cybersecCourse
Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs?
Collaboration
In an accreditation process, who has the authority to approve a system for implementation?
Authorizing official (AO)
Which one of the following is NOT an area of critical infrastructure where the Internet of Things (IoT) is likely to spur economic development in less developed countries?
E-commerce
Which one of the following is an example of a direct cost that might result from a business disruption?
Facility repair
Often an extension of a memorandum of understanding (MOU), the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets.
False
Which network device is capable of blocking network connections that are identified as potentially malicious?
Intrusion prevention system (IPS)
Which regulatory standard would NOT require audits of companies in the United States?
Personal Information Protection and Electronic Documents Act (PIPEDA)
Which term describes any action that could damage an asset?
Threat
A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match.
True
In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?
Correspondent node (CN)
Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?
Crossover error rate (CER)
Certification is the formal agreement by an authorizing official to accept the risk of implementing a system.
False
Cryptography is the process of transforming data from cleartext into ciphertext.
False
During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system.
False
Passphrases are less secure than passwords.
False
Regarding the Internet of Things (IoT), a business involved in utilities, critical infrastructure, or environmental services can benefit from traffic-monitoring applications.
False
Temporal isolation is commonly used in combination with rule-based access control.
False
The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios.
False
The four central components of access control are users, resources, actions, and features.
False
The four main types of logs that you need to keep to support security auditing include event, access, user, and security.
False
The main difference between a virus and a worm is that a virus does not need a host program to infect.
False
The number of failed logon attempts that trigger an account action is called an audit logon event.
False
User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity.
False
Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP).
False
With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network?
Home agent (HA)
When should an organization's managers have an opportunity to respond to the findings in an audit?
Managers should include their responses to the draft audit report in the final audit report.
Which one of the following is an example of a reactive disaster recovery control?
Moving to a warm site
Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?
Passive wiretap
Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?
Report writing
Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?
Risk survey results
Which intrusion detection system strategy relies upon pattern matching?
Signature detection
As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?
Simulation test
Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?
Standard
Which one of the following principles is NOT a component of the Biba integrity model?
Subjects cannot change objects that have a lower integrity level.
Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions?
Threat
Common methods used to identify a user to a system include username, smart card, and biometrics.
True
The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services.
True