Security Pro Chapter 3

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What is the weakest point in an organization's security infrastructure? ● Physical structure ● Procedures ● People ● Technology

People

What is the average number of times that a specific risk is likely to be realized in a single year? ● Estimated maximum downtime ● Annualized rate of occurrence ● Exposure factor ● Annualized loss expectancy

Annualized rate of occurrence

What is the primary countermeasure to social engineering? ● Traffic filters ● Awareness ● Heavy management oversight ● A written security policy

Awareness

If an organization shows suffcient due care, which burden is eliminated in the event of a security breach? ● Negligence ● Investigation ● Asset loss ● Liability

Negligence

When is a BCP or DRP design and development actually completed? ● Only after testing and drilling ● Once senior management approves ● Only after implementation and distribution ● Never

Never

HIPAA is a set of federal regulations that define securiti guidelines. What do HIPAA guidelines protect? ● Availability ● Integrity ● Privacy ● Non-repudiation

Privacy

A smart phone was lost at the airport. There is no way to recover the device. Which if the following will ensure data confidentiality on the device? ● Remote wipe ● Screen lock ● GPS ● TPM

Remote wipe

Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called? ● Risk ● Loss ● Residual risk ● Exposure

Residual risk

What is the primary purpose of forcing employees to take mandatory one-week minimum vacations every year? ● To cut costs on travel ● To prevent the buildup of significant vacation time ● To test their knowledge of security ● To check for evidence of fraud

To check for evidence of fraud

What is the primary purpose of source code escrow? ● To obtain change rights over software after the vendor goes out of business ● To obtain resale rights over software after the vendor goes out of business ● To provide a backup copy of software to use for recovery in the event of a disaster ● To hold funds in reserve for unpredicted costs before paying the fees of the programmer

To obtain change rights over software after the vendor goes out of business

Purchasing insurance is what type of response to risk? ● Transference ● Deployment of a countermeasure ● Acceptance ● Rejection

Transference

You have installed antivirus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the user, she says she installed some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it. What should pu add to your security measures to help prevent this from happening again? ● Close unused firewall ports ● Account lockout ● User awareness training ● Proxy server

User awareness training

In business continuity planning, what is the primary focus of the scope? ● Company assets ● Human life and safety ● Recovery time objective ● Business processes

Business Processes

Which of the following is a recommendation to use when a specific standard or procedure does not exist? ● Procedure ● Standard ● Baseline ● Guideline

Guideline

Which of the following mobile device security considerations disables the ability to use the device after a short period of inactivity? ● TPM ● Remote wipe ● GPS ● Screen lock

Screen lock

Which of the following is defined as a contract that prescribes the technical support or business parameters a provider will bestow to its client? ● Final audit report ● Mutual aid agreement ● Service level agreement ● Certificate practice statement

Service level agreement

You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent data extraction from the discs? ● Write junk data over the discs seven times ● Degauss the disks ● Delete the data on the discs ● Shred the disks

Shred the disks

In which phase of the system life cycle is software testing performed? ● Functional design analysis and planning ● System design specifications ● Software development and coding ● Installation

Software development and coding

Which of the following are not reasons to remote wipe a mobile device? ● The device is stolen or lost. ● The device is locked and someone has entered multiple incorrect passwords or PINs. ● The device is inactive for a period of time. ● The device is being assigned to another user.

The device is inactive for a period of time.

Your company security policy requires separation of duties for all network security matters. Which of the following scenarios best describes this concept? ● The system administrator configures remote access privileges and the security officer reviews and activates each account. ● Every change to the default system image requires concurrent processing by multiple domain controllers. ● Security policy authors may never fraternize with system administration personnel. ● Only the security officer can implement new border router rule sets.

The system administrator configures remote access privileges and the security officer reviews and activates each account.

Which of the following best defines Single Loss Expectancy (SLE)? ● The monetary value of a single employee's loss of productivity due to a successful attack ● The statistical probability of a malicious event ● The total monetary loss associated with a single occurrence of a threat ● The total cost of all countermeasures associated with protecting against a given vulnerability

The total monetary loss associated with a single occurrence of a threat

When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated? ● Multiply the Single Loss Expectancy (SLE) by the standard annual deviation. ● Divide the static variable by the probability index. ● Multiply the Single Loss Expectancy (SLE) by the Annual Loss Expectancy (ALE). ● Through historical data provided by insurance companies and crime statistics.

Through historical data provided by insurance companies and crime statistics.

Which of the following is an action that must take place during the release stage of the SDLC? ● Testing of the software for bugs. ● The product goes into major production and is developed by programmers. ● Vendors develop and release patches in response to exploited vulnerabilities that have been discovered. ● Certification, accreditation, and auditing are performed.

Vendors develop and release patches in response to exploited vulnerabilities that have been discovered.

You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that, as part of a system upgrade, you are to go to a website and enter your user name and password at a new website so you can manage your email and spam using the new service. What should you do? ● Open a web browser and type the URL included in the email. Follow the directions to enter pur login credentials. ● Click on the link in the email and look for company graphics or information before entering the login information. ● Delete the email. ● Click on the link in the email and follow the directions to enter your login information. ● Verify that the email was sent by the administrator and that this new service is legitimate.

Verify that the email was sent by the administrator and that this new service is legitimate.

You've just received an email message explaining that a new and serious malicious code threat is ravaging across the internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a Victim of this threat by the presence of three files in the folder. As a countermeasure, the message suggests that you delete these three files from your system. In response to this message, which action should you take first? ● Reboot the system ● Distribute the message to everyone in your address book ● Delete the indicated files if present ● Verify the information on well-known malicious code threat management websites ● Perform a complete system backup

Verify the information on well-known malicious code threat management websites

A Service Level Agreement (SLA) defines the relationship and contractual responsibilities of providers and service recipients. Which of the following characteristics are most important when designing an SLA? (Select two.) ☐ Clear and detailed descriptions of penalties if the level of service is not provided. ☐ Employee vetting procedures that don't apply to contract labor. ☐ Detailed provider responsibilities for all continuity and disaster recovery mechanisms. ☐ Industry standard templates for all SLAS to ensure corporate compliance.

☑ Clear and detailed descriptions of penalties if the level of service is not provided. ☑ Detailed provider responsibilities for all continuity and disaster recovery mechanisms.

Your organization entered into an Interoperability Agreement (IA) with another organization a year ago. As a part of this agreement, a federated trust was established between your domain and the partner domain. The partnership has been in the ongoing operations phase for almost nine months now. As a security administrator, which tasks should you complete during this phase? (Select two.) ☐ Negotiate the BP● agreement ☐ Draft an MOU document ☐ Disable user and groups accounts used by the partner organization to access your organization's data ☐ Conduct periodic vulnerability assessments ☐ Verify compliance with the IA documents

☑ Conduct periodic vulnerability assessments ☑ Verify compliance with the IA documents

You have conducted a risk analysis to protect a key company asset. You identify the following values: • Asset value = 400 • Exposure factor = 75 • Annualized Rate of Occurrence = .25 What is the Single Loss Expectancy (SLE)? ● 100 ● 300 ● 475 ● 30000

300

You have conducted a risk analysis to protect a key company asset. You identify the following values: • Asset value = 400 • Exposure factor = 75 • Annualized rate of occurrence What is the Annualized Loss Expectancy (ALE)? ● 25 ● 75 ● 100 ● 175 ● 475

75

What is a service level agreement (SLA)? ● A contract with a legal entity to limit your asset loss liability ● A guarantee of a specific level of service ● A contract with an ISP for a specific level of bandwidth ● An agreement to support another company in the event of a disaster

A guarantee of a specific level of service

How often should change control management be implemented? ● Only when changes are made that affect senior management. ● Only when a production system is altered greatly. ● At regular intervals throughout the year. ● Any time a production system is altered.

Any time a production system is altered.

The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering? ● Commitment ● Persuasive ● Authority ● Social validation

Authority

Which of the following defines two-man control? ● For any task in which vulnerabilities exist, steps within the tasks are assigned to different positions with different management. ● An employee is granted the minimum privileges required to perform the position's duties. ● Certain tasks should be dual-custody in nature to prevent a security breach. ● A situation in which multiple employees conspire to commit fraud or theft.

Certain tasks should be dual-custody in nature to prevent a security breach.

You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device? ● Change management ● SLA ● Acceptable use ● Resource allocation

Change management

A code of ethics does all but which of the following? ● Establishes a baseline for managing complex situations ● Serves as a reference for the creation of acceptable use policies ● Improves the professionalism of your organization as well as your profession ● Clearly defines courses of action to take when a complex issue is encountered

Clearly defines courses of action to take when a complex issue is encountered

As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan? ● Redefine all roles and responsibilities ● Obtain senior management approval ● Perform new awareness sessions ● Collect and destroy all old plan copies

Collect and destroy all old plan copies

You have hired 10 new temporary workers who will be with the company for three months. You want to make sure that after that time the user accounts cannot be used for login. What should you do? ● Configure day/time restrictions in the user accounts ● Configure account policies in Group Policy ● Configure account lockout in Group Policy ● Configure account expiration in the user accounts

Configure account expiration in the user accounts

You have recently discovered that a network attack has compromised your database server. The attacker may have stolen customer credit card numbers. You have stopped the attack and implemented security measures to prevent the same incident from occurring in the future. What else might you be legally required to do? ● Implement training for employees who handle personal information ● Perform additional investigations to identify the attacker ● Contact your customers to let them know about the security breach ● Delete personally identifiable information from your computers

Contact your customers to let them know about the security breach

As you go through the process of making your network more manageable, you discover that employees in the sales department are on the same neüvork segment as the human resources department. Which of the following steps can be used to isolate these departments? ● Create a separate VLAN for each department ● Identify the choke points in your network ● Implement the principle of least privilege for the human resources department ● Move the sales department into the DMZ

Create a separate VLAN for each department

Which of the following is not a protection against collusion? ● Principle of least privilege ● Two-man control ● Separation of duties ● Cross-training

Cross-training

Which of the following is the best protection against security violations? ● Defense in-depth ● Monolithic security ● Fortress mentality ● Bottom-up decision-making

Defense in-depth

To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used? ● Asset classification ● Sensitivity' vs. risk ● Delphi method ● Comparative

Delphi method

Which of the following is not an appropriate response to a risk discovered during a risk analysis? ● Denial ● Assignment ● Mitigation ● Acceptance

Denial

When you inform an employee that they are being terminated, what is the most important activity? ● Allow them to collect their personal items ● Allow them to complete their current work projects ● Give them two weeks notice ● Disable their network access

Disable their network access

When you inform an employee that they are being terminated, what is the most important activity? ● Allowing them to complete their current work projects ● Giving them two weeks' notice ● Disabling their network access ● Allowing them to collect their personal items

Disabling their network access

Which of the following is not an element of the termination process? ● Dissolution of the NDA ● Exit interview ● Disable all network access ● Return company property

Dissolution of the NDA

The best way to initiate solid administrative control over an organization's employees is to have what element in place? ● An acceptable use policy ● Rotation of duties ● Distinct job descriptions ● Mandatory vacations in one-week increments

Distinct job descriptions

Which of the following is a common social engineering attack? ● Using a sniffer to capture network traffic ● Distributing hoax virus information emails ● Distributing false information about your organization's financial status ● Logging on with stolen credentials

Distributing hoax virus information emails

Which of the following is not part of security awareness training? ● Establish reporting procedures for suspected security violations ● Familiarize employees with the security policy ● Communicate standards, procedures, and baselines that apply to the employee's job ● Employee agreement documents

Employee agreement documents

Which type of data loss prevention system can be configured to block unauthorized email messages from being sent and, therefore, being subject to email retention rules? ● Network DLP ● Endpoint DLP ● File Level DLR ● Chinese Wall

Endpoint DLP

Your company is preparing to enter into a panner relationship with another organization. It will be necessary for the information systems used by each organization to connect and integrate with each other. Which of the following is of primary importance as you take steps to enter into this partner relationship? ● Identify how data ownership will be determined ● Ensure that all aspects of the relationship are agreed upon in writing ● Ensure that the integration process maintains the security of each organization's network ● Ensure that both organizations have similar incident response procedures

Ensure that the integration process maintains the security of each organization's network

Dumpster diving is a low-tech way to gathering information that may be useful in gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving? ● Create a strong password policy ● Establish and enforce a document destruction policy ● Mandate the use of Integrated Windows Authentication ● Secure all terminals with screensaver passwords

Establish and enforce a document destruction policy

Change control should be used to oversee and manage changes over what aspect of an organization? ● Physical environment ● Every aspect ● Personnel and policies ● IT hardware and software

Every aspect

Which of the following is not a form of social engineering? ● A virus hoax email message ● Impersonating a utility repair technician ● Impersonating a user by logging on with stolen credentials ● Impersonating a manager over the phone

Impersonating a user by logging on with stolen credentials

Over the last several years, the use of mobile devices within your organization has increased dramatically. Unfortunately, many department heads circumvented your information systems procurement policies and directly purchased tablets and smartphones for their employees without authorization. As a result, there is a proliferation of devices within your organization without accountability. You need to get things under control and begin tracking your organization's devices. How should you do this? ● Require users to sign an acceptable use policy before allowing them to use mobile devices for work-related tasks. ● Implement a mobile device management (MOM) solution. ● Implement a mobile endpoint management (MEM) solution. ● Apply security-related Group Policy settings to the devices using a Group Policy object. ● Join the devices to your organization's domain.

Implement a mobile endpoint management (MEM) solution.

As you help a user with a computer problem, pu notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently required: • Minimum password length = 10 • Minimum password age = 4 • Maximum password age = 30 • Password history = 6 • Require complex passwords that include numbers and symbols • Account lockout clipping level = 3 Which of the following is the best action to take to make remembering passwords easier so that she no longer has to write the password down? ● Remove the complex password requirement ● Decrease the minimum password length ● Increase the account lockout clipping level ● Implement end-user training ● Increase the maximum password age

Implement end-user training

Over the last month, pu have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment? ● Reduce all employee permissions and privileges ● Improve and hold new awareness sessions ● Terminate all offenders ● Initiate stronger auditing

Improve and hold new awareness sessions

What is the primary purpose of imposing software lifecycle management concepts? ● Increase interoperability ● Reduce product returns ● Decrease development overhead ● Increase the quality of software

Increase the quality of software

Which of the following is not an accepted countermeasure to strengthen a cryptosystem? ● Implement long key spaces ● Keep the cryptosystem a secret ● Implement strong systems with redundant encipherment ● use strong passwords

Keep the cryptosystem a secret

What is the primary goal of business continuity planning? ● Minimize decision-making during the development process ● Protecting an organization from major computer services failure ● Maintaining business operations with reduced or restricted infrastructure capabilities or resources ● Minimizing the organization's risk of service delays and interruptions

Maintaining business operations with reduced or restricted infrastructure capabilities or resources

What is another name for a back door that was accidentally left in a product by the manufacturer? ● Trojan horse ● Maintenance hook ● Security patch ● Root kit

Maintenance hook

When recovering from a disaster, which services should you stabilize first? ● Outside communications ● Mission-critical ● Financial support ● Least business-critical

Mission-critical

Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies? ● Chinese Wall ● File Level DLR ● Network DLP ● Endpoint DLP

Network DLP

Which of the following is a legal contract between the organization and the employee that specifies the employee is not to disclose the organization's confidential information? ● Employee monitoring agreement ● Non-disclosure agreement ● Acceptable use agreement ● Non-compete agreement

Non-disclosure agreement

Which of the following attacks tricks victims into providing confidential information (such as identity information or login credentials) through emails or websites that impersonate an online entity that the victim trusts? ● Session hijacking ● Phishing ● Man-in-the-middle ● Adware

Phishing

In which phase of the system life cycle is a security integrated into the product? ● Software Development ● Project Initiation ● Maintenance ● Installation

Project Initiation

What is the most effective way to improve or enforce security in any environment? ● Enforcing account lockout ● Disabling Internet access ● Providing user-awareness training ● Requiring two-factor authentication

Providing user-awareness training

Which of the following best describes the concept of due care or due diligence? ● Reasonable precautions based on industry best practices are utilized and documented. ● Availability supersedes security unless physical harm is likely. ● Security through obscurity is best accomplished by port stealthing. ● Legal disclaimers are consistently and conspicuously displayed on all systems.

Reasonable precautions based on industry best practices are utilized and documented.

Which of the following program writing development modes is a method that allows for optimal control over coherence, security, accuracy, and comprehensibility? ● Clean room ● Waterfall planning ● Object-oriented programming ● Structured programming

Structured programming

You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuo Plan (BCP) with two other database professionals. Which type of BCP test is this considered? ● Succession planning ● Complex exercise ● Tabletop exercise ● Medium exercise

Tabletop exercise

Which of the following social engineering attacks use Voice over IP (VolP) to gain sensitive information? ● Spear phishing ● Masquerading ● Vishing ● Tailgating

Vishing

A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. Which type of an attack best describes the scenario? ● MAC spoofing ● Whaling ● Passive ● Masquerading

Whaling

When would choosing to do nothing about an identified risk be acceptable? ● When the cost of protecting the asset is greater than the potential loss ● When the threat is most likely to come from an internal source instead of an external source ● When the threat is likely to occur less than once per year ● When the asset is an intangible asset instead of a tangible asset

When the cost of protecting the asset is greater than the potential loss

Which of the following is an example of a strong password? ● Robert694 ● atgiov45a ● desktop#7 ● a8bT11$yi

a8bT11$yi

Which of the following statements is true regarding risk analysis? (Select two.) ☐ Don't implement a countermeasure if the cost is greater than loss. ☐ Annualized Rate of Occurrence (ARO) identifies how often the successful threat attack will occur in a single year. ☐ Exposure factor is the percent of the asset lost from an unsuccessful threat attack. ☐ The value of an asset is the worth of a resource to the organization excluding qualitative values.

☑ Don't implement a countermeasure if the cost is greater than loss. ☑ Annualized Rate of Occurrence (ARO) identifies how often the successful threat attack will occur in a single year.

Which of the following are examples of social engineering? (Select two.) ☐ War dialing ☐ Dumpster diving ☐ Port scanning ☐ Shoulder surfing

☑ Dumpster diving ☑ Shoulder surfing

How can an organization help prevent social engineering attacks? (Select two.) ☐ Educate employees on the risks and countermeasures. ☐ Close all unneeded ports on firewalls. ☐ Publish and enforce clearly-written security policies. ☐ Implement IPsec on all critical systems.

☑ Educate employees on the risks and countermeasures. ☑ Publish and enforce clearly-written security policies.

You have recently been hired as the new network administrator for a startup company. The company's network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a Manageable Network plan for the network. You have already completed the first and second milestones, in which documentation procedures were identified and the network was mapped. You are now working on the third milestone, identifying ways to protect the network. Which tasks should you complete as a pan of this milestone? (Select two.) ☐ Create an approved application list for each network device ☐ Identify and document each user on the network ☐ Physically secure high-value systems ☐ Set account expiration dates ☐ Apply critical patches whenever they are released

☑ Identify and document each user on the network ☑ Physically secure high-value systems

Your organization is in the process of negotiating an Interoperability Agreement (IA) with another organization. As a part of this agreement, the partner organization proposes that a federated trust be established beüveen your domain and their domain. This configuration will allow users In their domain to access resources in your domain and vice versa. As a security' administrator, which tasks should pu complete during this phase? (Select two.) ☐ Identify how data will be shared. ☐ Verify compliance with the IA documents. ☐ Identify how data ownership will be determined. ☐ Conduct security audits on the partner organization. ☐ Reset all passwords used by the third party to access data or applications on your network.

☑ Identify how data will be shared. ☑ Identify how data ownership will be determined.

Your organization has recently purchased 20 tablet devices for the Human Resource department to use for training sessions. You are concerned that these devices could represent a security risk to your network and want to strengthen their security profile as much as possible. Which actions should you take? (Select two. Each response is a separate solution.) ☐ Configure a Group Policy object (GPO) containing mobile device-specific security settings. ☐ Join the devices to your organization's domain. ☐ Install the devices in your organization's directory services tree. ☐ Implement storage segmentation. ☐ Enable device encryption.

☑ Implement storage segmentation. ☑ Enable device encryption

Which of the following are typically associated with human resource security policies? (Select two.) ☐ Termination ☐ Background checks ☐ Change management ☐ Password policies ☐ SLA

☑ Termination ☑ Background checks


Kaugnay na mga set ng pag-aaral

EC350 Chapter #14: Unemployment and Inflation

View Set

Introduction to Computing- Hardware

View Set

Earth Science Exam 1 Study Flashcards Set 2 Plate Tectonics

View Set

Quadratic Transformation_Describe

View Set

Princeton Review MCAT Psych/Soc Glossary, MCAT Kaplan Psychology/Sociology Vocabulary, MCAT Psychology and Sociology (Kaplan)

View Set

Manufacturing Processes Chapter 6

View Set

Geography Review Questions for Feb. 2016 Midterm 1st Section

View Set