Computer and Information Security Handbook
c.20 The cloning of cellular devices to utilize the network resources without paying; and cloning BSs to entice users to camp at the cloned BS in an attack, is called a:
False base station attack
c.9 What measures the strength of the fault tolerance mechanism in terms of the granularity at which it can handle errors and failures in the system?
Fault tolerance model
c.22 True or False? An optical fiber is a flexible, transparent fiber made of glass or plastic and is of a thickness comparable to fishing wire
TRUE
c.22 True or False? There are two types of fiber: SMF and MMF
TRUE
c.23 True or False? FSO uses optical pulse-modulated signals (light) to transmit data point to point
TRUE
c.23 True or False? Ring architecture is a blend of mesh and PTP.
TRUE
c.24 . True or False? In defining required skills for information security managers, the ISC has arrived at an agreement on 10 domains of information security that is known as the Common Body of Knowledge (CBK)
TRUE
c.24 True or False? Information security is a business problem in the sense that the entire organization must frame and solve security problems based on its own strategic drivers, not solely on technical controls aimed to mitigate one type of attack.
TRUE
c.24 True or False? Threats are exploited with a variety of attacks, some technical, others not so much.
TRUE
c.29 E. Tap 5. It is no coincidence that network penetration testers also conduct physical penetration tests for:
Companies
c.26 What increases the correctness and consistency of configuration information, speeds deployment processes, and supports a variety of other security-related activities such as IT audits?
Configuration management systems
c.22 What is the process of inserting a clip-on coupler
Correcting
c.12 True or False? Defending from network-borne attacks is arguably the least important aspect of UNIX security.
FALSE
c.12 True or False? Every listening port should not correspond to a necessary service that is well understood and securely configured.
FALSE
c.12 True or False? The architecture of UNIX operating systems is relatively difficult.
FALSE
c.13 True or False? A user can eavesdrop on a communications medium by connecting a receiver to the me
FALSE
c.13 True or False? Security analyses of systems traditionally begin with a model of the user.
FALSE
c.14 True or False? After infection, the bot starts up for the first time and attempts to contact its C&C server(s) in a process known as waiting
FALSE
c.14 True or False? Centralized botnets use a double entity (a host or a small collection of hosts) to manage all bot members.
FALSE
c.14True or False? A botnet is a collection of compromised Internet computers being controlled remotely by attackers for malicious and legal purpos
FALSE
c.15 True or false? While there are few risks in deploying mobile devices within the Intranet, with careful configuration these risks can be increased to the point where the myriad benefits outweigh the risks.
FALSE
c.16 True or false? During the final design phase of a network, the network architects assess the types of risks to the network as well as the costs of recovering from attacks for all of the resources that have been compromised.
FALSE
c.16 True or false? Most LANs are designed as collapsed backbone networks using a layer-1 or layer-4 switch.
FALSE
c.16 True or false? The LAN consists of a number of segments reflecting the network structure.
FALSE
c.16 True or false? The most trusted users belong to the Internet.
FALSE
c.17True or False? The WPA standard is aimed at providing a stronger security compared to WEP and is expected to tackle most of the weakness found in WEP.
FALSE
c.18 True or False? Although WSNs have gained little popularity, there are some serious limitations when implementing security
FALSE
c.18 True or False? Because of threats to the WSN, some portion of the network or some of the functionalities or services provided by the network could be damaged and available to participants of the network
FALSE
c.18 True or False? In WSNs, threats to privacy can be further classified into reconnaissance
FALSE
c.18 True or False? The man-in-the-middle attack is not one of the classical attacks that can be executed in a WSN environment.
FALSE
c.19 True or False? Both the business and technical literature often focus on two elements of the Cloud Security Alliancedthe things that are connected, and the Internet that interconnects them
FALSE
c.5 True or False? With taps, observing the behavior of a hacker on your network cannot be undertaken
FALSE
c.6 True or false? An OS is a hardware interface that is responsible for managing and operating hardware units, and assisting the user to use that unit.
FALSE
c.6 True or false? Android is an open-source mobile OS developed by Google and launched in 2000.
FALSE
c.6 True or false? Apple iOS is a closed-source code mobile phone OS developed by Apple in 2001 that is used by Apple-only products (iPhone, iPod, and iPad).
FALSE
c.7 True or False? A network intrusion is an authorized penetration of your enterprise's network, or an individual machine address in your assigned domain.
FALSE
c.7 True or False? Crackers are going to first look for known strengths in the operating system (OS) or any applications you are using.
FALSE
c.7 True or False? Finding a device, using it in a place (or manner) in which prying eyes can see passwords or data, awareness of hacking tools specifically designed to sniff wireless signals for data, and logging on to unsecured networks, are all potential problem areas with which users need to be familiar
FALSE
c.7 True or False? Most security software products available today have two basic methods of spotting malicious softwar
FALSE
c.8 True or False? In computer security, access control refers to mechanisms to allow users to perform functions up to their unauthorized level and restrict users from performing authorized functions
FALSE
c.8 True or False? Malicious software, or malware, is not an enormous problem for Internet users because of its variety and prevalence and the level of danger it presents
FALSE
c.8 True or False? Traditionally, attack methods do not follow sequential steps analogous to physical attacks.
FALSE
c.9 True or False? Byzantine faults do not lead system components to behave arbitrarily or maliciously during failure, causing the system to behave unpredictably incorrect.
FALSE
c.9 True or False? Crash faults do not cause system components to stop functioning completely or to remain inactive during failures (power outage or hard disk crash).
FALSE
c.9 True or False? Critical system components are duplicated using additional hardware, software, and network resources in such a way that a copy of critical components is available even before a failure happens
FALSE
c.9 True or False? The system is rarely monitored at runtime to validate, verify, and ensure that correct system specifications are being met
FALSE
c.9 True or False? The system state is captured and saved based on undefined parameters (after every 1024 instructions or every 60 s).
FALSE
c.23 In theory, what has great potential to become far more commonplace and enjoy much greater acceptance in the information technology community than is currently the case?
FSO
c.23 What devices boast speeds of up to 10 GB per second in an unhindered atmosphere?
FSO
c.5 The general preference in the security community is to conduct business from:
Linux
c.26 What term has been coined by IBM to denote computing systems that manage themselves?
. Autonomic computing
c.1 The NIST Framework refers to and builds on many of the principles of the:
. ISO/IEC 27001 standard
c.11 he login process is a system daemon that is responsible for coordinating the authentication and process setup for interactive users. To do this, the login process does the following, except which one?
. Present the user credential to only one of the configured user databases (typically these can be files, NIS, Kerberos servers, or LDAP directories) for authentication
c.15 What policy/procedure must be signed by new hires at orientation and by all employees who ask for access to the corporate VPN using mobile devices (even personal ones)?
. a customized corporate usage policy for mobile devices
c.27 What documents the processes, equipment, and facilities required to restore IT assets?
.Contingency plan development
c.23 . Microwave and RF antennas that are typically used to interconnect remote stations have a radial dispersion of:
5 to 25 degrees
c.17 What requires a trusted certificate server, where the public key is known to all valid nodes?
ARAN
c.6 What is a standard protocol that is responsible for converting the addresses of the network layer to the addresses of the data link layer?
ARP spoofing
c.2 What is the largest security-related organization in the world that focuses primarily on physical security, but has more recently started addressing computer security as well?
ASIS
c.12 What can be seen as another way to reduce the attack surface area?
Access control
c.7 A good IDS detects unauthorized intrusions using three types of models:
Anomaly based Signature based Hybrid detection
c.18 The middle layer provides one of the following for applications existing in the upper lay
Application Program Interface
c.13 A minimal communications service interface requires the following four primitives, except which one?
Clear
c.23 The larger the physicality of the surface area is, the greater is the area that needs protection from:
Attack
c.6 What is it called when authors are able to simulate an attack to subvert VM introspection?
Attacks from a VM
c.11 When a user is granted access to resources on a computing system, it is of vital importance to establish and verify the identity of the requesting entity. This process is commonly referred to as:
Authentication
c.7 For an IPS to be effective, it must also be very good at discriminating between a real threat signature and one that looks like but isn't one (false positive). Once a signature interpreted to be an intrusion is detected, the system must quickly notify the administrator so that the appropriate evasive action can be taken. The following are types of IPS, except one
Backdoor based
c.12 An additional source of audit trail data about system activity is the history logs kept by a login shell such as:
Bash
c.21What tags are available for the cheapest price, compared with symmetric key tags and public key tags?
Basic tags
c.10 The simple Base64 encoding can be decoded by anyone and must be treated as
Clear text
c.14 A collection of compromised Internet computers being controlled remotely by attackers for malicious and illegal purposes is known as a
Botnet
c.6 What kind of malware attacks the device by making a bot to control the device remotely by a remote user or a bot-master using a set of commands?
Botnet
c.27 What analyzes the impact of outage on critical business function operations?
Business impact analysis
c.20 What is a basic service in the circuit-switched domain? A. Secure on-demand routing protocol service
Caller delivery service
c.3 In essence, computer-based cryptography is the art of creating a form of communication that embraces the following precepts, except which two
Can be readily misunderstood by the intended recipients Can be understood by the unintended recipients
c.25 2. ____the contents of the system's memory?
Capture
c.3 What is known as the method of encryption?
Cipher
c.3 Decryption methods often rely on understanding the context of the:
Ciphertext
c.21 . What happens when counterfeiters forge RFID tags by copying the information from a valid tag or adding some well-formed format information to a new tag in the RFID system?
Counterfeiting
c.25 . _____a forensic image of the system's hard drive
Create
c.14 er 2. The botmaster develops his/her bot software, often reusing existing code and adding custom features. This i known as:
Creation
c.18 What occurs when an attacker floods the victim with bogus or spoofed packets with the intent of lowering the response rate of the victim
Denial-of-service attack
c.17 re Efficient Ad hoc Distance (SEAD) vector routing is a design based on a:
Destination-Sequenced Distance Vector (DSDV) routing
c.19 What includes generic security capabilities that are independent of applications
Device layer
c.19 What is known as device discovery, authentication, remote device activation and deactivation, configuration, diagnostics, firmware and/or software updating, and device working status management?
Device management
c.25 ____what is on the screen by photographing it
Document
c.2 Just as implementing a robust, secure environment is a dynamic process, creating a highly skilled staff of security professionals is a:
Dynamic process
c.1 True or False? Perhaps the least difficult challenge is the general attitude about security within the organization.
FALSE
c.11 True or False? For any interactive session, Linux systems require the user to log into the system.
FALSE
c.11 True or False? UNIX was originally created as a singleuser system
FALSE
c.12 Information is vulnerable as it flows across the network, unless it is:
Encrypted
c.22 Sensitive data should always be ________ to protect the data in the event an attacker gains access to the data.
Encrypted
c.8 What is another obvious concealment method?
Encryption
c.1 True or False? Corporate systems were not designed for performance, but for security.
FALSE
c.1 True or False? Information security, unlike most other business processes, depends heavily on classical risk assessment: knowing what can go wrong, how likely it is to happen, and what you might be able to do about it.
FALSE
c.19 True or False? Given the complexity of an IoT, it is not useful to have an architecture that specifies the main elements and their interrelationship
FALSE
c.2 True or False? As though employees' desire to share data is not enough of a threat to proprietary information, many business professionals want access to data from anywhere they work, on a variety of devices.
FALSE
c.2 True or False? For most organizations, the cost of creating a weak security posture is seen as a necessary evil, similar to purchasing insurance.
FALSE
c.20True or False? It would seem that attacks on the radio access network could not easily happen, because anyone with a transmitter/receiver could capture these signals
FALSE
c.21 True or False? Currently, because different frequencies are used for RFID systems in various countries and many standards are adopted for different kinds of application, there is an agreement on a universal standard that is accepted by all parties.
FALSE
c.22 True or False? As a light ray passes from one transparent medium to another, it does not change direction; this phenomenon is called refraction of dark
FALSE
c.22 True or False? Optical networks are not vulnerable to attacks based on the people who have access to the equipment and whether their curiosity to "tap" into the data supersedes their job function
FALSE
c.22 True or False? The refractive index is less than the speed of light in a vacuum (abbreviated c, c ¼ 299,792.458 km/s) divided by the speed of light in a material (abbreviated v).
FALSE
c.23 True or False? In mesh architecture, every other node is connected to every other node in a mesh-like lattice work of connections
FALSE
c.23 True or False? It is not common knowledge that radiofrequency transmissions are easily intercepted and that the technology of securing the transmissions can, if secured at all, usually be circumvented given enough time and effort.
FALSE
c.23 True or False? Most devices are not designed with movement-handling capabilities
FALSE
c.24 True or False? Information security management as a field is ever decreasing in demand and responsibility because most organizations spend increasingly larger percentages of their IT budgets in attempting to manage risk and mitigate intrusions, not to mention the trend in many enterprises of moving all IT operations to an Internet-connected infrastructure, known as enterprise cloud computing
FALSE
c.24 True or False? Threats to information systems come in many flavors, some with malicious intent, others with supernatural powers or expected surprises.
FALSE
c.25 True or False? Each organization should not develop a company policy detailing the preferred use of company data or company software
FALSE
c.25 True or False? The act of securing information has not been around for as long as the idea of storing information
FALSE
c.26 True or False? IT systems are not traditionally structured according to several architecture layers, each layer offering a number of security capabilities that can support organizations in reaching desired security objectives
FALSE
c.26 True or False? Policy-driven system management or policy-based management (PBM) is a research domain that aims to automatize the management of smallscale computing systems
FALSE
c.26 True or False? The approach of PBM naturally leads to a so-called policy continuum, a hierarchy of policies that are subject to the same abstraction levels.
FALSE
c.27 True or False? Security policies and procedures do not constitute the main part of any organization's security.
FALSE
c.27 True or False? Top management does not have an important role in protecting the information assets in an organization.
FALSE
c.27 True or False? Various security-related roles do not need to be maintained and well defined
FALSE
c.28 . True or False? The standard use of a FIN packet is to not terminate the TCP connection typically after the data transfer is complete
FALSE
c.28 True or False? The Nmap main page is described as an exploration tool and port scanner
FALSE
c.28 True or False? The decoy host command is not especially useful while testing IDS/IPS
FALSE
c.28 True or False? Zombie hosts are those controlled by others on the network.
FALSE
c.29 True or False? Layer 3 is physical interaction, and covers how to conduct oneself with physical security in mind
FALSE
c.3 True or False? Cryptography is built on one overarching premise: the need for a cipher that can be used reliably and portably to encrypt text so that through any means of cryptanalysis (differential, deductive, algebraic, or the like) the ciphertext can be undone with any available technology.
FALSE
c.3 True or False? For most information technology occupations, knowledge of cryptography is a large part of a broader skill set and is generally limited to relevant applications
FALSE
c.3 True or False? In effect, the Vernam stream cipher and "one-time pad" ciphers are different; in fact, Vernam later coinvented it
FALSE
c.4 True or False? Identity theft management begins with the core security entry points a person or process must go through using authentication, authorization, and account provisioning.
FALSE
c.5 True or False? Once an intruder is aware he is being watched, he may begin to deploy forensic countermeasures, or worse, may begin to take hostages; that is, he may decide to deploy ransomware across your network.
FALSE
c.5 True or False? The data with the least greatest usefulness to network security monitoring (NSM) are packet data.
FALSE
c.11 What allows for the loading of additional drivers for file systems?
File systems in user space
c.22 To analyze forms such as a digital square wave, mathematics conceptualizes in the process of
Fourier analysis
c.5 . For most of your encryption needs, at least where attachments are concerned, many security professionals choose:
GNU privacy guard
c.19 What supports a variety of device access technologies, enabling devices to communicate with each other and across an Internet or enterprise network with IoT applications?
Gateway
c.5 What is an encryption suite that you can install at the command line?
GnuPG
c.12 The UNIX group mechanism allows for a single user to belong to one or more:
Groups
c.1 Perhaps the leading example of risk management applied to information security is the:
ISO/IEC 27001 standard
c.27 Who is responsible for building IT security controls into the design and implementations of the systems?
IT personnel
c.2 Once threats and risks are identified, you can take one of four steps, except which of the following?
Identify the risk.
c.24 What describes activities such as theft of trade secrets, bribery, blackmail, and technological surveillance as well as spying on commercial organizations and sometimes governments?
Industrial espionage
c.27 Who is responsible for ensuring that the information security policies and procedures have been adhered to
Information system auditors
c.2 Many businesses believe that if they purchase enough equipment, they can create a secure:
Infrastructure
c.20 What introduces the biggest threat to the security of cellular networks?
Internet connectivity
c.28 . Discover network interconnection and configuration, and look for network vulnerabilities:
Reconnaissance
c.8 what can be a Trojan horse or other form of malware?
Keylogger
c.26 What makes it impractical to specify policies for individual system elements?
Larger systems
c.16 Some common malicious attacks on networks include the following, except which one?
MAC address spoofing
c.11 What was introduced to simplify the administration of small groups of computers?
NIS
c.1 Another very useful construct for addressing data security is provided by the
NIST Framework
c.20. Cellular networks are organized as collections of interconnected:
Network Areas
c.19 What performs two basic functions?
Network layer
c.8 If an intruder has installed malware for covert control, he/she will want to conceal the communications between him- or herself and the compromised target from discovery by:
Network-based IDS
c.28 Removal and/or alteration of data, installing "backdoors," and hiding the tracks of attack activities is known as
Operational attacks
c.10 The identity management community created a number of patterns that allow not only simple authentication,but also advanced patterns including the following, except which two?
Other patterns such as privacy preserving authentication and authorization SAML authentication token
c.13 . What is technically not part of the Internet architecture per se?
PHY Layer
c.18 In what type of attack is the attacker is able to intercept and monitor data between communicating nodes, but does not tamper or modify packets for fear of raising suspicion of malicious activity among the nodes
Passive attack
c.29 A computer "knows" a network by two things: the network SSID (its name) and the:
Password
c.9 What factor deals with the impact of the fault tolerance procedure on the end-to-end QoS during both failure and failure-free periods?
Performance
c.24 What is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication?
Phishing
c.13 hat is a request/response protocol designed to determine the reachability of another IP address?
Ping
c.23 What architecture comes in two flavors: PTP and PMP?
Point-to-point
c.22 The circuits that link layer 1 traffic may be presented as:
Point-to-point (PTP)
c.26 What requires a set of common functionalities related to the creation, storage, distribution, and enforcement of policies?
Policy-based systems
c.17 . Personal deployment of WPA adopts a simpler mechanism, which allows all stations to use the same key. This mechanism is called the
Pre-Shared Key (PSK) mode
c.17 . What is a secure routing protocol for an ad hoc network building based on link state protocols?
Preauthentication protocol
c.24 What requires that an individual, program, or system process is not granted any more access privileges than are necessary to perform the task?
Principle of Least Privilege
c.2 Arguably one of the best ways to determine whether an employee has a strong grasp of information security concepts is if she or he can achieve Certified Information Systems Security Professional (CISSP) certification. Candidates for this certification are tested on their understanding of the following knowledge domains, except which one
Proprietary information
c.13 The Internet supports message exchange through a mechanism called:
Protocols
c.10 What can usually make use of operating or runtime systems certificate stores in a very efficient way
REST client libraries
c.19 What is an example of a radio frequency?
RFID tag
c.14 After infection, the bot starts up for the first time and attempts to contact its C&C server(s) in a process known as:
Rallying
c.1 The ultimate exercise in planning for security is essentially about
Risk management
c.4 What methodology process focuses on granting appropriate system and data access to users based on their predefined business or organizational role in the system?
Role-based security access
c.8 A stealthy type of malicious software (malware) designed to hide the existence of certain processes or programs from normal methods of detection is known as a:
Rootkit
c.10 SOAP services are built around the concept of a:
SOAP envelope
c.15 Back-end enterprise network infrastructure support has to be ready and has to be strong to handle mobile devices interacting with:
SSL VPNs
c.5 The work of an intrusion detection analyst must, above all things, include 100%:
Secure communications
c.4 When you are entering your username, password, or other validation data during authentication, you want to make sure no one is spying on your information transmitted to the system by encrypting or hashing the data entered into data fields. This is called
Secure encryption
c.11 The most sensible alternative to traditional interactive session protocols such as Telnet is the:
Secure shell (SSH) system
c.26 An important aspect in the design and implementation of a secure information system is the correct consideration of:
Security principles
c.4 Personal question information you were either required or volunteered to enter into the system while creating the account or during security validations are:
Security questionnaires
c.17 What are low-end devices with very limited resources, such as memory, computation power, battery, and network bandwidth?
Sensor nodes
c.5 SO is capable of operating in a number of different server/sensor configurations, in which one server serves as the "master" server, and then additional servers are deployed to serve as:
Sensors
c.20 The core network is facilitated by network servers, which are also called?
Service Nodes
c.29 One way to "fingerprint" emails at a cursory level is to enforce the uniqueness of
Signatures
c.24 The art of manipulating people into performing actions or divulging confidential information is known as:
Social engineering
c.6 The CSP provides software to the user, and that software is running and deployed on a cloud infrastructure. What is this called?
Software as a service
c.24 What is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages, many of which contain hoaxes or other undesirable contents such as links to phishing sites?
Spamming
c.21 Besides the four basic types of attack (counterfeiting, sniffing, tracking, and DoS) in real-world applications, other threats exist to RFID systems, such as:
Spoofing
c.22 What type of waves inherits its own set of difficulties when being sent at high frequencies (such as would be when transmitted over fiber)?
Square
c.3 One method of teasing out the frequency patterns is through the application of some sort of mathematical formula to test a hypothesis against reality. What test is perhaps one of the most commonly used?
Statistical test
c.13 A report of diagnostic and performance information about underlying communications is known as a
Status primitive
c.21 What can provide security for RFID systems but is more suitable for implementation in a closed environment?
Symmetric key cryptography
c.21What uses a single key to perform both encryption and decryption?
Symmetric key cryptography
c.12 Even after hardening a UNIX system with restrictive user permissions and ACLs, it is important to maintain logs of:
System activity
c.27 Who is responsible for configuring the hardware and the operating system to ensure that the information systems and their contents are available for business as and when needed?
Systems administrator
c.28 The port scanning technique is used to discover open _______ ports.
TCP
c.28 The three-way TCP handshake is established during which of the TCP scanning sessions?
TCP connect()
c.1 True or False? The information security function is more central to preserving corporate value than ever
TRUE
c.1 True or False? There is no such thing as perfect information security
TRUE
c.10 True or False? It should be noted that since WSSecurity is only tied to the SOAP messaging structures, it is completely transport independent and can therefore be used over the SOAP HTTP binding, but also with any other form of SOAP transport.
TRUE
c.10 True or False? Most modern operating systems support IBAC-based access control for file systems access and other security related functions.
TRUE
c.10 True or False? Since HTTP services implementing a REST architectural style (often called "REST Services") are simply using the HTTP stack, all security aspects of HTTP apply.
TRUE
c.10 True or False? Since web services are intended to implement a distributed architecture, it becomes very important to manage the identities of the participating actors: different systems implementing the services or the clients need to fully understand who they are interacting with in order to make access control decisions that are consistent with the security policies for the systems.
TRUE
c.10 True or False? The development of a distributed hypertext system in the early 1990s at the CERN in Switzerland was one of the defining moments in making the Internet available to an audience beyond academia and specialized communities
TRUE
c.11 True or False? Achieving a high level of system security for UNIX system is a complex process that involves technical, operational, and managerial aspects of system operation
TRUE
c.11 True or False? The superuser has almost unlimited power on a UNIX system, which can be a significant problem
TRUE
c.11 True or False? UNIX security has a long tradition, and although many concepts of the earliest UNIX systems still apply, a large number of changes have fundamentally altered the way the operating system implements these security principles.
TRUE
c.12 True or False? The first step in reducing an attack surface is to disable unnecessary services provided by a server.
TRUE
c.12 True or False? UNIX is a brand and an operating system specification.
TRUE
c.13 True or False? Practical solutions addressing Byzantine failures fall largely within the purview of platform rather than network architecture, although the interconnectivity topology is an important consideration.
TRUE
c.13 True or False? Since communication is an extremely complex activity, it should come as no surprise that the system components providing communication decompose into modules.
TRUE
c.13 True or False? The Internet was designed to create standardized communication between computers.
TRUE
c.14 True or False? The attacker exploits a vulnerability in a running service to automatically gain access and install his software without any user interaction.
TRUE
c.14True or False? The person controlling a botnet is known as the botmaster or bot-herder
TRUE
c.15 True or false? In the corporate context, microblogging entails sending SMS messages to apprise colleagues of recent developments in the daily routine
TRUE
c.15 True or false? Many risks need to be resolved when approaching intranet security concerning mobile devices.
TRUE
c.15 True or false? Mobile devices accessing enterprise intranets using VPNs have to be subject to the same factors as any other device remotely accessing VPNs
TRUE
c.15 True or false? Popular devices like the iPad, Samsung Galaxy Android tablet, and many types of smartphones are capable of accessing company intranets using customized intranet apps.
TRUE
c.16 True or false? The fundamental goals of security policy are to allow uninterrupted access to network resources for authenticated users and to deny access to unauthenticated users.
TRUE
c.17 True or False? Cellular networks require fixed infrastructures to work.
TRUE
c.17 True or False? WEP is designed to protect linkage-level data for wireless transmission by providing confidentiality access control, and data integrity, to provide secure communication between a mobile device and an access point in a 802.11 wireless LAN.
TRUE
c.17 True or False? Wireless ad hoc networks are distributed networks that work without fixed infrastructures and in which each network node is willing to forward network packets for other network nodes.
TRUE
c.17 True or False? Wireless networks are a general term to refer to various types of networks that communicate without the need of wire lines
TRUE
c.18 True or False? WSNs operate in a resource-constrained environment and therefore deviate from the traditional OSI model.
TRUE
c.19 True or False? It is the fourth generation of the Internet that is usually thought of as the IoT, and which is marked by the use of billions of embedded devices
TRUE
c.19 True or False? The IoT is primarily driven by deeply embedded devices.
TRUE
c.19 True or False? The unique aspect of an IoT, compared to other network systems, is the presence of a number of physical things and devices other than computing or data processing devices
TRUE
c.2 True or False? In addressing the security needs of an organization, it is common for professionals to succumb to some common misconceptions.
TRUE
c.2 True or False? Many businesses believe that if they purchase enough equipment, they can create a secure infrastructure
TRUE
c.2 true or False? By its very nature, security is inconvenient, and the more robust the security mechanisms are, the more inconvenient the process becomes.
TRUE
c.20. True or False? Cellular networks are high-speed, highcapacity voice and data communication networks with enhanced multimedia and seamless roaming capabilities for supporting cellular devices.
TRUE
c.20. True or False? Internet connectivity introduces the biggest threat to the security of cellular networks.
TRUE
c.20. True or False? The current cellular network is an evolution of the early-generation cellular networks that were built for optimal performance.
TRUE
c.20. True or False? Though the current generation of a cellular network has seen many security improvements in the radio access network, the security of the core network is not as improved.
TRUE
c.21 True or False? Another main issue of concern in deploying RFID systems is the sniffing problem
TRUE
c.21 True or False? Data carriers attached to objects are called RFID tags.
TRUE
c.21 True or False? Increasingly more companies and organizations have begun to use RFID tags rather than traditional bar codes because RFID systems have many advantages over traditional bar code systems
TRUE
c.21 True or False? RFID tags can be classified into three categories based on the equipped computation power: basic, symmetric key, and public key.
TRUE
c.25 True or False? All personnel who come into contact with information systems need to be aware of the risks from improper use of those systems
TRUE
c.25 True or False? To give organizations a starting point to develop their own security management systems, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) developed a family of standards known as the Information Security Management System-27,000 Family of Standards
TRUE
c.25 True or False? Training should include creating company security policies and creating user roles that are specific to the organization
TRUE
c.26 True or False? Generally speaking, a policy is a definite goal, course, or method of action to guide and determine present and future decisions.
TRUE
c.26 True or False? Security management as performed today involves a variety of stakeholders with different job functions, expertise, and objectives, and using different tools and terminology.
TRUE
c.27 True or False? End users have a responsibility to protect information assets on a daily basis through adherence to the security policies that have been set and communicated
TRUE
c.27 True or False? The security officer directs, coordinates, plans, and organizes information security activities throughout the organization.
TRUE
c.28 True or False? Network mapping is the process of discovering information about the topology of the target network, thus finding the IP addresses of gateways, routers, email, web, FTP servers, and database servers.
TRUE
c.29 True or False? Email from friends, business associates, colleagues, and family members are all exploitable avenues of ingress.
TRUE
c.29 True or False? From complex to simple, reciprocation and obligation (vulnerabilities) depend on the basic goodness inherent in human nature.
TRUE
c.29 True or False? Mob rule is a unique engineering feat and typically will require one or more "shills" who are in on it.
TRUE
c.29 True or False? Small concessions on the part of the SE lead to larger concessions on the part of the victim.
TRUE
c.3 . True or False? DES used a 64-bit block cipher combined with a mode of operation based on cipher-block chaining (CBC) called the Feistel function.
TRUE
c.3 True or False? The cryptography selection process is documented in the system development life cycle (SDLC) model.
TRUE
c.4 True or False? It is important to have a strong password policy rule set to prevent brute force attacks into your login pages.
TRUE
c.4 True or False? To begin verifying you are you in the digital computer landscape, the beginning process of authentication is required
TRUE
c.4 True or False? URL designations on your browser such as https:// (it is important to note the "s") identify that the site to which you are going is currently a trusted channel of communication
TRUE
c.4 True or False? Verifying a user or host identity authenticity requires validation controls to stay ahead of challenges.
TRUE
c.5 True or False? Email from friends, business associates, colleagues, and family members are all exploitable avenues of ingress.
TRUE
c.5 True or False? The world of security is characterized by skeptical, hyperparanoid, critical, reality-seeking, hands-on professionals.
TRUE
c.6 True or false? Symbian OS is an open-source mobile OS written in C++ programming language developed by Symbian Ltd. in 1977 and used by mostly Nokia phones.
TRUE
c.6 True or false? The cost-effectiveness and capabilities offered by cloud computing are in fact the major encouraging factors that attract the attention of many organizations and academic entities.
TRUE
c.7 True or False? In some cases, a network intrusion could be done from the inside by a disgruntled employee looking to hurt the organization or steal company secrets for profit.
TRUE
c.8 True or False? The basic idea behind the defense-indepth strategy is to hinder the attacker as much as possible with multiple layers of defense, even though each layer might be surmountable
TRUE
c.8 True or False? Traditional network attacks can be viewed as an "active" approach in which the attacker
TRUE
c.29 Spear-phishing and whale-phishing are more:
Targeted
c.18 What allows organizations to reason about attacks at a level higher than a simple list of vulnerabilities?
Taxonomy
c.6 . Who uses stolen data or identities to obtain an income?
Thieves
c.18 Which of the following is responsible for flow and congestion control?
Transport Layer
c.8 What is a commonly used method to place packets of one protocol into the payload of another packet
Tunneling
c.25 ____the computer?
Turn off
c.9 How many replicas of an application can be placed on hosts belonging to different clusters in the same data center (on hosts that are connected via a ToR switch and AggS)?
Two
c.9 How many replicas of an application can be placed on hosts belonging to different data centers (connected via a switch), AggS and AccR?
Two
c.9 How many replicas of an application can be placed on hosts that are connected by a ToR switch (within a LAN)?
Two
c.4 A device, an interface, biometric security, location information, are past behavioral responses that give additional security validation to the process are known
Two- or multiple-factor authentication
c.25 E. All of the above 5. Devices that can be used to copy proprietary company data off the internal network are known as
USB storage
c.3 The amount of ciphertext needed to break a cipher successfully is known as:
Unicity distance
c.7 The latest trend to emerge in the network intrusion prevention arena is referred to
Unified threat management
c.4 Your first-level key of authentication usually consists of:
Username Password
c.10 WS-Security25 (often abbreviated WSS) defines a Header extension to provide a number of features for SOAP-based messages, except which two?
WS-security can be combined with the security mechanisms of the underlying transport security. WS-security leverages the XML encryption and signature standards.
c.14 aving joined the C&C network, the bot waits for commands from the botmaster. This is known as:
Waiting
c.29 In what type of phishing is the targeted employee the one with access to bank account passwords and tokens and/or classified information, such as contact lists and sales projections?
Whale-phishing
c.7 You can expect to have continued problems maintaining good network security awareness. Keep it simple. You need to draft some policies that define your network and its basic architecture. A good place to start is by asking the following questions, except which one?
Will internal users be accessing the network and if so how many
c.7 Which devices can locate wireless signals within a certain range, where they can siphon off the data being transmitted over the signals
Wireless sniffers
c.1 There are hundreds of ways to take a reading on your company's existing security processes, but there is one aspect of this effort that bears special emphasis:
You shouldn't do it yourself
c.14 Once a victim machine becomes infected with a bot, it is known as a
Zombie
c.15 The intranet, as just a simple place to share files and list a few policies and procedures, has ceased to be. The types of changes can be summed up in the following list of features, which shows that the intranet has become a combined portal as well as a public dashboard. Some of the features include the following, except which one?
a corporate personnel directory of phone numbers by department
c.16 IDSs perform the following critical functions, except which one?
can trace the mobile hardware industry
c.16 IDSs perform the following functions, except which one?
customize the availability of "apps" (applications)
c.28 TCP SYN scanning is also known as
half open
c.16 The following points should be noted about NIDS, except which one
inbound and outbound NIDS malware scanning
c.15 The millennial generation is more familiar with:
mobile technology
c.16 The critical functions of a good security policy include the following, except which one?
monitor and analyze user and system activities
c.15 Intranet security P&Ps are:
the first step toward a legal regulatory framework