MIS 4342

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Chapter 9

Cryptography

Chapter 7

Security Audits

Chapter 6

Security Operation

What is NOT a valid encryption key length for use with the Blowfish algorithm? 1. 32 bits 2. 64 bits 3. 256 bits 4. 512 bits

512 Bits

Chapter 5

Access Control

Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature? 1. Alice's public key 2. Alice's private key 3. Bob's public key 4. Bob's private key

Alice's Private Key

Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements? 1. Applying security updates promptly 2. Using encryption for communications 3. Removing IoT devices from the network 4. Turning IoT devices off when not in use

Applying security updates promptly

Chapter 3

Attacks, Threats, and Vulnerabilities

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in? 1. Monitor 2. Audit 3. Improve 4. Secure

Audit

During what phase of a remote access connection does the end user prove his or her claim of identity? 1. Authorization 2. Authentication 3. Identification 4. Tokenization

Authentication

During which phase of the access control process does the system answer the question,"What can the requestor access?" 1. Identification 2. Authentication 3. Authorization 4. Accountability

Authorization

In an accreditation process, who has the authority to approve a system for implementation? 1. Certifier 2. Authorizing official (AO) 3. System owner 4. System administrator

Authorizing official (AO)

Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create? 1. Baseline 2. Policy 3. Guideline 4. Procedure

Baseline

Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value? 1. Dictionary attack 2. Rainbow table attack 3. Social engineering attack 4. Brute-force attack

Brute-force attack

Chapter 4

Business Drivers

Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy? 1. Remote Authentication Dial-In User Service (RADIUS) 2. Lightweight Extensible Authentication Protocol (LEAP) 3. Captive portal 4. Protected Extensible Authentication Protocol (PEAP)

Captive Portal

Which audit data collection method helps ensure that the information-gathering process covers all relevant areas? 1. Checklist 2. Interviews 3. Questionnaires 4. Observation

Checklist

Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works? 1. Chosen plaintext 2. Ciphertext only 3. Known plaintext 4. Chosen ciphertext

Chosen plaintext

What program, released in 2013, is an example of ransomware? 1. BitLocker 2. Crypt0L0cker 3. FileVault 4. CryptoVault

Crypt0L0cker

The NIST document we've been discussing centers on which of the following organizational issues? 1. Cybersecurity Risk 2. Cybersecurity Personnel 3. Cybersecurity Finances 4. Cybersecurity Operations

Cybersecurity Risk

Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message? 1. Encryption 2. Hashing 3. Decryption 4. Validation

Decryption

Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario? 1. Discretionary access control (DAC) 2. Mandatory access control (MAC) 3. Rule-based access control 4. Role-based access control (RBAC)

Discretionary access control (DAC)

Which one of the following is NOT an area of critical infrastructure where the Internet of Things (IoT) is likely to spur economic development in less developed countries? 1. Wastewater treatment 2. Water supply management 3. E-commerce 4. Agriculture

E-commerce

Which practice is NOT considered unethical under RFC 1087 issued by the Internet Architecture Board (IAB)? 1. Seeking to gain unauthorized access to resources 2. Disrupting intended use of the Internet 3. Enforcing the integrity of computer-based information 4. Compromising the privacy of users

Enforcing the integrity of computer-based information

What is the first step in a disaster recovery effort? 1. Respond to the disaster. 2. Follow the disaster recovery plan (DRP). 3. Communicate with all affected parties. 4. Ensure that everyone is safe.

Ensure that everyone is safe

Which one of the following is an example of a direct cost that might result from a business disruption? 1. Damaged reputation 2. Lost market share 3. Lost customers 4. Facility repair

Facility repair

A private key cipher is also called an asymmetric key cipher. 1. True 2. False

False

A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer. 1. True 2. False

False

Authorization controls include biometric devices. 1. True 2. False

False

Certification is the formal agreement by an authorizing official to accept the risk of implementing a system. 1. True 2. False

False

Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP). 1. True 2. False

False

Cryptography is the process of transforming data from cleartext into ciphertext. 1. True 2. False

False

Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages. 1. True 2. False

False

IP addresses are eight-byte addresses that uniquely identify every device on the network. 1. True 2. False

False

In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries. 1. True 2. False

False

Mandatory vacations minimize risk by rotating employees among various systems or duties. 1. True 2. False

False

Passphrases are less secure than passwords. 1. True 2. False

False

Procedures do NOT reduce mistakes in a crisis. 1. True 2. False

False

Product cipher is an encryption algorithm that has no corresponding decryption algorithm. 1. True 2. False

False

Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time. 1. True 2. False

False

Spyware does NOT use cookies. 1. True 2. False

False

System infectors are viruses that attack document files containing embedded macro programming capabilities. 1. True 2. False

False

The four main types of logs that you need to keep to support security auditing include event, access, user, and security. 1. True 2. False

False

Vishing is a type of wireless network attack. 1. True 2. False

False

Voice pattern biometrics are accurate for authentication because voices can't easily be replicated by computer software. 1. True 2. False

False

Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP). 1. True 2. False

False

What compliance regulation applies specifically to the educational records maintained by schools about students? 1. Family Education Rights and Privacy Act (FERPA) 2. Health Insurance Portability and Accountability Act (HIPAA) 3. Federal Information Security Management Act (FISMA) 4. Gramm-Leach-Bliley Act (GLBA)

Family Education Rights and Privacy Act (FERPA)

Which compliance obligation includes security requirements that apply specifically to federal government agencies in the United States? 1. Gramm-Leach-Bliley Act (GLBA) 2. Health Insurance Portability and Accountability Act (HIPAA) 3. Family Educational Rights and Privacy Act (FERPA) 4. Federal Information Security Management Act (FISMA)

Federal Information Security Management Act (FISMA)

What type of firewall security feature limits the volume of traffic from individual hosts? 1. Loop protection 2. Network separation 3. Stateful inspection 4. Flood guard

Flood guard

Which one of the following governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals? 1. Payment Card Industry Data Security Standard (PCI DSS) 2. Federal Financial Institutions Examination Council (FFIEC) 3. Federal Information Security Management Act (FISMA) 4. Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)

With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network? 1. Home agent (HA) 2. Foreign agent (FA) 3. Care of address (COA) 4. Correspondent node (CN)

Home Agent (HA)

Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues? 1. Firewall 2. Hub 3. Switch 4. Router

Hub

Which one of the following is NOT a good technique for performing authentication of an end user? 1. Biometric scan 2. Password 3. Token 4. Identification number

Identification number

Chapter 2

Internet of Things (IoT)

Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion? 1. Security 2. Privacy 3. Interoperability 4. Compliance

Interoperability

Which of the following would NOT be considered in the scope of organizational compliance efforts? 1. Laws 2. Company policy 3. Internal audit 4. Corporate culture

Laws

Which type of denial of service attack exploits the existence of software flaws to disrupt a service? 1. SYN flood attack 2. Smurf attack 3. Logic attack 4. Flooding attack

Logic Attack

Which of the following is NOT a benefit of cloud computing to organizations? 1. On-demand provisioning 2. Improved disaster recovery 3. No need to maintain a data center 4. Lower dependence on outside vendors

Lower dependence on outside vendors

Which of the following is an example of a hardware security control? 1. NTFS permission 2. MAC filtering 3. ID badge 4. Security policy

MAC filtering

Chapter 11

Malicious Code

Chapter 10

Networks and Telecommunications

Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose? 1. Ping 2. Simple Network Management Protocol (SNMP) agent 3. Nmap 4. Remote Access Tool (RAT)

Nmap

What level of technology infrastructure should you expect to find in a cold site alternative data center facility? 1. Hardware and data that mirror the primary site 2. Hardware that mirrors the primary site, but no data 3. Basic computer hardware 4. No technology infrastructure

No technology infrastructure

Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario? 1. Checklist test 2. Full interruption test 3. Parallel test 4. Simulation test

Parallel Test

Which regulatory standard would NOT require audits of companies in the United States? 1. Sarbanes-Oxley Act (SOX) 2. Personal Information Protection and Electronic Documents Act (PIPEDA) 3. Health Insurance Portability and Accountability Act (HIPAA) 4. Payment Card Industry Data Security Standard (PCI DSS)

Personal Information Protection and Electronic Documents Act (PIPEDA)

Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of? 1. Intimidation 2. Name dropping 3. Appeal for help 4. Phishing

Phising

Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing? 1. Standard 2. Procedure 3. Policy 4. Guideline

Procedure

What is NOT a goal of information security awareness programs? 1. Teach users about security objectives 2. Inform users about trends and threats in security 3. Motivate users to comply with security policy 4. Punish users who violate policy

Punish users who violate policy

Which group is the most likely target of a social engineering attack? 1. Receptionists and administrative assistants 2. Information security response team 3. Internal auditors 4. Independent contractors

Receptionists and administrative assistants

What type of malicious software allows an attacker to remotely control a compromised computer? 1. Worm 2. Polymorphic virus 3. Remote Access Tool (RAT) 4. Armored virus

Remote Access Tool (RAT)

Which activity is an auditor least likely to conduct during the information-gathering phase of an audit? 1. Vulnerability testing 2. Report writing 3. Penetration testing 4. Configuration review

Report writing

What is the correct order of steps in the change control process?1. Request, approval, impact assessment, build/test, monitor, implement 2. Request, impact assessment, approval, build/test, implement, monitor 3. Request, approval, impact assessment, build/test, implement, monitor 4. Request, impact assessment, approval, build/test, monitor, implement

Request, impact assessment, approval, build/test, implement, monitor

Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register? 1. Description of the risk 2. Expected impact 3. Risk survey results 4. Mitigation steps

Risk survey results

What is NOT a symmetric encryption algorithm? 1. Rivest-Shamir-Adelman (RSA) 2. Data Encryption Standard (DES) 3. International Data Encryption Algorithm (IDEA) 4. Carlisle Adams Stafford Tavares (CAST)

Rivest-Shamir-Adelman (RSA)

Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request? 1. SOC 1 2. SOC 2 3. SOC 3 4. SOC 4

SOC 3

What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications? 1. Security Assertion Markup Language (SAML) 2. Secure European System for Applications in a Multi-Vendor Environment (SESAME) 3. User Datagram Protocol (UDP) 4. Password Authentication Protocol (PAP)

Security Assertion Markup Language (SAML)

Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following? 1. Least privilege 2. Security through obscurity 3. Need to know 4. Separation of duties

Separation of Duties

Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged into Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place? 1. Session hijacking 2. XML injection 3. Cross-site scripting 4. SQL injection

Session hijacking

The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? 1. Spear phishing 2. Pharming 3. Adware 4. Command injection

Spear Phishing

Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used? 1. Policy 2. Standard 3. Procedure 4. Guideline

Standard

Which one of the following principles is NOT a component of the Biba integrity model? 1. Subjects cannot read objects that have a lower level of integrity than the subject. 2. Subjects cannot change objects that have a lower integrity level. 3. Subjects at a given integrity level can call up only subjects at the same integrity<br>level or lower. 4. A subject may not ask for service from subjects that have a higher integrity level.

Subjects cannot change objects that have a lower integrity level.

Which set of characteristics describes the Caesar cipher accurately? 1. Asymmetric, block, substitution 2. Asymmetric, stream, transposition 3. Symmetric, stream, substitution 4. Symmetric, block, transposition

Symmetric, stream, substitution

What is NOT generally a section in an audit report? 1. Findings 2. System configurations 3. Recommendations 4. Timeline for Implementation

System Configurations

Which type of virus targets computer hardware and software startup functions? 1. Hardware infector 2. System infector 3. File infector 4. Data infector

System Infector

The NIST published a document key to an organization's cybersecurity success. That document is: 1. The Cybersecurity Framework 2. The Cybersecurity Maturity Model 3. The Cybersecurity Standards & Guidelines 4. The Cybersecurity Manual

The Cybersecurity Framework

What is the biggest threat to cybersecurity today?? 1. The human in the loop 2. Nation-state governments 3. Hired-gun hackers 4. Terrorist groups

The human in the loop

Which term describes any action that could damage an asset? 1. Countermeasure 2. Threat 3. Vulnerability 4. Risk

Threat

What type of malicious software masquerades as legitimate software to entice the user to run it? 1. Virus 2. Worm 3. Trojan horse 4. Rootkit

Trojan Horse

A firewall is a basic network security defense tool. 1. True 2. False

True

A network protocol governs how networking equipment interacts to deliver data across the network. 1. True 2. False

True

A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment. 1. True 2. False

True

A trusted operating system (TOS) provides features that satisfy specific government requirements for security. 1. True 2. False

True

An electronic mail bomb is a form of malicious macro attack that typically involves an email attachment that contains macros designed to inflict maximum damage. 1. True 2. False

True

An example of a threat to access control is in a peer-to-peer (P2P) arrangement in which users share their My Documents folder with each other by accident. 1. True 2. False

True

Anomaly-based intrusion detection systems compare current activity with stored profiles of normal (expected) activity. 1. True 2. False

True

Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet. 1. True 2. False

True

Backdoor programs are typically more dangerous than computer viruses. 1. True 2. False

True

Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents. 1. True 2. False

True

Devices that combine the capabilities of mobile phones and personal digital assistants (PDAs) are commonly called smartphones. 1. True 2. False

True

Digital signatures require asymmetric key cryptography. 1. True 2. False

True

During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences. 1. True 2. False

True

Many jurisdictions require audits by law. 1. True 2. False

True

Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available. 1. True 2. False

True

Organizations should start defining their IT security policy framework by defining an asset classification policy. 1. True 2. False

True

Some vending machines are equipped with a cellular phone network antenna for secure credit card transaction processing. 1. True 2. False

True

Spyware gathers information about a user through an Internet connection, without his or her knowledge. 1. True 2. False

True

TCP/IP is a suite of protocols that operates at both the Network and Transport layers of the OSI Reference Model. 1. True 2. False

True

The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems. 1. True 2. False

True

The Physical Layer of the OSI Reference Model must translate the binary ones and zeros of computer language into the language of the transport medium. 1. True 2. False

True

The System/Application Domain holds all the mission-critical systems, applications, and data. 1. True 2. False

True

The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services. 1. True 2. False

True

The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them. 1. True 2. False

True

Unified messaging allows you to download both voice and email messages to a smartphone or tablet. 1. True 2. False

True

What is NOT a typical sign of virus activity on a system? 1. Unexplained decrease in available disk space 2. Unexpected error messages 3. Unexpected power failures 4. Sudden sluggishness of applications

Unexpected power failures

Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri? 1. Cracker 2. White-hat hacker 3. Black-hat hacker 4. Grey-hat hacker

White-hat Hacker

What is the maximum value for any octet in an IPv4 IP address? 1. 65 2. 129 3. 255 4. 513

255

Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit? 1. Is the level of security control suitable for the risk it addresses? 2. Is the security control in the right place and working well? 3. Is the security control effective in addressing the risk it was designed to address? 4. Is the security control likely to become obsolete in the near future?

Is the security control likely to become obsolete in the near future?

In what type of attack does the attacker send unauthorized commands directly to a database? 1. Cross-site scripting 2. SQL injection 3. Cross-site request forgery 4. Database dumping<br><a name="_GoBack"></a>

SQL Injection

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system? 1. Network IDS 2. System integrity monitoring 3. CCTV 4. Data loss prevention

System Integrity Modeling

Which one of the following is NOT an example of store-and-forward messaging? 1. Telephone call 2. Voicemail 3. Unified messaging 4. Email

Telephone Call

The anti-malware utility is one of the most popular backdoor tools in use today. 1. True 2. False

False

Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing? 1. Identification 2. Authentication 3. Accountability 4. Authorization

Authorization

Which element of the security policy framework offers suggestions rather than mandatory actions? 1. Procedure 2. Policy 3. Standard 4. Guideline

Guideline

Which formula is typically used to describe the components of information security risks? 1. Risk = Likelihood X Vulnerability 2. Risk = Threat X Vulnerability 3. Risk = Threat X Likelihood 4. Risk = Vulnerability X Cost

Risk = Threat X Vulnerability

What type of network connects systems over the largest geographic area? 1. Wide area network (WAN) 2. Metropolitan area network (MAN) 3. Local area network (LAN) 4. Storage area network (SAN)

Wide area network (WAN)

E-commerce systems and applications demand strict confidentiality, integrity, and availability (CIA) security controls. 1. True 2. False

True

The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy. 1. True 2. False

True

The hash message authentication code (HMAC) is a hash function that uses a key to create a hash, or message digest. 1. True 2. False

True

Quiz: Chapter 1

Intro to Fundamentals of Info Security

What is NOT a good practice for developing strong professional ethics? 1. Set the example by demonstrating ethics in daily activities 2. Encourage adopting ethical guidelines and standards 3. Assume that information should be free 4. Inform users through security awareness training

Assume that information should be free

Which security model does NOT protect the integrity of information? 1. Bell-LaPadula 2. Clark-Wilson 3. Biba 4. Brewer and Nash

Bell-LaPadula

Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate? 1. Encryption 2. Decryption 3. Deidentification 4. Aggregation

Deidentification

What information should an auditor share with the client during an exit interview? 1. Draft copy of the audit report 2. Final copy of the audit report 3. Details on major issues 4. The auditor should not share any information with the client at this phase

Details on major issues

Which one of the following is an example of a disclosure threat? 1. Espionage 2. Alteration 3. Denial 4. Destruction

Espionage

Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? 1. Evil twin 2. Wardriving 2. Bluesnarfing 3. Replay attack

Evil Twin

Configuration changes can be made at any time during a system life cycle and no process is required. 1. True 2. False

False

The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks. 1. True 2. False

False

The number of failed logon attempts that trigger an account action is called an audit logon event. 1. True 2. False

False

The term certificate authority (CA) refers to a trusted repository of all public keys. 1. True 2. False

False

David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use? 1. Internet Small Computer System Interface (iSCSI) 2. Fibre Channel (FC) 3. Fibre Channel over Ethernet (FCoE) 4. Secure Shell (SSH)

Fibre Channel over Ethernet (FCoE)

Which one of the following is NOT a market driver for the Internet of Things (IoT)? 1. Global adoption of non-IP networking 2. Smaller and faster computing 3. Growth of cloud computing 4. Advancements in data analytics

Global adoption of non-IP networking

Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers? 1. FFIEC 2. FISMA 3. HIPAA 4. PCI DSS

HIPAA

Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)? 1. Virtual workplace 2. Infrastructure monitoring 3. Health monitoring 4. Supply chain management

Health Monitoring

When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve? 1. Confidentiality 2. Integrity 3. Authentication 4. Nonrepudiation

Nonrepudiation

Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place? 1. Spam 2. Phishing 3. Social engineering 4. Spim

Spim

Which of the following statements about the NIST document is true? 1. The process described in the document is NOT a one-size-fits-all process. 2. The described process can only be used by organizations associated with critical infrastructures. 3. The process described is only for large, publicly-held companies. 4. The process described does not apply to non-profit organizations.

The process described in the document is NOT a one-size-fits-all process.

In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data. 1. True 2. False

True

In a chosen-ciphertext attack, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system. 1. True 2. False

True

In security testing data collection, observation is the input used to differentiate between paper procedures and the way the job is really done. 1. True 2. False

True

In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks. 1. True 2. False

True

It is common for rootkits to modify parts of the operating system to conceal traces of their presence. 1. True 2. False

True

Rootkits are malicious software programs designed to be hidden from normal methods of detection. 1. True 2. False

True

Screen locks are a form of endpoint device security control. 1. True 2. False

True

The Data Link Layer of the OSI Reference Model is responsible for transmitting information on computers connected to the same local area network (LAN). 1. True 2. False

True

The Diffie-Hellman (DHE) algorithm is the basis for several common key exchange protocols, including Diffie-Hellman in Ephemeral mode (DHE) and Elliptic Curve DHE (ECDHE). 1. True 2. False

True

Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall? 1. 22 2. 25 3. 53 4. 80

25

What ISO security standard can help guide the creation of an organization's security policy? 1. 12333 2. 17259 3. 27002 4. 42053

27002

Henry's last firewall rule must allow inbound access to a Windows Terminal Server. What port must he allow? 1. 143 2. 443 3. 989 4. 3389

3389

Juan's web server was down for an entire day last September. It experienced no other downtime during that month. Which one of the following represents the web server uptime for that month? 1. 3.33% 2. 99.96% 3. 0.04% 4. 96.67%

96.67%

When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks. 1. True 2. False

True

Written security policies document management's goals and objectives. 1 True 2. False

True

What is NOT an effective key distribution method for plaintext encryption keys? 1. Paper 2. Unencrypted email 3. CD 4. Smart card

Unencrypted Email

Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation? 1. Hot site 2. Warm site 3. Cold site 4. Primary site

Warm site

Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering? 1. Accuracy 2. Reaction time 3. Dynamism 4. Acceptability

Acceptability


Kaugnay na mga set ng pag-aaral

AP Computer Science College Board Review CB#1 - CB#3

View Set

What is the relationship between literature and place?

View Set

Ch. 6: Funding the Public Sector

View Set

Thoracic Surgery and Chest Tubes- 7 questions

View Set

Eukaryotic and Prokaryotic Cells

View Set

Washington Laws, Rules and Regulations

View Set

Chpt 13 ABC, Chpt 12 ABC, Chpt 11 ABC, Chapt. 10 ABC

View Set