Chapter Quizzes
The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?
13
Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?
Captive Portal
Which information security objective allows trusted entities to endorse information?
Certification
A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations. True False
False
A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats. True False
False
Temporal isolation is commonly used in combination with rule-based access control. True False
False
Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose?
Nmap
Which one of the following is an example of two-factor authentication?
Smart Card and Personal Identification Number (PIN)
Which of the following statements is true regarding cross-site scripting (XSS) attacks?
They are one of the most common web attacks
Classification scope determines what data you should classify; classification process determines how you handle classified data. True False
True
The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems. True False
True
Dawn is selecting an alternative processing facility for her organization's primary data center. she would like to have a facility that balances cost and switchover time. What would be the best option in this situation?
Warm Site
By default, Windows will:
inherit the permissions of the parent folder so that all subfolders will have the same permissions as the parent.
Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the single loss expectancy (SLE)?
$2,000,000
What is NOT a valid encryption key length for use with the Blowfish algorithm?
512 bits
By creating users, assigning those users to groups, and then applying groups to resources in the domain, the administrator sets up both authentication using the Active Directory Domain authentication policies, and builds a series of nested ___________ to control the access to domain resources.
Access Control Lists
Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?
Accountability
Members of the ____________ group called Remote Desktop Users are allowed to use the remote desktop services to connect to remote machines.
Builtin
Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?
Business Continuity Plan (BCP)
Which of the following Cisco certifications demonstrates the most advanced level of security knowledge?
Cisco Certified Internetwork Expert (CCIE) Security
How can you verify that the integrity of encrypted files is maintained during the transmission to another user's computer?
Compare the decrypted file's contents with the contents of the original file
What information should an auditor share with the client during an exit interview?
Details on major issues
An attacker uses exploit software when wardialing. True or False
False
DIAMETER is a research and development project funded by the European Commission. True False
False
the four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks.
False
Cryptography is the process of transforming data from cleartext into ciphertext.
False; It's Encryption
The weakest link in the security of an IT infrastructure is the server.
False; It's the User
Which of the following agencies is NOT involved in the Gramm-Leach-Bliley Act (GLBA) oversight process?
Federal Communications Commission (FCC)
Erin is a system administrator for a federal government agency. What law contains guidance on how she may operate a federal information system?
Federal Information Security Management Act (FISMA)
Which compliance obligation includes security requirements that apply specifically to federal government agencies in the United States?
Federal Information Security Management Act (FISMA)
Which control is not designed to combat malware? a. Antivirus Software b. Quarantine Computers c. Firewalls d. Awareness and Education Efforts
Firewalls
Which of the following is NOT an advantage to undertaking self-study of information security topics?
Fixed Place
What is a set of concepts and policies for managing IT infrastructure, development and operations?
IT Infrastructure Library (ITIL)
What term describes the risk that exists after an organization has performed all planned countermeasures and controls?
Residual Risk
Which Web application attack is more likely to extract privacy data elements out of a database?
SQL injection attack
Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?
Secure Sockets Layer (SSL)
What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications?
Security Assertion Markup Language (SAML)
Which set of characteristics describes the Caesar cipher accurately?
Symmetric, Stream, Substitution
Which type of virus targets computer hardware and software startup functions?
System Infector
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
System Integrity Monitoring
Which one of the following is an advantage that the Internet of Things (IoT) brings to economic development for countries?
Technical and Industry Development
Which of the following tools is used to modify permissions on the TargetWindowsDC01 server to allow new users to use the remote desktop services?
The Group Policy Object Editor
Which term describes any action that could damage an asset?
Threat
Purchasing an insurance policy is an example of the _____________________ risk management strategy.
Transfer
The recovery point objective (RPO) is the maximum amount of data loss that is acceptable. True False
True
When the key is successfully created, which of the following options lets you store your certificate on a public Internet server?
Upload Certificate To Directory Service
An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?
Urgency
The ___________ is a quarantine area where all removed files, virus infected or suspicious files are stored until you take action on them.
Virus Vault
Each time a key pair is created, Kleopatra generates:
A unique 40-character fingerprint
Forensics and incident respons are examples of ___________ controls.
Corrective
Passphrases are less secure than passwords. True False
False
User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity. True False
False
Which tool can capture the packets transmitted between systems over a network?
Protocol Analyzer
Users often complain that _____________ make their systems "slow" and hard to use.
Security Measures
Which of the following statements is true regarding asymmetrical encryption?
The receiver obtains the needed key from the sender or through a trusted third party
Active Directory :
makes the process of accessing machines that are not on the domain much easier
Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore?
2
When the 172.30.0.10 IP host responded to the ICMP echo-requests, how many ICMP echo-reply packets were sent back to the vWorkstation?
4 Echo Replies
Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?
443
Which Institute of Electrical and Electronics Engineers (IEEE) standard covers wireless LANs?
802.11
Which of the following is the database that provides a centrally controlled and managed access and security management system for an organization's Windows computer systems?
Active Directory
What is NOT a principle for privacy created by the Organization for Economic Cooperation and Development (OECD)?
An organization should share its information
Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality?
Applying Strong Encryption
Howard is leading a project to commission a new information system that will be used by a federal government agency. He is working with senior officials to document and accept the risk of operation prior to allowing use. What step of the risk management framework is Howard completing?
Authorize the IT system for processing
When malware slows performance, which of the following tenets of information system security is impacted?
Availability
Which part of the CIA triad refers to making sure information is obtainable when needed?
Availability
______________ is a continuous process designed to keep all personnel vigilant.
Awareness
Which password attack is typically used specifically against password files that contain cryptographic hashes?
Birthday Attacks
Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?
Black-Box Test
What certification focuses on information systems, audit, control and security professionals?
Certified Information Systems Auditor (CISA)
Which of the following certifications is considered the flagship Information Systems Security Certification Consortium, Inc. (ISC) certification and the gold standard for information security professionals?
Certified Information Systems Security Professional (CISSP)
Betty visits a local library with her young children. She notices that someone using a computer terminal in the library is visiting pornographic websites. What law requires that the library filter offensive web content for minors?
Children's Internet Protection Act (CIPA)
Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works?
Chosen Plaintext
Alison discovers that a system under her control has been infected with malware, which is using a keylogger to report user keystrokes to a third party. What information security property is this malware attacking?
Confidentiality
Which part of the CIA triad refers to preventing the disclosure of secure information to unauthorized individuals or systems?
Confidentiality
Which activity manages the baseline settings for a system or device?
Configuration Control
Within the virtual environment, a Remote Desktop Connection and PuTTY are the two ways to:
Connect to the Linux Terminal
Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank X?
Consumer
What is NOT a common endpoint for a virtual private network (VPN) connection used for remote network access?
Content Filter
In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?
Correspondent Node (CN)
Which of the following becomes possible when a web form allows HTML or JavaScript code as valid input?
Cross-Site Scripting (XSS)
Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?
Crossover Error Rate (CER)
Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank Y?
Customer
Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?
Diffie-Hellman
From the LabFiles Properties dialog box, which of the following options is necessary to enable you to specify permissions for each subfolder?
Disable Inheritance
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?
Discretionary Access Control (DAC)
In Wireshark, which of the following enable you to find only the traffic you wish to analyze?
Display Filters
Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?
Does the firewall properly block unsolicited network connection attempts?
What is a key principle of risk management programs?
Don't spend more to protect an asset than it is worth
What protocol is responsible for assigning IP addresses to hosts on most networks?
Dynamic Host Configuration Protocol (DHCP)
Database developers and administrators are responsible for:
Ensuring regular backups of the database are performed
Which one of the following is an example of a disclosure threat? a. Denial b. Espionage c. Alteration d. Destruction
Espionage
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?
Evil Twin
Which one of the following is an example of a direct cost that might result from a business disruption?
Facility Repair
Certification is the formal agreement by an authorizing official to accept the risk of implementing a system. True False
False
Deterrent controls identify that a threat has landed in your system. True False
False
During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system. True False
False
Implicit deny is when firewalls look at message addresses to determine whether a message is being sent around an unending loop.
False
Jake has been asked to help test the business continuity plan at an offsite location while the system at the main location is shut down. He is participating in a parallel test. True False
False
Product cipher is an encryption algorithm that has no corresponding decryption algorithm.
False
Vishing is a type of wireless network attack. True or False
False
Which of the following refers to the top pane of the Wireshark window that contains all of the packets that Wireshark has captured, in time order and provides a summary of the contents of the packet in a format close to English?
Frame Summary
Which of the following refers to the bottom pane of the Wireshark window where all of the information in the packet is displayed in hexadecimal on the left and in decimal, in characters when possible, on the left?
Hex Pane
Often hackers will use ____________ to make the scripts even harder to detect.
Hexadecimal character strings
Some of the more important _________ include anti-virus (and anti-malware), host-based firewall, system hardening (removing unwanted services), change control, and log management.
Host-Based Security Measures
Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?
Hub
Gary is troubleshooting a security issue on an Ethernet network and would like to look at the Ethernet standard. What publication should he seek out?
IEEE 802.3
Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management?
ISO 27002
When is the company under additional compliance laws and standards to ensure the confidentiality of customer data?
If e-commerce or privacy data is entered into the web application
Adam's company recently suffered an attack where hackers exploited an SQL injection issue on their web server and stole sensitive information from a database. What term describes this activity?
Incident
Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?
Integrity
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?
Integrity
Which part of the CIA triad refers to maintaining and assuring the accuracy of data over its life-cycle?
Integrity
Fran is interested in learning more about the popular Certified Ethical Hacker (CEH) credential. What organization should she contact?
International Council of E-Commerce Consultants (EC-Council)
Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI?
International Organization for Standardization (ISO)
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block?
Internet Control Message Protocol (ICMP)
Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?
Interoperability
Which network device is capable of blocking network connections that are identified as potentially malicious?
Intrusion Prevention System (IPS)
Which of the following statements is true regarding the hybrid approach to encryption?
It provides the same full CIA protection as asymmetrical encryption with nearly the same speed as symmetrical encryption
What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?
Kerberos
What is the certificate management component of GPG4Win?
Kleopatra
Which of the following would NOT be considered in the scope of organizational compliance efforts?
Laws
On a Windows network share, if the user can browse a file but cannot copy or modify it, what type of access controls and permissions are probably configured?
List Folder Contents
Which type of denial of service attack exploits the existence of software flaws to disrupt a service?
Logic Attack
Which of the following is an example of a hardware security control?
MAC Filtering
When the key is successfully created, which of the following options sends a copy of your private key to your computer?
Make a Backup Of Your Key Pair
Alison retrieved data from a company database containing personal information on customers. When she looks at the SSN field, she sees values that look like this: "XXX-XX-9142". What has happened to these records?
Masking
What term describes the longest period of time that a business can survive without a particular critical system?
Maximum Tolerable Downtime (MTD)
Which one of the following measures the average amount of time that it takes to repair a system, application, or component?
Mean Time to Repair (MTTR)
Which agreement type is typically less formal than other agreements and expresses areas of common interest?
Memorandum of Understanding (MOU)
On a Windows network share, if the user can add, edit and delete files and folders within the LabFiles folder, what type of access controls and permissions are probably configured?
Modify
Which of the following is a security countermeasure that could be used to protect your production SQL databases against injection attacks?
Monitor your SQL databases for unauthorized or abnormal SQL injections
Which one of the following is an example of a reactive disaster recovery control?
Moving to a warm site
What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?"
NIST
What federal government agency is charged with the responsibility of creating information security standards and guidelines for use within the federal government and more broadly across industries?
National Institute of Standards and Technology (NIST)
What government agency sponsors the National Centers of Academic Excellence (CAE) for the Cyber Operations Program?
National Security Agency (NSA)
Which of the following performs remote scans and audits of UNIX, Windows, and network infrastructures and can perform a network discovery of devices, operating systems, applications databases, and services running on those devices?
Nessus
Which of the following allows analysts to view and analyze network packet traces?
NetWitness Investigator
Which of the following provides security practitioners with a deep packet inspection tool used for examining everything from the data link layer up to the application layer?
NetWitness Investigator
What is NOT a commonly used endpoint security technique?
Network Firewall
Which security testing activity uses tools that scan for services running on systems?
Network Mapping
What level of technology infrastructure should you expect to find in a cold site alternative data center facility?
No technology infrastructure
In a ___________ attack, the attacker attempts to use scripting commands in the URL itself, or through a device, such as a web form, to gain administrator, or some other elevated level of user privileges in an attempt to force the victim's server to display the desired data on-screen.
Non-persistent cross-site scripting
When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve?
Nonrepudiation
Windows Group Policy can be used _____________ to control access to many local computer and network resources such as drives, Internet access, kiosk mode, etc.
On either a local or domain level
Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time?
Online Certificate Status Protocol (OCSP)
To be effective, hackers and cybercriminals:
Only need to know one vulnerability, or how to use one automated tool that attacks that vulnerability
A security awareness program that focuses on an organization's Bring Your Own Device (BYOD) policy is designed to cover the use of what type of equipment?
Personally Owned Devices
Which element of the security policy framework requires approval from upper management and applies to the entire organization?
Policy
Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?
Polymorphic Virus
Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities but does not allow other activities. Which permission level is he planning to use?
Prudent
What type of organizations are required to comply with the Sarbanes-Oxley (SOX) Act?
Publicly traded companies
Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis?
Qualitative
Which approach to cryptography provides the strongest theoretical protection?
Quantum Cryptography
Which data source comes first in the order of volatility when conducting a forensic investigation?
RAM
On a Windows network share, if the user can view the folder's contents as well as execute scripts, what type of access controls and permissions are probably configured?
Read and Execute
During which phase of a hacker's five-step approach does the hacker scan a network to identify IP hosts, open ports, and services enabled on servers and workstations?
Reconnaissance
Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining?
Recovery Time Objective (RTO)
What type of publication is the primary working product of the Internet Engineering Task Force (IETF)?
Request for Comment (RFC)
What is the correct order of steps in the change control process?
Request, Impact Assessment, Approval, Build/Test, Implement, Monitor
Which of the following is NOT one of the rights afforded to students (or the parents of a minor student) under the Family Educational Rights and Privacy Act (FERPA)?
Right to delete unwanted information from records
Which formula is typically used to describe the components of information security risks?
Risk = Threat x Vulnerability
George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?
Risk Management Guide for Information Technology Systems (NIST SP800-30)
Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?
Security Information and Event Management (SIEM)
The _____________ is the central part of a computing environment's hardware, software, and firmware that enforces access control.
Security Kernel
Helen has no experience in security. She would like to earn a certification that demonstrates that she has the basic knowledge necessary to work in the information security field. What certification would be an appropriate first step for her?
Security+
Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing?
Separation of Duties
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?
Separation of Duties
Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?
Service Level Agreement (SLA)
Gwen is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Gwen's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?
Session Hijacking
In which type of attack does the attacker attempt to take over an existing connection between two systems?
Session Hijacking
In the lab, what did you do before attempting the script tests that exposed the vulnerabilities?
Set the security level of DVWA to low
Which intrusion detection system strategy relies upon pattern matching?
Signature Detection
As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?
Simulation Test
Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a webbrowser. Which service delivery model is Kaira's company using?
Software as a Service (SaaS)
The CEO of Kelly's company recently fell victim to an attack. The attackers sent the CEO an email informing him that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack too place?
Spear Phishing
If it is impractical to place guest users in a secure network, isolated from the production network by firewall barriers, then:
Specific areas of access should be determined and they should be restrictive as possible
Users throughout Allison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place?
Spim
What is NOT an area where the Internet Architecture Board (IAB) provides oversight on behalf of the Internet Engineering Task Force (IETF)?
Subject matter expertise on routing and switching
Which one of the following principles is NOT a component of the Biba integrity model?
Subjects cannot change objects that have a lower integrity level
Joe is responsible for the security of the industrial control systems for a power plant. What type of environment does Joe administer?
Supervisory Control and Data Acquisition (SCADA)
What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows?
Switch
Which of the following uses the TFTP (Trivial File Transfer Protocol) to send (put) or receive (get) files between computers?
The TFTPD64 Application
Which of the following statements is true regarding SQL Injection attacks?
The likelihood can be reduced through regular testing
Microsoft Windows Active Directory provides capabilities in all three of the CIA areas, and the domain administrator will be called upon to implement:
The roles of Confidentiality and Integrity most frequently
Web application developers and software developers are responsible for:
The secure coding and testing of their application
Which type of cipher works by rearranging the characters in a message?
Transposition
A ______________ will masquerade as a seemingly useful program while actually compromising system security and possibly acting as a "back door", allowing additional hack tools and access to the system.
Trojan
A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing. True False
True
A successful change control program should include the following elements to ensure the quality of the change control process: peer review, documentation and back-out plans. True False
True
Access control lists (ACLs) are used to permit and deny traffic in an IP router.
True
An alteration threat violates information integrity. True or False
True
Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than just in individual packets. True False
True
The recovery point objective (RPO) can come from the business impact analysis or sometimes from a government mandate, such as banking laws. True False
True
Which of the following combines something you know (e.g. password) with something you are (e.g. fingerprint) or something you possess (e.g. USB stick) and can also employ a certificate system that adds a distinct third layer to the authentication process?
Two-factor authentication
Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?
Typosquatting
Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use?
VPN Concentrator
Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?
Virtual LAN (VLAN)
The __________ is a personal firewall that filters incoming and outgoing traffic by blocking unauthorized traffic to the local computer.
Windows Firewall with Advanced Security
Which of the following is the mechanism on a Windows server where you can administer granular policies and permissions on a Windows network using role-based access?
Windows Group Policy
What wireless security technology contains significant flaws and should never be used?
Wired Equivalent Privacy (WEP)
Which of the following is a freeware tool providing basic packet capture and protocol decoding capabilities?
Wireshark
Which of the following is a protocol analyzer tool (sometimes called a "packet sniffer") that is used to capture IP traffic from a variety of sources?
Wireshark
Allie is working on the development of a web browser and wants to make sure that the browser correctly implements the Hypertext Markup Language (HTML) standard. What organization's documentation should she turn to for the authoritative source of information?
World Wide Web Consortium
Which of the following is used to perform a scan of the network and create a network topology chart?
Zenmap
What type of malware does NOT have an anti-malware solution and should be covered in security awareness training?
Zero-day
What type of malicious software allows an attacker to remotely control a compromised computer?
Remote Access Tool (RAT)
The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary. True False
True
The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them.
True
The three main categories of network security risk are reconnaissance, eavesdropping and denial of service.
True
What is the only unbreakable cipher when it is used properly?
Vernam
Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?
Alice's Private Key
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?
Alice's Public Key
Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall?
25
Continuing professional education (CPE) credits typically represent _______ minutes of classroom time per CPE unit.
50
Jane is a manager at a federal government agency and recently hired a new employee, Mark, who will work with sensitive information. How much time does Jane have from Mark's hire date to get him security training?
60 Days
What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities?
800
Which type of attack is triggered by the victim?
Persistent cross-site scripting attack
Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the annualized loss expectancy (ALE)?
$20,000
Which one of the following is the best example of an authorization control?
Access Control Lists
_____________ refers to a program of study approved by the State Department of Education in the state that a school operates.
Accredited
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?
Address Resolution Protocol (ARP) Poisoning
Which of the following is NOT a role described in DoD Directive 8140, which covers cybersecurity training?
Attack
During what phase of a remote access connection does the end user prove his or her claim of identity?
Authentication
During which phase of the access control process does the system answer the question, "What can the requestor access?"
Authorization
Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?
Authorization
In an accreditation process, who has the authority to approve a system for implementation?
Authorizing Official (AO)
Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?
Baseline
Which security model does NOT protect the integrity of information?
Bell-LaPadula
Richard would like to earn a certification that demonstrates his ability to manage the information security function. What certification would be most appropriate for Richard?
Certified Information Security Manager (CISM)
Colin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. What certification would be most suitable for this purpose?
Certified Secure Software Lifecycle Professional (CSSLP)
What must you do to any certificate imported into Kleopatra before you can use it to decrypt messages?
Change the trust level
Which of the following statements is true regarding the rules for password selection?
Change your passwords frequently
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?
Cross-Site Scripting (XSS)
Which element is NOT a core component of the ISO 27002 standard?
Cryptography
Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that arise as the result of business use of personal devices?
Data Ownership
Betty receives a ciphertext message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?
Decryption
The main principle of ____________ is to build layers of redundant and complementary security tools, policies, controls and practices around the organization's information and assets.
Defense in depth
Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate?
Deidentification
A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information.
False
A SOC 1 report primarily focuses on security. True False
False
What mathematical problem forms the basis of most modern cryptographic algorithms?
Factoring Large Primes
A VPN router is a security appliance that is used to filter IP packets.
False
A phishing attack "poisons" a domain name on a domain name server. True or False
False
A structured walk-through test is a review of a business continuity plan to ensure that contact numbers are current and that the plan reflects the company's priorities and structure. True False
False
Often an extension of a memorandum of understanding (MOU) , the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets. True False
False
Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device. True False
False
Risk refers to the amount of harm a threat exploiting a vulnerability can cause. True False
False
Terminal Access Controller Access Control System Plus (TACACS+) is an authentication server that uses client and user configuration files. True False
False
The Sarbanes-Oxley (SOX) Act requires all types of financial institutions to protect customers' private financial information.
False
The anti-malware utility is one of the most popular backdoor tools in use today. True or False
False
The four central components of access control are users, resources, actions, and features. True False
False
The four main types of logs that you need to keep to support security auditing include event, access, user and security. True False
False
The number of failed logon attempts that trigger an account action is called an audit logon event. True False
False
Which of the following is used to transfer files using the File Transfer Protocol (FTP) to and from the vWorkstation?
FileZilla
Which of the following refers to the middle pane of the Wireshark window that is used to display the packet structure and contents of fields within the packet?
Frame Detail
Most Linux interactions take place:
From the command line
Jonas is an experienced information security professional with a specialized focus on evaluating computers for evidence of criminal or malicious activity and recovering data. Which GIAC certification would be most appropriate for Jonas to demonstrate his abilities?
GIAC Certified Forensic Examiner (GCFE)
What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?
Hash
Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)?
Health Monitoring
Which organization pursues standards for Internet of Things (IoT) devices and is widely recognized as the authority for creating standards on the Internet?
Internet Engineering Task Force
Which of the following helps secure the perimeter of a network?
Intrusion Prevention Systems
If someone sends you his public key and you import it into Kleopatra, will he be able to decrypt the encrypted messages you send him?
No because you must provide your public key to any user wanting to decrypt any message encrypted by you
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?
Opportunity Cost
Before analyzing packets in NetWitness Investigator, you must first create a collection and then import a(n):
Packet Capture File
Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?
Parallel Test
Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court corder. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?
Passive Wiretap
Brian is the information security training officer for a health care provider. He wants to develop a training program that complies with the provisions of Health Insurance Portability and Accountability (HIPAA). Which of the following topics must be included?
Password Management
No production web application, whether it resides inside or outside the firewall, should be implemented without:
Penetration testing and security hardening
Web application firewalls, security information and event management systems, access controls, network security monitoring and change controls help to keep the "soft center" from becoming an easy target when the ________ fails.
Perimeter
In a _____________ attack, data that can modify how applications or services operate is downloaded (stored) onto the targeted server.
Persistent cross-site scripting
Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working?
Presentation
Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?
Procedure
Which of the following programs requires passing a standardized examination that is based upon a job-task analysis?
Professional Certification
Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking?
Project Initiation and Planning
Which of the following allows Wireshark to capture packets destined to any host on the same subnet or virtual LAN (VLAN)?
Promiscuous Mode
Which of the following does NOT offer authentication, authorization, and accounting (AAA) services?
Redundant Array of Independent Disks (RAID)
Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?
Risk Survey Results
What is NOT a symmetric encryption algorithm?
Rivest-Shamir-Adelman (RSA)
Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?
SOC 3
Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?
SQL Infection
In what type of attack does the attacker send unauthorized commands directly to a database?
SQL Infection
Which of the following allows valid SQL commands to run within a web form?
SQL Infection
Which of the following statements is true when using SSH to remotely access a Cisco router?
SSH encrypts the data transmission between the SSH client and the SSH host to maintain confidentiality
Barbara is investigating an attack against her network. she notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place?
Smurf
Which of the following statements is true regarding symmetric cryptography?
The sender and receiver use the same key to encrypt and decrypt a given message
Which of the following statements is true regarding guest users who require a higher degree of access?
These guest users can be issued local, self-signed certificates that expire on a specific date and limit the guest's access
Why do hackers often send zipped and encrypted files and attachments?
They cannot be opened by antivirus software and so they will often each the recipient
Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions?
Threat
Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?
Trojan Horse
A DOS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks. True or False
True
A salt value is a set of random characters you can combine with an actual input key to create the encryption key.
True
A substitution cipher replaces bits, characters, or blocks of information with other bits, characters, or blocks.
True
A successful business impact analysis (BIA) maps the context, the critical business functions, and the processes on which they rely. True False
True
Company-related classifications are not standard, therefore, there may be some differences between the terms "private" and "confidential" in different companies. True False
True
E-commerce systems and applications demand strict confidentiality, integrity, and availability (CIA) security controls. True or False
True
For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only and public domain categories.
True
Internet Small Computer System Interface (iSCSI) is a storage networking standard used to link data storage devices to networks using IP for its transport layer.
True
Metadata of Internet of Things (IoT) devices can be sold to companies seeking demographic marketing data about users and their spending habits. True or False
True
Rootkits are malicious software programs designed to be hidden from normal methods of detection. True or False
True
How many years of specialized experience are required to earn one of the Certified Information Systems Security Professional (CISSP) concentrations?
Two
Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?
Warm Site
In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?
Waterfall
Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating?
Whitelisting
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?
Whois