Midterm Study Set
True
An alteration threat violates information integrity.
True
A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.
False
A phishing attack "poisons" a domain name on a domain name server.
True
Cars that have Wi-Fi access and onboard computers require software patches and upgrades from the manufacturer.
Procedure
Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?
False
Connectivity is one of the five critical challenges that the Internet of Things (IoT) has to overcome.
Authentication
During what phase of a remote access connection does the end user prove his or her claim of identity?
Parallel
Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?
False
Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages.
True
Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext.
False
IoT devices cannot share and communicate your IoT device data to other systems and applications without your authorization or knowledge.
Opportunity cost
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?
True
Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.
False
Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device.
False
Service-level agreements (SLAs) are optical backbone trunks for private optical backbone networks.
True
The Gramm-Leach-Bliley Act (GLBA) addresses information security concerns in the financial industry.
Seven Domains of a Typical IT infrastructure
Umbrellas - User Domain Won't - Workstation Domain Lend - LAN Domain Lollipops - LAN-to-WAN Domain Right Away - Remote Access Domain When - WAN Domain Someone Asks - System/Application Domain
False
Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP).
1. IP-based networking is globally adopted 2. Connectivity is everywhere 3. Smaller and faster computing 4. Cloud computing is growing 5. Data analytics feeds growth
What are some market drivers for the Internet of Things (IoT)?
Home Agent (HA)
With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network?
True
Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet.
Simulation
As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?
False
The anti-malware utility is one of the most popular backdoor tools in use today.
False
The auto industry has not yet implemented the Internet of Things (IoT).
False
The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios.
Passive
Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?
FERPA
What compliance regulation applies specifically to the educational records maintained by schools about students?
Content filter
What is NOT a common endpoint for a virtual private network (VPN) connection used for remote network access?
No technology infrastructure
What level of technology infrastructure should you expect to find in a cold site alternative data center facility?
Trojan horse
What type of malicious software masquerades as legitimate software to entice the user to run it?
True
Which classification level is the highest level used by the U.S. federal government?
Guideline
Which element of the security policy framework offers suggestions rather than mandatory actions?
Risk = Threat X Vulnerability
Which formula is typically used to describe the components of information security risks?
Intrusion Prevention System IPS
Which network device is capable of blocking network connections that are identified as potentially malicious?
Telephone call
Which one of the following is NOT an example of store-and-forward messaging?
Health monitoring
Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)?
Espianage
Which one of the following is an example of a disclosure threat?
Birthday attack
Which password attack is typically used specifically against password files that contain cryptographic hashes?
Distributed Denial of Service (DDoS) attacks
Which risk is most effectively mitigated by an upstream Internet service provider (ISP)?
Applying strong encryption
Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality?
Fabrication
Which type of attack involves the creation of some deception in order to trick unsuspecting users?
