PIRKO quiz 2 (CH 3 and 4)
Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP).
False
The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?
13
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?
80
Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices?
Data Ownership
What is the first step in a disaster recovery effort?
Ensure that everyone is safe
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?
Evil Twin
A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.
False
A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.
False
An attacker uses exploit software when wardialing.
False
DOS Attakcs are larger in scope than DDOS attacks
False
Most enterprises are well prepared for a disaster should one occur.
False
Using a secure logon and authentication process is one of the six steps used to prevent malware.
False
What level of technology infrastructure should you expect to find in a cold site alternative data center facility?
No technology infrastructure
A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?
PCI DSS
Which tool can capture the packets transmitted between systems over a network?
Protocol Analyzer
What is NOT one of the three tenets of information security?
Safety
A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.
True
A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.
True
A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.
True
A surge protector is an example of a preventative component of a disaster recovery plan (DRP).
True
An alteration threat violates information integrity.
True
Failing to prevent an attack all but invites an attack.
True
The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.
True
Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?
Typo squatting
An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?
Urgency
Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation?
Warm Site
Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?
Zero-day attack
Which one of the following is the best example of an authorization control?
Access Control lists
Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time.
False
Which one of the following is an example of a reactive disaster recovery control?
Moving to a warm site
Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?
Passive Wiretap
As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?
Simulation Test
Which term describes an action that can damage or compromise an asset?
Threat
What type of malicious software masquerades as legitimate software to entice the user to run it?
Trojan Horse
Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.
True
Rootkits are malicious software programs designed to be hidden from normal methods of detection.
True