most heavily in your analysis of risk are probability and ___________.
impact
Which of the following characterizes how important and vital some kinds of information are to the organization?
impact assessment
Question 16 : Jasper Diamonds is a jewelry manufacturer that markets and sells custom jewelry through its website. Bethany is the manager of Jasper's software development organization, and she is working to bring the company into line with industry-standard practices. She is developing a new change management process for the organization and wants to follow commonly accepted approaches.
incident response plan
Which of the following administrative processes assists organizations in assigning appropriate levels of security control to sensitive information?
information classification
Question 25 : Alice wants to send Bob a message with the confidence that Bob will know the message was not altered while in transit. What goal of cryptography is Alice trying to achieve?
integrity
What is the process of ensuring that the authorized senders and recipients have appropriate copies of cryptographic keys to be used for their secure communications, along with any updates to the rules for their period of use and their safe disposal?
key distribution
A company is implementing asymmetric key cryptography for the emails of their employees. The company is concerned that employees may lose their private keys and will not be able to decrypt their messages. Which of the following is the best solution to this problem?
key escrow
The Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP) operate at what layer of the OSI model?
layer2
Gary was recently hired as the first chief information security officer (CISO) for a local government agency. The agency recently suffered a security breach and is attempting to build a new information security program. Gary would like to apply some best practices for security operations as he is designing this program. As Gary decides what access permissions he should grant to each user, what principle should guide his decisions about default permissions?
least privilege
Javier is verifying that only IT system administrators have the ability to log on to servers used for administrative purposes. What principle of information security is he enforcing?
least privilege
Lauren starts at her new job and finds that she has access to a variety of systems that she does not need to accomplish her job. This is a violation of which of the following?
least privilege
Marty discovers that his organization allows any user to log into the workstation assigned to any other user, even if they are from completely different departments. This type of access violates which information security principle?
least privilege
Renee is using encryption to safeguard sensitive business secrets when in transit over the Internet. What risk metric is she attempting to lower?
likelihood
Jack's organization is a government agency that handles very sensitive information. They need to implement an access control system that allows administrators to set access rights but does not allow the delegation of those rights to other users. What is the best type of access control design for Jack's organization?
mandatory access control
Colleen is conducting a business impact assessment for her organization. What metric provides the maximum time that a business process or task cannot be performed without causing intolerable disruption or damage to the business?
mao
Question 45 : Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. When Matthew goes to add the digital signature to the message, what encryption key does he use to create the digital signature?
matthews private key
Which of the following tools is best suited for exploiting known vulnerabilities?
metasploit
Question 101 : Which of the following allows a local area network to use one set of IP addresses for internal traffic and another set of IP addresses for external traffic?
nat
Which of the following allows a routing function to edit a packet to change one set of IP addresses for another? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A NAT
nat
Alex's job requires him to see protected health information to ensure the proper treatment of patients. His access to their medical records does not provide access to patient addresses or billing information. What access control concept best describes this control?
need to know
Question 12 : What are the four correct steps of the OODA loop?
observe, orient, decide, act
Question 123 : Which of the following are block cipher modes? Each correct answer represents a complete solution. Choose all that apply.
ofb cfb cbc
Which of the following are VPN protocols? Each correct answer represents a complete solution. Choose all that apply.
option A IPSecand this is correct answer B option B DTLSand this is correct answer C option C PPTP
Which of the following verifies that a given system and the people-powered processes, that implement the overall set of business logic and purpose, get work done correctly and completely when seen from the end-users' or operators' perspective?
ot&e
Mark is planning a disaster recovery test for his organization. He would like to perform a live test of the disaster recovery facility but does not want to disrupt operations at the primary facility. What type of test should Mark choose?
parallel test
Stella wants to use three primary factors for the authentication process in her organization. Which of the following she should consider?
passwords, token and biometrics
What is the process for updating systems and software with new pieces of code?
patch management
Data is sent as bits at what layer of the OSI model?
physical
Dogs, guards, and fences are all common examples of what type of control?
physical
Ed is tasked with protecting information about his organization's customers, including their name, Social Security number, birth date, and place of birth, as well as a variety of other information. What is this information known as?
pii
Information about an individual like their name, Social Security number, date and place of birth, or their mother's maiden name is an example of what type of protected information?
pii
Which of the following steps of the PDCA cycle is the process of laying out the step-by-step path we need to take to go from "where we are" to "where we want to be"?
planning
Which of the following are the host layers of the OSI model? Each correct answer represents a complete solution. Choose all that apply.
presentation application
In what cloud computing model does the customer build a cloud computing environment in his or her own data center or build an environment in another data center that is for the customer's exclusive use?
private cloud
alex has been with the university he works at for more than 10 years. During that time, he has been a system administrator and a database administrator, and he has worked in the university's help desk. He is now a manager for the team that runs the university's web applications.
privilege creep
Which of the following is a detailed, step-by-step document that describes the exact actions that individuals must complete?
procedure
Which of the following starts with the initial claim of identity and a request to create a set of credentials for that identity?
provisioning
Gordon is developing a business continuity plan for a manufacturing company's IT operations. The company is located in North Dakota and currently evaluating the risk of earthquakes. They choose to pursue a risk transference strategy. Which of the following actions is consistent with that strategy?
purchasing earthquake insurance
Which type of business impact assessment tool is most appropriate when attempting to evaluate the impact of a failure on customer confidence?
qualitative
Sally has been asked to determine the impact of a risk due to the tornado occurrence. Which risk assessment technique will she use to calculate the cost and monetary values to identify the impact of the risk?
quantitative
Diameter is an enhanced version of which protocol to deal with some of the security problems pertaining to mobile device network access?
radius
Which of the following is used to write data to a series of hard disks to provide either speed or data redundancy?
raid
Question 65 : During a penetration test, Chris recovers a file containing hashed passwords for the system he is attempting to access. What type of attack is likely to succeed against the hashed passwords?
rainbow table attack
Retaining and maintaining information for as long as it is needed is known as what?
records retention
What type of access control is deployed to repair or restore resources, functions, and capabilities after a violation of security policies?
recovery
Ben needs to verify that the most recent patch for his organization's critical application did not introduce issues elsewhere. What type of testing does Ben need to conduct to ensure this?
regression testing
The common vulnerabilities and exposures (CVE) data and your own vulnerability assessments indicate that many of your end-user systems do not include recent security patches released by the software vendors. You decide to bring these systems up to date by applying these patches. This is an example of which of the following?
remediating or mitigating a risk
Ricky would like to access a remote file server through a VPN connection. He begins this process by connecting to VPN and attempting to log in. Applying the subject/object model to this request, what is the subject of Ricky's login attempt?
ricky
Which of the following network topologies is a series of point-to-point connections with the last node on the chain looped back to connect to the first?
ring
Rolando is a risk manager with a large-scale enterprise. The firm recently evaluated the risk of California mudslides on its operations in the region and determined that the cost of responding outweighed the benefits of any controls it could implement. The company chose to take no action at this time. What risk strategy did Rolando's organization pursue?
risk acceptance
Tom is conducting a business continuity planning effort for Orange Blossoms, a fruit orchard located in Central Florida. During the assessment process, the committee determined that there is a small risk of snow in the region but that the cost of implementing controls to reduce the impact of that risk is not warranted. They elect to not take any specific action in response to the risk. What risk management strategy is Orange Blossoms pursuing?
risk acceptance
The willingness of an organization to accept the risk, and on how leadership makes decisions about risk is referred to as ___________.
risk appetite
After conducting a qualitative risk assessment of her organization, Sally recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she recommending?
risk transference
Tamara recently decided to purchase cyber-liability insurance to cover her company's costs in the event of a data breach. What risk management strategy is she pursuing?
risk transference
A major incident of security breach has occurred in your IT organization. As a security manager, you are working along with your team to find out the underlying vulnerability or mechanism of failure which has led to this incident. What sort of analysis is required?
root cause analysis
Question 41 : Which of the following is a special class of malware that uses a variety of privilege elevation techniques to insert themselves into the lowest-level (or kernel) functions in the operating system and upon bootup get loaded and enabled before most antimalware or antivirus systems get loaded and enabled?
rootkit
Fred needs to deploy a network device that can connect his network to other networks while controlling traffic on his network. What type of device should Fred choose?
router
Which of the following is the process of determining what path or set of paths to use to send a set of data from one endpoint device to another through the network?
routing
James is building a disaster recovery plan for his organization and would like to determine the amount of acceptable data loss after an outage. Which variable is James determining?
rpo
Howard is choosing a cryptographic algorithm for his organization, and he would like to choose an algorithm that supports the creation of digital signatures. Which of the following algorithms would meet his requirement?
rsa
Greg is building a disaster recovery plan for his organization and would like to determine the amount of time that it should take to restore a particular IT service after an outage. What variable is Greg calculating?
rto
Attackers who compromise websites often acquire databases of hashed passwords. What technique can best protect these passwords against automated password cracking attacks that use precomputed values?
salting
Dave is responsible for password security in his organization and would like to strengthen the security of password files. He would like to restrict his organization for the use of rainbow tables. Which of the following techniques is specifically designed to frustrate the use of rainbow tables?
salting
Which of the following uses network management and virtualization tools to completely define the network in software?
sdn
Which of the following is an oexamplef administrative control?
security awareness training
Alex's organization uses the NIST incident classification scheme. Alex discovers that a laptop belonging to a senior executive had keylogging software installed on it. How should Alex classify this occurrence?
security incident
Owen recently designed a security access control structure that prevents a single user from simultaneously holding the role required to create a new vendor and the role required to issue a check. What does this scenario describe?
separation of duties
Theresa is implementing a new access control system and wants to ensure that developers do not have the ability to move code from development systems into the production environment. What information security principle is she most directly enforcing?
separation of duties
Chris is conducting a risk assessment for his organization and has determined the amount of damage that a single flood could be expected to cause to his facilities. What metric has Chris identified?
sle
Which of the following is not a single sign-on implementation?
smtp
An attacker conceals their true identities and motives and presents themselves as a trusted individual for manipulating users into giving up inside information of an organization. This is a description of which of the following?
social engineering
A program gets secretly or surreptitiously installed on Kim's system that intercepts his interaction with the system and sends sensitive information to its creators about Kim's activities without his consent. Which type of program is referred to in this scenario?
spyware
Concho Controls is a midsize business focusing on building automation systems. They host a set of local file servers in their on-premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations. Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization's backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups throughout the weekdays at noon. Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups. What backup should Tara apply to the server first?
sundays full backup
Which of the following works as a cross-layer protocol within both TCP/IP and OSI 7-layer reference model protocol stacks to provide secure connections and has largely replaced SSL (Secure Socket Layer) due to SSL's encryption vulnerabilities?
tls
Jack's organization is a government agency that handles very sensitive information. They need to implement an access control system that allows administrators to set access rights but does not allow the delegation of those rights to other users. What is the best type of access control design for Jack's organization?
top secret confidential for office use
Sally recently removed an encrypted hard drive from a laptop and moved it to a new device because of a hardware failure. She is having difficulty accessing encrypted content on the drive despite that she knows the user's password. What hardware security feature is likely causing this problem?
tpm
Which of the following security programs is designed to provide employees with the knowledge they need to perform their specific work tasks?
training
Which layer of the OSI (open system interconnection) model is associated with segments?
transport
Question 55 : If Susan's organization requires her to log in with her fingerprints, PINs, passwords, and retina scans, how many distinct authentication factor types has she used?
two
A new customer at a bank that uses fingerprint scanners to authenticate its users is surprised when he scans his fingerprint and is logged in to another customer's account. What type of biometric factor error occurred?
type 2
Linda is selecting a disaster recovery facility for her organization, and she wants to retain independence from other organizations as much as possible. She would like to choose a facility that balances cost and recovery time, allowing activation in about one week after a disaster is declared. What type of facility should she choose?
warm site
During a management meeting, the chief information security officer, Jim, is describing attacks made against the senior level at an organization. Which attack is Jim describing?
whaling
Greg would like to implement an application control technology in his organization. He would like to limit users to install only approved software on their systems. What type of application control would be appropriate in this situation?
whitelisting
Lauren wants to ensure that her users run only software that her organization has approved. What technology should she deploy? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option.
whitelisting
Question 62 : Kim is the system administrator for a small business network that is experiencing security problems. She is in the office in the evening working on the problem, and nobody else is there. As she is watching, she can see that systems on the other side of the office that were previously behaving normally are now exhibiting signs of infection. What type of malware is Kim likely dealing with?
worm
Which of the following malware types uses built-in propagation mechanisms that exploit system vulnerabilities to spread and can replicate itself without any user interaction?
worm
Ben is designing a Wi-Fi network and has been asked to choose the most secure option for the network. Which wireless security standard should he choose?
wpa2
If you are a victim of a bluesnarfing attack, what was compromised?
your cell phone
Which of the following is an exploitation of a newly discovered vulnerability before that vulnerability is discovered by or reported to the developers, vendors, or users of the affected system?
zero-day
Which of the following is referred to as the encrypted text?
Ciphertext
How many nodes or hosts per network does a Class C address support?
256
Which of these is the process to determine if the credentials given by a user or another system are authorized to access the network resource in question?
Authentication
Which one of these is NOT one the three pillars of security in the CIA triangle?
Authentication
Which types of attacks can wreak havoc because they can go unnoticed for long periods of time?
Automated attacks
Which of the following is the process by which the organization decides what changes in controlled systems baselines will be made?
Configuration management
What are the types of attacks seen at the Application layer of the OSI model? Each correct answer represents a complete solution. Choose all that apply.
Cross-site scripting, SQL injection
What type of access control allows the owner of a file to grant other users access to it using an access control list?
Discretionary
lex has been with the university he works at for more than 10 years. During that time, he has been a system administrator and a database administrator, and he has worked in the university's help desk. He is now a manager for the team that runs the university's web applications.
He should be provisioned for only the rights that match his role
Question 80 : As part of his team's forensic investigation process, Matt signs drives and other evidence out of storage before working with them. What type of documentation is Matt maintaining?
NIDS
What are the forms of the layers of an organization's function? Each correct answer represents a complete solution. Choose all that apply.
Physical systems elementsand this is correct answer B option B Administrative elementsand this is correct answer C option C Logical elements
In this figure of the TCP three-way handshake, what should system A send to system B in step 3?
ack
Which of the following is normally used as an authorization tool?
acl
Which statement (or statements) about ports and the Internet is/are not correct? (Choose all that apply.)
a. and another one Using port numbers as part of addressing and routing was necessary during the early days of the Internet, largely because of the small size of the address field, but IPv6 makes most port usage obsolete.
Joe is conducting a test for evaluating the system's compliance with the business requirements and verifying if it has met the required criteria for delivery to the end-users. Which testing is he performing?
acceptance
Question 59 : Which of the following is an organized disassembling of the rights and privileges of the user account as well as archiving any folders, data, or other user-specific information as required by the policy?
account deprovisioning
How can ideas from the identity management lifecycle be applied to helping an organization's workforce, at all levels, defend against sophisticated social engineering attack attempts? (Choose all that apply.)
a b d aMost end users may have significant experience with the routine operation of the business systems and applications that they use; this can be applied, much like identity proofing, to determine whether a suspected social engineering attempt is taking place. b Most end users and their first-level supervisors have the best, most current insight as to the normal business rhythm, flow, inputs, and outcomes. This experience should be part of authenticating an unusual access request (via email, phone, in person, or by any means). d Contact requests by email, by phone, in person, or by other means are akin to access attempts, and they can and should be accounted for.
John's network begins to experience symptoms of slowness. Upon investigation, he realizes that the network is being bombarded with the TCP SYN packets and believes that his organization is the victim of a denial-of-service attack. What principle of information security is being violated?
availability
During troubleshooting, Chris uses the nslookup command to check the IP address of a host he is attempting to connect to. The IP he sees in the response is not the IP that should resolve when the lookup is done. What type of attack has likely been conducted?
dns poisoning
Many issues are involved when planning for a third party to perform services involving data storage, backup and restore, and destruction or processing services for your company. Which of the following statements is not correct with regard to such planning or to your actual conduct of operations with that third party? (Choose all that apply.)
b c bYour contracts with these third parties should use a shared responsibility model to clearly delineate which party has which responsibilities; this will, in most cases, hold you harmless when the third party goes outside of the contract c Since third parties are by definition on a contract with you, as your subcontractor, you are not liable or responsible for mistakes they make in performing their duties.
Which statement about subnetting is correct?
b. Both IPv4 and IPv6 provide for subnetting, but the much larger IPv6 address field makes this a lot simpler to design and manage.
Why is whitelisting a better approach to applications security than blacklisting? Choose the most correct statement.
c Administering a whitelisting system can require a lot of effort, but when an unknown program is trying to execute (or be installed), you know it is not yet trusted and can prevent harm.
How would you compare the relative security of character, block, or stream ciphers against cryptanalytic attacks?
c Block ciphers support the best levels of security but with performance penalties that make stream ciphers suitable for some applications.
Which statement about recovery times and outages is most correct?
c RTO should be less than or equal to MAO.
the company Chris works for has notifications posted at each door reminding employees to be careful to not allow people to enter when they try to do. Which type of control best describes this?
directive
Your team chief is worried about all of those Bluetooth devices being used at the office; she's heard they are not very secure and could be putting the company's information and systems at great risk. How might you respond?
c. The biggest threat you might face is that Bluetooth on most of your staff's smartphones is probably not secure; talk with your MDM service provider and see if they can help reduce that exposure.
Which type of cipher uses individual symbols in the plaintext as the unit to encrypt and decrypt?
character
The flaws in encryption and decryption algorithms allow for either two different plaintext phrases mapping (encrypting) to the same ciphertext phrase, or two different ciphertext phrases mapping (decrypting) to the same plaintext phrase. This describes which situation?
collision
In what model of cloud computing do two or more organizations collaborate to build a shared cloud computing environment that is for their own use?
community cloud
Susan has discovered that the smart card-based locks used to keep the facility secure are not effective because staff members are propping the doors open. She places signs on the doors reminding staff that leaving the door open creates a security issue, and she adds alarms that will sound if the doors are left open for more than five minutes. What type of controls has she put into place?
compensation
Alice sends a message to Bob and wants to ensure that Mal, a third party, does not read the contents of the message while in transit. What goal of cryptography is Alice attempting to achieve?
confidentiality
Frank discovers a keylogger hidden on the laptop of his company's chief executive officer. What information security principle is the keylogger most likely designed to disrupt?
confidentiality
Which of the following cryptographic goals protects against the risks posed when a device is lost or stolen?
confidentiality
Properly used, cryptographic techniques improve all aspects of CIANA except which of the following?
d All aspects of CIANA can be enhanced via proper cryptographic techniques.
During a forensic investigation, Charles is able to determine the Media Access Control address of a system that was connected to a compromised network. Charles knows that MAC addresses are tied back to a manufacturer or vendor and are part of the fingerprint of the system. To which OSI layer does a MAC address belong?
data link layer
Question 88 : What principle of information security states that an organization should implement overlapping security controls whenever possible?
defense in depth
What type of access control is intended to discover unwanted or unauthorized activity by providing information after the event has occurred?
detective
Harry would like to access a document owned by Sally stored on a file server. Applying the subject/object model to this scenario, who or what is the object of the resource request?
document
Veronica is considering the implementation of a database recovery mechanism recommended by a consultant. In the recommended approach, an automated process will move database backups from the primary facility to an off-site location each night. What type of database recovery technique is the consultant describing?
electronic vaulting
TCP and UDP both operate at what layer of the OSI (open system interconnection) model?
layer 4
Chris is troubleshooting an issue with his organization's SIEM reporting. After analyzing the issue, he believes that the timestamps on log entries from different systems are inconsistent. What protocol can he use to resolve this issue?
ntp
Someone who calls himself a hacker but lacks the expertise is a
script kiddy
In the figure shown here, what does system B send to system A at step 2 of the three-way TCP handshake?
syn/ack
Which of the following tools is mostly used for identification purposes and is not suitable for use as an authenticator?
username
A(n) ________ is a basic security device that filters traffic and is a barrier between a network and the outside world.
firewall
If an IP address has the number 191 in the first octet, it is a class ________ address.
B
Tom is the chief information security officer for a medium-sized business. It's been brought to his attention that the company has been storing its backup systems images and database backups in an offsite facility that has no alarm system and no way of knowing whether there were any unauthorized persons entering that facility. Which of the following might apply to this situation?
D.This could be a case of failing to perform both due care and due diligence.
Which term is used to describe the default set of privileges assigned to a user when a new account is created?
Entitlement
Jayne's company is considering the use of IoT devices as part of its buildings, grounds, and facilities maintenance tasks. Which statements give Jayne sound advice to consider for this project?
d It may be better to consider industrial process control modules, rather than IoT devices, to interact with machinery, such as pumps and landscaping equipment.
Sandi has suggested to her boss that their small company should be using a cloud-based shared storage service, such as OneDrive, Dropbox, or Google Drive. Her boss believes these are inherently insecure. Which of the following statements would not help Sandi make her case?
d Sandi can take advantage of a free trial offer and see if her information security staff can hack into other users' storage or into system logs and account information on the provider. If her "white hats" can't break in and peek, the system is safe enough for her.
Nonrepudiation relies on cryptography to validate which of the following?
d The certificate, public key, or both associated with the sender or author match what is associated with the file or message.
Which statement about risk perspectives or views is most correct?
d. Each of these provides great insight as you start your risk management planning and implementation efforts; no one approach by itself covers everything a good risk management strategy must do.
When comparing the TCP/IP and OSI 7-layer reference model as sets of protocols, which statement is most correct?
d. Hardware and systems are built using both models, and both models are vital to threat assessment and network security.
Which statements about the role(s) of archiving, backup, and restore in meeting information security needs are most correct? (Choose all that apply.)
for sure a maybe d a These each contribute to availability in similar ways. d These have no role to play in achieving authentication needs.
An IP address consists of four numbers, separated by dots. Each number is called a(n) ________.
octet
The IP utility used to test connectivity with a remote host is
ping
An incident response team works using the prepositioned sets of software and hardware tools for capturing data, analyzing it, and drawing conclusions about the event. Which tool helps the team in accomplishing this?
responder's workbench
Question 6 : Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. Matthew would like to enhance the security of his communication by adding a digital signature to the message. What goal of cryptography are digital signatures intended to enforce?
Nonrepudiation
Sally's organization needs to be able to prove that certain staff members sent emails, and she wants to adopt a technology that will provide that capability without changing their existing email system. What is the technical term for the capability Sally needs to implement as the owner of the email system, and what tool could she use to do it?
Nonrepudiation; digital signatures
Which of these is a repository of security-related documentation and also sponsors a number of security research projects?
SANS Institute
When an attacker calls an organization's help desk and persuades them to reset a password for them because of the help desk employee's trust and willingness to help, what type of attack succeeded?
Social engineering
Cryptography protects the meaning or content of files and messages by means of all of the following except which?
a Obscuring meaning by misdirection, concealment, or deception
In general, what differentiates phishing from whaling attacks?
a Phishing attacks tend to be used to gain access to systems via malware payloads or by getting recipients to disclose information, whereas whaling attacks try to get responsible managers to authorize payments to the attacker's accounts.
How does securing a virtual machine differ from securing a physical computer system? (Choose all that apply.)
a The basic tasks of defining the needs, configuring system capabilities in support of those needs, and then operationally deploying the VM are conceptually the same as when deploying the same OS and apps on a desktop or laptop. You use many of the same tools, OS features, and utilities.
Which of the following information about networks and infrastructures should be readily available for information systems security incident responders to consult during an incident response? (Choose all that apply.)
a and b a Networks and systems designs showing data, control, and management planes b OSI reference model design descriptions of networks, systems, and platforms
As an SSCP, you're a CERT team member at your company. At a team meeting, some of the team members seem confused as to whether they have a role in disaster recovery or business continuity. How would you answer their question? (Choose all that apply.)
a and b a Since even a disaster starts with an incident, and we're the first responders, we quickly have to figure out how disruptive the incident could be; the more disruptive, the greater the impact on our ability to keep doing business. We don't execute those other plans, but we do have to call our bosses and let them know what we think. They decide whether to activate those other plans. b Since all incidents have the potential for disrupting business operations, the BCP should cover everything and provide us the framework and scope to respond within. It also covers the DRP.
You've recently determined that some recent systems glitches might be being caused by the software or hardware that a few employees have installed and are using with their company-provided endpoints; in some cases, employee-owned devices are being used instead of company-provided ones. What are some of the steps you should take right away to address this? (Choose all that apply.)
a and b a Check to see if your company's acceptable use policy addresses this. bReview your IT team's approach to configuration management and control.
Why do SSCPs need to appreciate the culture of the organization they are working with in order to be effective as information risk managers? (Choose all that apply.)
a and b a Organizational culture determines how willingly managers and workers at all levels will accept greater responsibilities and accountability, which can severely limit the SSCP’s ability to get a risk management plan enacted. b. "Old-boy" networks and informal information and decision paths may make anything written down in business processes, manuals, and so forth somewhat suspect.
Your coworkers don't agree with you when you say that data quality is a fundamental part of information security. Which of the following lines of argument are true in the context of your discussion with them? (Choose all that apply.)
a and c a If our business logic doesn't establish the data quality rules and constraints, we have no idea if an input or a whole set of inputs makes valid business sense or is a spoof attack trying to subvert our systems. c We have users who complain that when they try to test and evaluate backup data sets, the backup data makes no sense. If a real disruption or disaster strikes, and our backups don't make any business sense, we could be out of business pretty quickly.
How do webs of trust and hierarchies of trust differ? (Choose all that apply.)
a and c a Webs of trust are based on peer-to-peer architectures and as such are not very scalable to large numbers of users. Hierarchies of trust rely on certificate authorities as publishers of intermediate certificates, which supports much larger numbers of users. c Webs of trust, as peer-to-peer architectures, are not part of the IT logistics supply chain; hierarchies of trust work best when CAs become part of the architecture of hardware, operating systems, browsers, and other applications.
Which of the following sets of information would not be useful to a CSIRT during an incident response? (Choose all that apply.)
a and d a Contracts with service providers, systems vendors, or suppliers dIT hardware maintenance manuals
You've suggested that your CSIRT should create its own timeline of an incident, as part of their efforts to understand and assess it. Other team members say that this is what correlating event logs should take care of. Which statements would you base your reply on? (Choose all that apply.)
a c d a Our timeline is how we capture our assessment of the cause and effect relationships between events; the systems logs show us only events that happened. c Event logs only show when the hardware, operating systems, or applications saw an event and logged it; they don't cover actions taken by us or by other staff members. d We have to explain to management, in simple terms, what happened and when; they don't want to see hundreds of events in a log, which are nothing more than the evidence that led us to conclusions about what happened.
What are some effective, practical strategies to detect data exfiltration attacks? (Choose all that apply.)
b Alert when failed attempts to access a resource (whether it is protected by encryption or not) exceed a specified limit.
Why is endpoint security so important to an organization?
b Endpoints are where information turns into action, and that action produces value; on the way into the system, it is where action produces valuable information. This is where business actually gets done and work accomplished. Without the endpoints, the system is meaningless.
Which statements best explain why applications programs have exploitable vulnerabilities in them? (Choose all that are correct.)
b In-house developers often do not rigorously use design frameworks and coding standards that promote or enforce secure programming.
What is the role of threat modeling when an organization is planning to migrate its business processes into a cloud-hosted environment? Choose the most correct statement.
b Migrating to the cloud may not change the logical relationship between information assets and subjects requesting to use them, or the way privileges are set based on roles, needs, and trust, but the connection path to them may change; this probably changes the threat surface.
The "garbage-in, garbage-out" (GIGO) problem means:
b Most information processes involve a set of related data items that represent or model a real person, activity, or part of the world. When that set of data is mutually inconsistent, or inconsistent with other data on hand about that real entity, each field may be within range but the overall meaning of the data set is corrupt. This "garbage," when processed (as input) by apps, produces equally meaningless but valid-looking outputs.
Threat modeling and threat assessment:
b Refer to the boundaries of a system and look to identify, understand, assess, and manage anything that attempts to cross that boundary as a way to identify possible threats
What is the role of a hierarchy of trust in using digital signatures? Select the best answer.
b The client's operating system, browsers, and applications either embed certificate authorities as trust anchors or use peer-to-peer trust anchors; the client's user must then trust these systems vendors and the installation of their products, and the client's user own use of them, to completely trust that received digitally signed files or messages are legitimate.
What are some of the key steps or processes in the recovery phase of responding to an information security incident? (Choose all that apply.)
b and c b Restoring, rebuilding, or reloading servers and hosts with clean backup images or distribution kits c Restoring databases and network storage systems to backup copies made prior to the incident
Fred is on the IT team migrating his company's business systems into a public cloud provider, which will host the company's processes and data on its datacenters in three different countries to provide load balancing, failover/restart, and backup and restore capabilities. Which statement or statements best addresses key legal and regulatory concerns about this plan? (Choose all that apply.)
b and c b The countries where the cloud host's datacenters are located, plus all of the countries in which Fred's company has a business presence, office, or other facility, have jurisdiction over company data. c In addition to staying compliant with all of those different countries' laws and regulations, Fred's company must also ensure that it does not violate cultural, religious, or political taboos in any of those countries.
The CSIRT team members are discussing incident detection. They seem convinced that it's almost impossible to detect an information security incident until it's already started to disrupt business operations. They're trying to find actions they can take now to help deal with this. They ask your opinion. Which of the following statements would you not use as you reply? (Choose all that apply.)
b and d b We miss the most important incident precursors because we've set our IDS alarm thresholds too low. d Actually, this is because we've designed our networks wrong. We can fix this, but it will take time, money, and effort.
Which statement best explains the relationship between incident response or disaster recovery, and configuration management of your IT architecture baseline? (Choose all that apply.)
b c b As you're restoring operations, you may need to redo changes or updates done since the time the backup copies were made; your configuration management system should tell you this. c Without a documented and managed baseline, you may not know sufficient detail to build, buy, or lease replacement systems, software, and platforms needed for the business
What role, if any, does an incident response team play in supporting any subsequent forensics investigation? (Choose all that apply.)
b c d b Since any information security incident might lead to a follow-on forensics investigation, the team needs to make sure that any of the data they collect, or systems they restore or rebuild, are first preserved and cataloged to meet chain-of-custody requirements as evidence. Thus, the responders also need to be trained and certified as investigators. c As the first responders, the team should take steps to control the scene of the incident, and keep good logs or records of the state of systems and information throughout their response activities. These records need to be retained in case there is a later investigation. d Management needs to make sure that the procedures used by the response team will preserve the incident scene and information gathered during the incident response in ways that will meet rules of evidence; if that cannot be done without interfering with prompt incident response and recovery, management has to take responsibility for that risk.
What are all of the choices you need to make when considering information risk management, and what is the correct order to do them in?- 1: Treatment: accept, treat (fix or mitigate), transfer, avoid, recast- 2: Damage limitation: deter, detect, prevent, avoid- 3: Perspective: outcomes, assets, process or threat based- 4: Impact assessment: quantitative or qualitative
b. 3, 4, 2, then 1
Jill has recently joined a software development startup company as an information risk analyst, and she notices that the company does not make use of any risk management frameworks. Which is the best advice you could give to Jill?
b. As an SSCP, Jill knows that risk management frameworks can offer valuable lessons to learn from as organizations start to plan and conduct risk management (and information risk management) activities. Jill should talk with her supervisor, and perhaps propose that she draft a concept for how to select, tailor, and use one of the widely accepted RMFs.
What is information risk?
b. The probability of an event occurring that disrupts your information and the business processes and systems that use it
What can traffic shaping, traffic management, or load balancing systems do to help identify or solve information security problems? (Choose all that apply.)
b.c.d b.Log data they generate and keep during operation may provide some useful insight after an incident, but nothing in real time would be helpful. c.Such tools usually can generate alarms on out-of-limits conditions, which may be indicative of a system or component failure or an attack or intrusion in progress. d.Given sufficient historical data, such systems may help network administrators see that greater-than-normal systems usage is occurring, which may be worthy of closer attention or investigation.
You're trying to diagnose why a system is not connecting to the Internet. You've been able to find out that your system's IP address is 169.254.0.0. Which of the following statements correctly suggests the next best step?
c Check the DHCP server on your LAN to see if it's functioning correctly.
Which statement about hashing is most correct?
c Hashing is one-way cryptography in that you transform a meaningful plaintext into a meaningless but unique hash value but you cannot go from hash value back to the original meaning or plaintext.
Which statement about the use of cryptography by private businesses is true?
c In many jurisdictions, law and regulation place significant responsibilities for information protection and due diligence on businesses; these can only be met in practical ways by using cryptographic systems.
Social engineering attacks still present a threat to organizations and individuals for all of the following reasons except:
c Most targeted individuals and organizations have effective tools and procedures to filter out phishing and related scams, so they are now better protected from such attacks.
Your boss believes that your company must follow NIST guidelines for disaster recovery planning and wants you to develop the company's plans based on those guidelines. Which statement might you use to respond to your boss?
c NIST publications are mandatory only for government agencies or companies on government contracts, and since we are neither of those, we don't have to follow them. But they have some great ideas we should see about putting to use, tailored to our risk management plans.
Which statement best describes how does the separation of duties relate to education and training of end users, managers, and leaders in an organization?
c Separation of duties should segment the organization into teams focused on their job responsibilities, with clear interfaces to other teams. Effective awareness training and education can help each team, and each team member, see how successfully fulfilling their duties depends on keeping information safe, secure, and reliable.
What are the most common attacks that business or commercial use of cryptography might be exposed to?
c Social engineering
Which statement best describes how digital signatures work?
c The sender hashes the message or file to produce a message digest and applies the chosen decryption algorithm and their private key to it. This is the signature. The recipient uses the sender's public key and applies the corresponding encryption algorithm to the signature, which will produce a matching message digest only if the message or file is authentically from the sender.
There are three ways in which risk assessments can be done. Choose the answer that orders them from best to least in terms of their contribution to risk management decision making.
c There is no order; they all can and should be used, as each reveals something more about the risks you have to manage.
Terri has recently been assigned to the information security team as a risk assessment analyst. As she goes through the files (on paper and in the company’s cloud-based information systems) that the company already has, she realizes that they are inconsistent in format and hard to use to perform analysis, and that there are no controls over who in the company can access these files. Does any of this present an information security concern? (Choose all that apply.)
c and b b.Yes, because the data in these files could represent significant vulnerabilities of company systems, and its inadvertent or deliberate disclosure could be very damaging to the company. c. Yes, because the lack of controls on access and use suggests that data integrity is lacking or cannot be assessed.
Which of the following might be serious example(s) of "shadow IT" contributing to an information security problem? (Choose all that apply.)
c and d c Several users build scripts, flows, and other processing logic to implement a customer service help desk/trouble ticket system, using its own database on a shared use/collaboration platform that the company uses. d Users post documents, spreadsheets, and many other types of information on a company-provided shared storage system, making the information more freely available throughout the company.
Which of the following transmission media presents the greatest security challenges for a network administrator?
c. Radio frequency wireless
Which statements about containment and eradication are most correct?
d Containment primarily addresses shutting down connectivity between networks, subnets, systems, and servers. Eradication addresses locating the causal agents (malware, bogus user IDs, etc.) and removing them from each system.
You've suggested to the IT team that all systems and servers, and all network devices, have their clocks synchronized and that synchronization checked frequently. One of their team members says this is not necessary. Which of these statements would be best to support your reply?
d In the event we're investigating an anomaly or an incident, having all systems event logs using the same time standard will make them a lot easier to correlate and analyze.
"Maintaining or improving information security while migrating to the clouds is more of a contractual than technical problem to solve." Which statement best shows why this is either true or false?
d It is false. The contractual agreements do change quite frequently as the underlying technologies, threats, and business case for both the cloud host and the customer change with time. However, even these changes cause less work, less frequently, for the administrative elements and more for the technical elements of the typical customer organization.
One of your co-workers stated that he thought business continuity planning was a heartless, bottom line-driven exercise that cared only about the money and not about anything else. You disagree. Which of the following points would you not raise in discussing this with your colleague? (Choose all that apply.)
d The workers and managers are part of what makes the company productive and profitable in normal times, and even more so during the recovery from a significant disruption.
Which of the following is the best form of Wi-Fi security to use today?
d WPA2
Which is the most correct statement as to what it means to have a proactive approach with your information security risk management plans, programs, and systems?
d. Being proactive means that you use the best knowledge you have today, including lessons learned from other organizations’ experience with information risk, and you plan ahead to deal with them, rather than wait for them to occur and then investigate how to respond to them.
How can ideas from the identity management lifecycle be applied to helping an organization's workforce, at all levels, defend against sophisticated social engineering attack attempts? (Choose all that apply.)
ABD a Most end users may have significant experience with the routine operation of the business systems and applications that they use; this can be applied, much like identity proofing, to determine whether a suspected social engineering attempt is taking place. bMost end users and their first-level supervisors have the best, most current insight as to the normal business rhythm, flow, inputs, and outcomes. This experience should be part of authenticating an unusual access request (via email, phone, in person, or by any means). d Contact requests by email, by phone, in person, or by other means are akin to access attempts, and they can and should be accounted for.