Chapters 1-4 Exam 67 Questions
Which one of the following is the best example of an authorization control?
Access control lists
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?
Address Resolution Protocol (ARP) poisoning
Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality?
Applying strong encryption
During what phase of a remote access connection does the end user prove his or her claim of identity?
Authentication
Which password attack is typically used specifically against password files that contain cryptographic hashes?
Birthday attacks
Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?
Business continuity plan (BCP)
What is NOT a common endpoint for a virtual private network (VPN) connection used for remote network access?
Content filter
Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices?
Data ownership
Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate?
Deidentification
Which one of the following is an example of a disclosure threat?
Espionage
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?
Evil twin
A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats.
False
Cryptography is the process of transforming data from cleartext into ciphertext.
False
The weakest link in the security of an IT infrastructure is the server.
False
Which compliance obligation includes security requirements that apply specifically to federal government agencies in the United States?
Federal Information Security Management Act (FISMA)
Which of the following is used to transfer files using the File Transfer Protocol (FTP) to and from the vWorkstation?
FileZilla
Which control is not designed to combat malware?
Firewalls
Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)?
Health monitoring
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?
Integrity
Which organization pursues standards for Internet of Things (IoT) devices and is widely recognized as the authority for creating standards on the Internet?
Internet Engineering Task Force
Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?
Interoperability
Which network device is capable of blocking network connections that are identified as potentially malicious?
Intrusion prevention system (IPS)
Which type of denial of service attack exploits the existence of software flaws to disrupt a service?
Logic attack
Which one of the following measures the average amount of time that it takes to repair a system, application, or component?
Mean time to repair (MTTR)
During the vulnerability assessment, any known vulnerabilities or bugs will be flagged and identified by:
Nessus
The _______________ report summary includes both a bar chart and a pie chart showing the distribution of vulnerability findings for each host.
Nessus
Which of the following interfaces enables you to scan several IP addresses at once or type in an IP address to create a simple scan of any machine?
Nessus
Which of the following performs remote scans and audits of UNIX, Windows, and network infrastructures and can perform a network discovery of devices, operating systems, applications databases, and services running on those devices?
Nessus
Which of the following allows analysts to view and analyze network packet traces?
NetWitness Investigator
What is NOT a commonly used endpoint security technique?
Network firewall
Which of the following work together to complete the scanning and vulnerability assessment phase of the ethical hacking process?
Nmap (Zenmap) and Nessus
What level of technology infrastructure should you expect to find in a cold site alternative data center facility?
No technology infrastructure
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?
Opportunity cost
Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?
Parallel test
Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court corder. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?
Passive wiretap
Which element of the security policy framework requires approval from upper management and applies to the entire organization?
Policy
Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?
Procedure
Which of the following allows Wireshark to capture packets destined to any host on the same subnet or virtual LAN (VLAN)?
Promiscuous mode
During which phase of a hacker's five-step approach does the hacker scan a network to identify IP hosts, open ports, and services enabled on servers and workstations?
Reconnaissance
Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining?
Recovery time objective (RTO)
Which formula is typically used to describe the components of information security risks?
Risk = Threat X Vunerability
Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?
Risk survey results
In which type of attack does the attacker attempt to take over an existing connection between two systems?
Session hijacking
As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?
Simulation test
Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a webbrowser. Which service delivery model is Kaira's company using?
Software as a Service (SaaS)
Who is responsible for hosting the CVE database listing web site, under contract with the Department of Homeland Security and the U.S. National Cyber Security Division?
The Mitre Corporation
Which term describes any action that could damage an asset?
Threat
A DOS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks.
True
Access control lists (ACLs) are used to permit and deny traffic in an IP router.
True
An alteration threat violates information integrity
True
For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only and public domain categories.
True
Metadata of Internet of Things (IoT) devices can be sold to companies seeking demographic marketing data about users and their spending habits.
True
Rootkits are malicious software programs designed to be hidden from normal methods of detection.
True
The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.
True
The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.
True
Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?
Typosquatting
Dawn is selecting an alternative processing facility for her organization's primary data center. she would like to have a facility that balances cost and switchover time. What would be the best option in this situation?
Warm site
Which of the following is a protocol analyzer tool (sometimes called a "packet sniffer") that is used to capture IP traffic from a variety of sources?
Wireshark
Which of the following is a graphical interface for Nmap that is typically used during the scanning phase of the ethical hacking process?
Zenmap
Which of the following is used to perform a scan of the network and create a network topology chart?
Zenmap
Most Linux interactions take place:
from the command line
Conducting a vulnerability scan on entire subnets:
is time consuming and noisy (making them easily detected).
The CVE listing is a database of:
known software vulnerabilities and exposures as well as how to mitigate them with software patches and updates.
To be effective, hackers and cybercriminals:
only need to know one vulnerability, or how to use one automated tool that attacks that vulnerability.
A successful _______________ assessment of a network is all about using the right tools to map the network and identify any vulnerabilities that can be the opening for a future attack.
scanning and vulnerability
You can limit the breadth and scope of a vulnerability scan by:
using a text file, which lists only the hosts you want to scan
Ethical hackers must obtain _________________ prior to performing a scanning and vulnerability assessment on a live production network.
written authorization from the client