MIS 4342
Chapter 9
Cryptography
Chapter 7
Security Audits
Chapter 6
Security Operation
What is NOT a valid encryption key length for use with the Blowfish algorithm? 1. 32 bits 2. 64 bits 3. 256 bits 4. 512 bits
512 Bits
Chapter 5
Access Control
Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature? 1. Alice's public key 2. Alice's private key 3. Bob's public key 4. Bob's private key
Alice's Private Key
Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements? 1. Applying security updates promptly 2. Using encryption for communications 3. Removing IoT devices from the network 4. Turning IoT devices off when not in use
Applying security updates promptly
Chapter 3
Attacks, Threats, and Vulnerabilities
Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in? 1. Monitor 2. Audit 3. Improve 4. Secure
Audit
During what phase of a remote access connection does the end user prove his or her claim of identity? 1. Authorization 2. Authentication 3. Identification 4. Tokenization
Authentication
During which phase of the access control process does the system answer the question,"What can the requestor access?" 1. Identification 2. Authentication 3. Authorization 4. Accountability
Authorization
In an accreditation process, who has the authority to approve a system for implementation? 1. Certifier 2. Authorizing official (AO) 3. System owner 4. System administrator
Authorizing official (AO)
Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create? 1. Baseline 2. Policy 3. Guideline 4. Procedure
Baseline
Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value? 1. Dictionary attack 2. Rainbow table attack 3. Social engineering attack 4. Brute-force attack
Brute-force attack
Chapter 4
Business Drivers
Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy? 1. Remote Authentication Dial-In User Service (RADIUS) 2. Lightweight Extensible Authentication Protocol (LEAP) 3. Captive portal 4. Protected Extensible Authentication Protocol (PEAP)
Captive Portal
Which audit data collection method helps ensure that the information-gathering process covers all relevant areas? 1. Checklist 2. Interviews 3. Questionnaires 4. Observation
Checklist
Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works? 1. Chosen plaintext 2. Ciphertext only 3. Known plaintext 4. Chosen ciphertext
Chosen plaintext
What program, released in 2013, is an example of ransomware? 1. BitLocker 2. Crypt0L0cker 3. FileVault 4. CryptoVault
Crypt0L0cker
The NIST document we've been discussing centers on which of the following organizational issues? 1. Cybersecurity Risk 2. Cybersecurity Personnel 3. Cybersecurity Finances 4. Cybersecurity Operations
Cybersecurity Risk
Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message? 1. Encryption 2. Hashing 3. Decryption 4. Validation
Decryption
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario? 1. Discretionary access control (DAC) 2. Mandatory access control (MAC) 3. Rule-based access control 4. Role-based access control (RBAC)
Discretionary access control (DAC)
Which one of the following is NOT an area of critical infrastructure where the Internet of Things (IoT) is likely to spur economic development in less developed countries? 1. Wastewater treatment 2. Water supply management 3. E-commerce 4. Agriculture
E-commerce
Which practice is NOT considered unethical under RFC 1087 issued by the Internet Architecture Board (IAB)? 1. Seeking to gain unauthorized access to resources 2. Disrupting intended use of the Internet 3. Enforcing the integrity of computer-based information 4. Compromising the privacy of users
Enforcing the integrity of computer-based information
What is the first step in a disaster recovery effort? 1. Respond to the disaster. 2. Follow the disaster recovery plan (DRP). 3. Communicate with all affected parties. 4. Ensure that everyone is safe.
Ensure that everyone is safe
Which one of the following is an example of a direct cost that might result from a business disruption? 1. Damaged reputation 2. Lost market share 3. Lost customers 4. Facility repair
Facility repair
A private key cipher is also called an asymmetric key cipher. 1. True 2. False
False
A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer. 1. True 2. False
False
Authorization controls include biometric devices. 1. True 2. False
False
Certification is the formal agreement by an authorizing official to accept the risk of implementing a system. 1. True 2. False
False
Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP). 1. True 2. False
False
Cryptography is the process of transforming data from cleartext into ciphertext. 1. True 2. False
False
Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages. 1. True 2. False
False
IP addresses are eight-byte addresses that uniquely identify every device on the network. 1. True 2. False
False
In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries. 1. True 2. False
False
Mandatory vacations minimize risk by rotating employees among various systems or duties. 1. True 2. False
False
Passphrases are less secure than passwords. 1. True 2. False
False
Procedures do NOT reduce mistakes in a crisis. 1. True 2. False
False
Product cipher is an encryption algorithm that has no corresponding decryption algorithm. 1. True 2. False
False
Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time. 1. True 2. False
False
Spyware does NOT use cookies. 1. True 2. False
False
System infectors are viruses that attack document files containing embedded macro programming capabilities. 1. True 2. False
False
The four main types of logs that you need to keep to support security auditing include event, access, user, and security. 1. True 2. False
False
Vishing is a type of wireless network attack. 1. True 2. False
False
Voice pattern biometrics are accurate for authentication because voices can't easily be replicated by computer software. 1. True 2. False
False
Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP). 1. True 2. False
False
What compliance regulation applies specifically to the educational records maintained by schools about students? 1. Family Education Rights and Privacy Act (FERPA) 2. Health Insurance Portability and Accountability Act (HIPAA) 3. Federal Information Security Management Act (FISMA) 4. Gramm-Leach-Bliley Act (GLBA)
Family Education Rights and Privacy Act (FERPA)
Which compliance obligation includes security requirements that apply specifically to federal government agencies in the United States? 1. Gramm-Leach-Bliley Act (GLBA) 2. Health Insurance Portability and Accountability Act (HIPAA) 3. Family Educational Rights and Privacy Act (FERPA) 4. Federal Information Security Management Act (FISMA)
Federal Information Security Management Act (FISMA)
What type of firewall security feature limits the volume of traffic from individual hosts? 1. Loop protection 2. Network separation 3. Stateful inspection 4. Flood guard
Flood guard
Which one of the following governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals? 1. Payment Card Industry Data Security Standard (PCI DSS) 2. Federal Financial Institutions Examination Council (FFIEC) 3. Federal Information Security Management Act (FISMA) 4. Health Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA)
With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network? 1. Home agent (HA) 2. Foreign agent (FA) 3. Care of address (COA) 4. Correspondent node (CN)
Home Agent (HA)
Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues? 1. Firewall 2. Hub 3. Switch 4. Router
Hub
Which one of the following is NOT a good technique for performing authentication of an end user? 1. Biometric scan 2. Password 3. Token 4. Identification number
Identification number
Chapter 2
Internet of Things (IoT)
Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion? 1. Security 2. Privacy 3. Interoperability 4. Compliance
Interoperability
Which of the following would NOT be considered in the scope of organizational compliance efforts? 1. Laws 2. Company policy 3. Internal audit 4. Corporate culture
Laws
Which type of denial of service attack exploits the existence of software flaws to disrupt a service? 1. SYN flood attack 2. Smurf attack 3. Logic attack 4. Flooding attack
Logic Attack
Which of the following is NOT a benefit of cloud computing to organizations? 1. On-demand provisioning 2. Improved disaster recovery 3. No need to maintain a data center 4. Lower dependence on outside vendors
Lower dependence on outside vendors
Which of the following is an example of a hardware security control? 1. NTFS permission 2. MAC filtering 3. ID badge 4. Security policy
MAC filtering
Chapter 11
Malicious Code
Chapter 10
Networks and Telecommunications
Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose? 1. Ping 2. Simple Network Management Protocol (SNMP) agent 3. Nmap 4. Remote Access Tool (RAT)
Nmap
What level of technology infrastructure should you expect to find in a cold site alternative data center facility? 1. Hardware and data that mirror the primary site 2. Hardware that mirrors the primary site, but no data 3. Basic computer hardware 4. No technology infrastructure
No technology infrastructure
Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario? 1. Checklist test 2. Full interruption test 3. Parallel test 4. Simulation test
Parallel Test
Which regulatory standard would NOT require audits of companies in the United States? 1. Sarbanes-Oxley Act (SOX) 2. Personal Information Protection and Electronic Documents Act (PIPEDA) 3. Health Insurance Portability and Accountability Act (HIPAA) 4. Payment Card Industry Data Security Standard (PCI DSS)
Personal Information Protection and Electronic Documents Act (PIPEDA)
Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of? 1. Intimidation 2. Name dropping 3. Appeal for help 4. Phishing
Phising
Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing? 1. Standard 2. Procedure 3. Policy 4. Guideline
Procedure
What is NOT a goal of information security awareness programs? 1. Teach users about security objectives 2. Inform users about trends and threats in security 3. Motivate users to comply with security policy 4. Punish users who violate policy
Punish users who violate policy
Which group is the most likely target of a social engineering attack? 1. Receptionists and administrative assistants 2. Information security response team 3. Internal auditors 4. Independent contractors
Receptionists and administrative assistants
What type of malicious software allows an attacker to remotely control a compromised computer? 1. Worm 2. Polymorphic virus 3. Remote Access Tool (RAT) 4. Armored virus
Remote Access Tool (RAT)
Which activity is an auditor least likely to conduct during the information-gathering phase of an audit? 1. Vulnerability testing 2. Report writing 3. Penetration testing 4. Configuration review
Report writing
What is the correct order of steps in the change control process?1. Request, approval, impact assessment, build/test, monitor, implement 2. Request, impact assessment, approval, build/test, implement, monitor 3. Request, approval, impact assessment, build/test, implement, monitor 4. Request, impact assessment, approval, build/test, monitor, implement
Request, impact assessment, approval, build/test, implement, monitor
Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register? 1. Description of the risk 2. Expected impact 3. Risk survey results 4. Mitigation steps
Risk survey results
What is NOT a symmetric encryption algorithm? 1. Rivest-Shamir-Adelman (RSA) 2. Data Encryption Standard (DES) 3. International Data Encryption Algorithm (IDEA) 4. Carlisle Adams Stafford Tavares (CAST)
Rivest-Shamir-Adelman (RSA)
Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request? 1. SOC 1 2. SOC 2 3. SOC 3 4. SOC 4
SOC 3
What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications? 1. Security Assertion Markup Language (SAML) 2. Secure European System for Applications in a Multi-Vendor Environment (SESAME) 3. User Datagram Protocol (UDP) 4. Password Authentication Protocol (PAP)
Security Assertion Markup Language (SAML)
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following? 1. Least privilege 2. Security through obscurity 3. Need to know 4. Separation of duties
Separation of Duties
Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged into Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place? 1. Session hijacking 2. XML injection 3. Cross-site scripting 4. SQL injection
Session hijacking
The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? 1. Spear phishing 2. Pharming 3. Adware 4. Command injection
Spear Phishing
Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used? 1. Policy 2. Standard 3. Procedure 4. Guideline
Standard
Which one of the following principles is NOT a component of the Biba integrity model? 1. Subjects cannot read objects that have a lower level of integrity than the subject. 2. Subjects cannot change objects that have a lower integrity level. 3. Subjects at a given integrity level can call up only subjects at the same integrity<br>level or lower. 4. A subject may not ask for service from subjects that have a higher integrity level.
Subjects cannot change objects that have a lower integrity level.
Which set of characteristics describes the Caesar cipher accurately? 1. Asymmetric, block, substitution 2. Asymmetric, stream, transposition 3. Symmetric, stream, substitution 4. Symmetric, block, transposition
Symmetric, stream, substitution
What is NOT generally a section in an audit report? 1. Findings 2. System configurations 3. Recommendations 4. Timeline for Implementation
System Configurations
Which type of virus targets computer hardware and software startup functions? 1. Hardware infector 2. System infector 3. File infector 4. Data infector
System Infector
The NIST published a document key to an organization's cybersecurity success. That document is: 1. The Cybersecurity Framework 2. The Cybersecurity Maturity Model 3. The Cybersecurity Standards & Guidelines 4. The Cybersecurity Manual
The Cybersecurity Framework
What is the biggest threat to cybersecurity today?? 1. The human in the loop 2. Nation-state governments 3. Hired-gun hackers 4. Terrorist groups
The human in the loop
Which term describes any action that could damage an asset? 1. Countermeasure 2. Threat 3. Vulnerability 4. Risk
Threat
What type of malicious software masquerades as legitimate software to entice the user to run it? 1. Virus 2. Worm 3. Trojan horse 4. Rootkit
Trojan Horse
A firewall is a basic network security defense tool. 1. True 2. False
True
A network protocol governs how networking equipment interacts to deliver data across the network. 1. True 2. False
True
A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment. 1. True 2. False
True
A trusted operating system (TOS) provides features that satisfy specific government requirements for security. 1. True 2. False
True
An electronic mail bomb is a form of malicious macro attack that typically involves an email attachment that contains macros designed to inflict maximum damage. 1. True 2. False
True
An example of a threat to access control is in a peer-to-peer (P2P) arrangement in which users share their My Documents folder with each other by accident. 1. True 2. False
True
Anomaly-based intrusion detection systems compare current activity with stored profiles of normal (expected) activity. 1. True 2. False
True
Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet. 1. True 2. False
True
Backdoor programs are typically more dangerous than computer viruses. 1. True 2. False
True
Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents. 1. True 2. False
True
Devices that combine the capabilities of mobile phones and personal digital assistants (PDAs) are commonly called smartphones. 1. True 2. False
True
Digital signatures require asymmetric key cryptography. 1. True 2. False
True
During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences. 1. True 2. False
True
Many jurisdictions require audits by law. 1. True 2. False
True
Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available. 1. True 2. False
True
Organizations should start defining their IT security policy framework by defining an asset classification policy. 1. True 2. False
True
Some vending machines are equipped with a cellular phone network antenna for secure credit card transaction processing. 1. True 2. False
True
Spyware gathers information about a user through an Internet connection, without his or her knowledge. 1. True 2. False
True
TCP/IP is a suite of protocols that operates at both the Network and Transport layers of the OSI Reference Model. 1. True 2. False
True
The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems. 1. True 2. False
True
The Physical Layer of the OSI Reference Model must translate the binary ones and zeros of computer language into the language of the transport medium. 1. True 2. False
True
The System/Application Domain holds all the mission-critical systems, applications, and data. 1. True 2. False
True
The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services. 1. True 2. False
True
The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them. 1. True 2. False
True
Unified messaging allows you to download both voice and email messages to a smartphone or tablet. 1. True 2. False
True
What is NOT a typical sign of virus activity on a system? 1. Unexplained decrease in available disk space 2. Unexpected error messages 3. Unexpected power failures 4. Sudden sluggishness of applications
Unexpected power failures
Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri? 1. Cracker 2. White-hat hacker 3. Black-hat hacker 4. Grey-hat hacker
White-hat Hacker
What is the maximum value for any octet in an IPv4 IP address? 1. 65 2. 129 3. 255 4. 513
255
Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit? 1. Is the level of security control suitable for the risk it addresses? 2. Is the security control in the right place and working well? 3. Is the security control effective in addressing the risk it was designed to address? 4. Is the security control likely to become obsolete in the near future?
Is the security control likely to become obsolete in the near future?
In what type of attack does the attacker send unauthorized commands directly to a database? 1. Cross-site scripting 2. SQL injection 3. Cross-site request forgery 4. Database dumping<br><a name="_GoBack"></a>
SQL Injection
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system? 1. Network IDS 2. System integrity monitoring 3. CCTV 4. Data loss prevention
System Integrity Modeling
Which one of the following is NOT an example of store-and-forward messaging? 1. Telephone call 2. Voicemail 3. Unified messaging 4. Email
Telephone Call
The anti-malware utility is one of the most popular backdoor tools in use today. 1. True 2. False
False
Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing? 1. Identification 2. Authentication 3. Accountability 4. Authorization
Authorization
Which element of the security policy framework offers suggestions rather than mandatory actions? 1. Procedure 2. Policy 3. Standard 4. Guideline
Guideline
Which formula is typically used to describe the components of information security risks? 1. Risk = Likelihood X Vulnerability 2. Risk = Threat X Vulnerability 3. Risk = Threat X Likelihood 4. Risk = Vulnerability X Cost
Risk = Threat X Vulnerability
What type of network connects systems over the largest geographic area? 1. Wide area network (WAN) 2. Metropolitan area network (MAN) 3. Local area network (LAN) 4. Storage area network (SAN)
Wide area network (WAN)
E-commerce systems and applications demand strict confidentiality, integrity, and availability (CIA) security controls. 1. True 2. False
True
The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy. 1. True 2. False
True
The hash message authentication code (HMAC) is a hash function that uses a key to create a hash, or message digest. 1. True 2. False
True
Quiz: Chapter 1
Intro to Fundamentals of Info Security
What is NOT a good practice for developing strong professional ethics? 1. Set the example by demonstrating ethics in daily activities 2. Encourage adopting ethical guidelines and standards 3. Assume that information should be free 4. Inform users through security awareness training
Assume that information should be free
Which security model does NOT protect the integrity of information? 1. Bell-LaPadula 2. Clark-Wilson 3. Biba 4. Brewer and Nash
Bell-LaPadula
Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate? 1. Encryption 2. Decryption 3. Deidentification 4. Aggregation
Deidentification
What information should an auditor share with the client during an exit interview? 1. Draft copy of the audit report 2. Final copy of the audit report 3. Details on major issues 4. The auditor should not share any information with the client at this phase
Details on major issues
Which one of the following is an example of a disclosure threat? 1. Espionage 2. Alteration 3. Denial 4. Destruction
Espionage
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? 1. Evil twin 2. Wardriving 2. Bluesnarfing 3. Replay attack
Evil Twin
Configuration changes can be made at any time during a system life cycle and no process is required. 1. True 2. False
False
The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks. 1. True 2. False
False
The number of failed logon attempts that trigger an account action is called an audit logon event. 1. True 2. False
False
The term certificate authority (CA) refers to a trusted repository of all public keys. 1. True 2. False
False
David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use? 1. Internet Small Computer System Interface (iSCSI) 2. Fibre Channel (FC) 3. Fibre Channel over Ethernet (FCoE) 4. Secure Shell (SSH)
Fibre Channel over Ethernet (FCoE)
Which one of the following is NOT a market driver for the Internet of Things (IoT)? 1. Global adoption of non-IP networking 2. Smaller and faster computing 3. Growth of cloud computing 4. Advancements in data analytics
Global adoption of non-IP networking
Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers? 1. FFIEC 2. FISMA 3. HIPAA 4. PCI DSS
HIPAA
Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)? 1. Virtual workplace 2. Infrastructure monitoring 3. Health monitoring 4. Supply chain management
Health Monitoring
When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve? 1. Confidentiality 2. Integrity 3. Authentication 4. Nonrepudiation
Nonrepudiation
Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place? 1. Spam 2. Phishing 3. Social engineering 4. Spim
Spim
Which of the following statements about the NIST document is true? 1. The process described in the document is NOT a one-size-fits-all process. 2. The described process can only be used by organizations associated with critical infrastructures. 3. The process described is only for large, publicly-held companies. 4. The process described does not apply to non-profit organizations.
The process described in the document is NOT a one-size-fits-all process.
In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data. 1. True 2. False
True
In a chosen-ciphertext attack, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system. 1. True 2. False
True
In security testing data collection, observation is the input used to differentiate between paper procedures and the way the job is really done. 1. True 2. False
True
In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks. 1. True 2. False
True
It is common for rootkits to modify parts of the operating system to conceal traces of their presence. 1. True 2. False
True
Rootkits are malicious software programs designed to be hidden from normal methods of detection. 1. True 2. False
True
Screen locks are a form of endpoint device security control. 1. True 2. False
True
The Data Link Layer of the OSI Reference Model is responsible for transmitting information on computers connected to the same local area network (LAN). 1. True 2. False
True
The Diffie-Hellman (DHE) algorithm is the basis for several common key exchange protocols, including Diffie-Hellman in Ephemeral mode (DHE) and Elliptic Curve DHE (ECDHE). 1. True 2. False
True
Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall? 1. 22 2. 25 3. 53 4. 80
25
What ISO security standard can help guide the creation of an organization's security policy? 1. 12333 2. 17259 3. 27002 4. 42053
27002
Henry's last firewall rule must allow inbound access to a Windows Terminal Server. What port must he allow? 1. 143 2. 443 3. 989 4. 3389
3389
Juan's web server was down for an entire day last September. It experienced no other downtime during that month. Which one of the following represents the web server uptime for that month? 1. 3.33% 2. 99.96% 3. 0.04% 4. 96.67%
96.67%
When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks. 1. True 2. False
True
Written security policies document management's goals and objectives. 1 True 2. False
True
What is NOT an effective key distribution method for plaintext encryption keys? 1. Paper 2. Unencrypted email 3. CD 4. Smart card
Unencrypted Email
Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation? 1. Hot site 2. Warm site 3. Cold site 4. Primary site
Warm site
Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering? 1. Accuracy 2. Reaction time 3. Dynamism 4. Acceptability
Acceptability