Cybersecurity midterm review
What is meant by digital subscriber line (DSL)? -A term used to describe the confidentiality, integrity, and availability of data on handheld devices used by mobile workers such as cell phones, smartphones, PDA devices, laptops, and netbooks. -A high-speed digital broadband service that uses copper cabling for Internet access. -A switch used by the phone company to connect digital circuits and phone calls. -The sharing of the same 4-pair, unshielded twisted-pair cabling and 100 Mbps or GigE LAN switch connections. Workstations plug into IP phones sharing the same physical cabling. Commingled voice and data IP traffic traverses the shared workstation cabling. Separate voice and data VLANs segment traffic within the wiring closet and building backbone networks.
A high-speed digital broadband service that uses copper cabling for Internet access
what is meant by standard? -Recorded information from system events that describes security-related activity. -A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization. -The formal acceptance by the authorizing official of the risk of implementing the system. -A benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products.
A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization.
Which of the following is the definition of netcat? -An e-mail or instant-message spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. -The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer. -Software designed to infiltrate one or more target computers and follow an attacker's instructions. -A network utility program that reads from and writes to network connections.
A network utility program that reads from and writes to network connections
What is meant by firewall? -A network utility program that reads from and writes to network connections. -A program or dedicated hardware device that inspects network traffic passing through it and denies or permits that traffic based on a set of rules you determine at configuration. -An e-mail or instant-message spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. -A type of attack in which the attacker takes control of a session between two machines and masquerades as one of them.
A program or dedicated hardware device that inspects network traffic passing through it and denies or permits that traffic based on a set of rules you determine at configuration.
What is meant by authorizing official (AO)? -An individual to enact changes in response to reported problems. -The process of managing changes to computer/device configuration or application software. -A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization. -A senior manager who reviews a certification report and makes the decision to approve the system for implementation.
A senior manager who reviews a certification report and makes the decision to approve the system for implementation.
How is decentralized access control defined? -A database made up of rules that determine individual users’ access rights. -A system that puts access control into the hands of people such as department managers who are closest to system users; there is no one centralized entity to process access requests in this system. -An authentication method in which a user is authenticated at multiple times or event intervals. -Two or more people working together to violate a security policy.
A system that puts access control into the hands of people such as department managers who are closest to system users; there is no one centralized entity to process access requests in this system.
What is meant by rootkit? -An attack in which the attacker gets between two parties and intercepts messages before transferring them on to their intended destination. -Unwanted e-mail or instant messages. -An attack in which one user or computer pretends to be another user or computer. -A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised
Which of the following adequately defines continuous authentication? -A mechanism that limits access to computer systems and network resources. -A property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object’s classification. -Optional conditions that exist between users and resources. They are permissions granted to an authorized user, such as read, write, and execute. -An authentication method in which a user is authenticated at multiple times or event intervals.
An authentication method in which a user is authenticated at multiple times or event intervals
Which of the following adequately defines continuous authentication? -A mechanism that limits access to computer systems and network resources. -An authentication method in which a user is authenticated at multiple times or event intervals. -Optional conditions that exist between users and resources. They are permissionsgranted to an authorized user, such as read, write, and execute. -A property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object’s classification.
An authentication method in which a user is authenticated at multiple times or event intervals.
Which of the following adequately defines continuous authentication? -An authentication method in which a user is authenticated at multiple times or event intervals. -Optional conditions that exist between users and resources. They are permissionsgranted to an authorized user, such as read, write, and execute. -A mechanism that limits access to computer systems and network resources. -A property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object’s classification.
An authentication method in which a user is authenticated at multiple times or event intervals.
Which of the following describes an asynchronous token? -An authentication token used to process challenge-response authentication with a server. It takes the server requests challenge value and calculates a response. The user enters the response to authenticate a connection. -Associating actions with users for later reporting and research. -An authentication method that uses only a single type of authentication credentials. -An authentication method that uses two types of authentication credentials.
An authentication token used to process challenge-response authentication with a server. It takes the server requests challenge value and calculates a response. The user enters the response to authenticate a connection.
Which of the following is the definition of anomaly-based IDS? -The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running. -An intrusion detection system that compares current activity with stored profilesof normal (expected) activity. -An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders. -Using tools to determine the layout and services running on an organization’s systems and networks.
An intrusion detection system that compares current activity with stored profilesof normal (expected) activity.
Which of the following is the definition of pattern-based IDS? -An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders. -Software and devices that assist in collecting, storing, and analyzing the contents of log files. -A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets. - The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.
An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.
Which of the following is the definition of false negative? -A method of security testing that isn’t based directly on knowledge of a program’sarchitecture. -The process of gathering the wrong information. -Analysis of activity as it is happening. -Incorrectly identifying abnormal activity as normal.
Incorrectly identifying abnormal activity as normal.
_________ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies. -real-time monitoring -SAS 70 -white-box testing -gray box testing
SAS 70
In a ________, the attacker sends a large number of packets requesting connections to the victim computer. -SYN flood -dictionary password attack -brute-force password attack -masquerade attack
SYN flood
What is meant by gray-box testing? -Security testing that is based on limited knowledge of an application’s design. -A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets. -Any activities designed to reduce the severity of a vulnerability or remove it altogether. -Analysis of activity as it is happening
Security testing that is based on limited knowledge of an application’s design.
What is a Security Information and Event Management (SIEM) system? -Software and devices that assist in collecting, storing, and analyzing the contents of log files. -An intrusion detection system that compares current activity with stored profilesof normal (expected) activity. -Security testing that is based on knowledge of the application’s design and source code. -An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.
Software and devices that assist in collecting, storing, and analyzing the contents of log files.
What is meant by promiscuous mode? -An attack method that takes all the words from a dictionary file and attempts to log on by entering each dictionary entry as a password. -A software program that enables a computer to monitor and capture network traffic, including passwords and data. -An event that results in a violation of any of the C-I-A security tenets. -The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.
The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer
Which of the following is the definition of system owner? -The individual or team responsible for performing the security test and evaluation for the system, and for preparing the report for the AO on the risk of operating the system. -A benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products. -Fixing something that is broken or defective, such as by addressing or removing vulnerabilities. -The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO.
The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO.
Which of the following is the definition of hardened configuration? -A method of security testing that isn’t based directly on knowledge of a program’sarchitecture. -Using tools to determine the layout and services running on an organization’s systems and networks. -The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running. -Incorrectly identifying abnormal activity as normal.
The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.
what is meant by certification? -A strategy to minimize risk by rotating employees between various systems or duties. -A group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies. -The technical evaluation of a system to provide assurance that you have implemented the system correctly. -The formal acceptance by the authorizing official of the risk of implementing the system.
The technical evaluation of a system to provide assurance that you have implemented the system correctly.
Which of the following defines network mapping? -A method of security testing that isn’t based directly on knowledge of a program’sarchitecture. -The standard by which your computer or device is compared to determine if it’s securely configured. -Using tools to determine the layout and services running on an organization’s systems and networks. -A process of finding the weaknesses in a system and determining which places may be attack points.
Using tools to determine the layout and services running on an organization’s systems and networks.
Audio conferencing is a software-based, real-time audio conference solution for ________ callers. -voice -analog -power over ethernet; PoE -VoIP
VoIP
What term is used to describe associating actions with users for later reporting and research? -event-based synchronization system -ownership -accountability -constrained user interface
accountability
A security awareness program includes ________. -all of the above -teaching employees about security objectives -informing users about trends and threats in society -motivating users to comply with security policies
all of the above
Audits are necessary because of ________. -mandatory regulatory compliance -all of the above -potential liability -negligence
all of the above
The formal process of monitoring and controlling risk focuses on _____________ new risks. -analyzing -identifying -all of these answers are correct -tracking previously identified
all of these answers are correct
How often should an organization perform a risk management plan? -when a risk is identified -biannualy -annually -every couple of years
annually
___________ are the benchmarks that help make sure a minimum level of security exists across multiple applications of systems and across different products. -functional policies -policies -baselines -assets
baselines
The total number of errors divided by the total number of bits transmitted is the definition of __________. -bit error rate -session initiation protocol (SIP) -protocol convergence -committed information rate (CIR)
bit error rate
The total number of errors divided by the total number of bits transmitted is the definition of __________. -bit error rate -session initiation protocol; SIP -protocol convergence -committed information rate; CIR
bit error rate
A ___________ gives priorities to the functions an organization needs to keep going. -business continuity plan; BCP -business impact analysis; BIA -disaster recover plan; DRP -recovery time objective; RTO
business continuity plan (BCP)
A ___________ gives priorities to the functions an organization needs to keep going. -recovery time objective; RTO -business impact analysis; BIA -business continuity plan; BCP -disaster recovery plan; DRP
business continuity plan (BCP)
What term is used to describe streamlining processes with automation or simplified steps? -protocol convergence -business process engineering -convergence -security operations and administration
business process engineering
The requirement to keep information private or secret is the definition of __________. -cryptography -encryption -confidentiality -cybsecurity
confidentiality
The requirement to keep information private or secret is the definition of __________. -cryptography -encryption -cybersecurity -confidentiality
confidentiality
The process of managing the baseline settings of a system device is called ________. -baseline -sprint -guideline -configuration control
configuration control
Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures. -recommendations -configurations -applications -mitigation activities
configurations
____________ is the practice of hiding data and keeping it away from unauthorized users. -cryptography -encryption -cybersecurity -ciphertext
cryptography
____________ is the practice of hiding data and keeping it away from unauthorized users. -cybersecurity -ciphertext -encryption -cryptography
cryptography
The recovery point objective (RPO) identifies the amount of _________ that is acceptable. -time to recover -risk -data loss -support
data loss
________ is a technique where multiple light streams can transmit data through a single strand of fiber. -infrastructure convergence -dense wavelength multiplexing; DWDM -session initiation protocol; SIP -committed information rate; CIR
dense wavelength division multiplexing (DWDM)
________ is a technique where multiple light streams can transmit data through a single strand of fiber. -session initiation protocol; SIP -dense wavelength division multiplexing; DMDW -infrastructure convergence -committed information rate; CIR
dense wavelength division multiplexing (DWDM)
A ___________ defines how a business gets back on its feet after a major disaster like a fire or hurricane. -business impact analysis; BIA -vulnerability assessment -disaster recovery plan; DRP -recovery time objective; RTO
disaster recovery plan (DRP)
The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ________. -security event team -emergency operations group -security administration -guideline control
emergency operations group
The act of transforming cleartext data into undecipherable ciphertext is the definition of __________. -cryptography -integrity -protocol -encryption
encryption
___________ is the process of transforming data from cleartext into ciphertext. -content filtering -cryptography -encryption -information security
encryption
A time-based synchronization system is a mechanism that limits access to computer systems and network resources. -true -false
false
Access control is the process of proving you are the person or entity you claim to be. -true -false
false
After audit activities are completed, the auditors have no further work to do. -true -false
false
An SOC 1 report primarily focuses on internal controls over security. -true -false
false
An organization can choose to plan for any interruption time frame, but in many BIAs, restoration plans assume that access to primary resources will not be possible for at least 60 days. -true -false
false
Many organizations, after conducting a security assessment of their IT setup, never end up aligning policy definitions to gaps and exposures. -true -false
false
Most often, passphrases are used for public and private key authentication. -true -false
false
Once you detect a DoS attack, you cannot stop it easily. -true -false
false
Residual risk is a risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity. -true -false
false
Security controls do not need to be implemented to secure VoIP and SIP on LANs and WANs. -true -false
false
Successfully connecting to a computer using a modem makes it impossible to access the rest of the organization's network. -true -false
false
System owners are in control of data classification. -true -false
false
The Delphi method is the estimated loss due to a specific realized threat. The formula to calculate this loss is = SLE × ARO. -true -false
false
The difference between black-hat hackers and white-hat hackers is that black-hat hackers are mainly concerned with finding weaknesses for the purpose of fixing them, and white-hat hackers want to find weaknesses just for the fun of it or to exploit them. -true -false
false
The term constrained user interface describes an authentication method that uses only a single type of authentication credentials. -true -false
false
The term guideline refers to a group that oversees all proposed changes to systems and networks. -true -false
false
The term need-to-know refers to a device used as a logon authenticator for remote users of a network. -true -false
false
The term risk methodology refers to a list of identified risks that results from the risk-identification process. -true -false
false
The up-to-date Common Vulnerabilities & Exposure list is maintained and managed by the U.S. Department of Finance. -true -false
false
The weakest link in the security of an IT infrastructure is the server. -true -false
false
Voice mail and e-mail are examples of real-time communications. -true -false
false
Wardialers are becoming more frequently used given the rise of digital telephony and now IP telephony or Voice over IP (VoIP). -true -false
false
What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens' private data and have proper security controls in place? -sarbanes-oxley act (SOX) -gramm-leach billey act (GLBA) -federal information security management act (FISMA) -encryption
federal information security management act (FISMA)
What term is used to describe a packet-based WAN service capable of supporting one-to-many and many-to-many WAN connections? -class of service (CoS) -frame relay -digital central office (CO) switch -asynchronous transfer mode (ATM)
frame relay
What term is used to describe a packet-based WAN service capable of supporting one-to-many and many-to-many WAN connections? -frame relay -digital central office (CO) switch -class of service (CoS) -asynchronous transfer mode (ATM)
frame relay
__________ tests interrupt the primary data center and transfer processing capability to an alternate site. -parallel -full-interruption -disruptive -simulation
full-interruption
What name is given to a comparison of security controls in place and the controls that are needed to address all identified threats? -risk methodology -qualitative risk analysis -exposure factor (EF) -gap analysis
gap analysis
In popular usage and in the media, the term ________ often describes someone who breaks into a computer system without authorization. -attacker -packet sniffer -hijacker -hacker
hacker
For all the technical solutions you can devise to secure your systems, the __________remains your greatest challenge. -human element -administration -certifier -regulations
human element
Which of the following is not a type of authentication? -ownership -characteristics -identification -knowledge
identification
Connecting your computers or devices to the ________ immediately exposes them to attack. -network -ethernet -internet -virtual LAN; VLAN
internet
E-commerce changed how businesses sell, and the ________ changed how they market. -mobile device -internet -customer -infrastructure
internet
This security appliance examines IP data streams for common attack and malicious intent patterns. -intrusion detection system (IDS) -IT security policy framework -IP default gateway router
intrusion detection system (IDS)
A mechanism that limits access to computer systems and network resources is____. -logical access control -threshold mechanism -password mechanism -actions
logical access control
________ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object's classification. -multi-tenancy -need-to-know -smart card -relationships
need-to-know
A(n) ___________ fingerprint scanner is a software program that allows an attacker to send logon packets to an IP host device. -operating system (OS) -internet -physical -asset
operating system (OS)
What term is used to describe a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version are running on a computer? -network mapping -operating system fingerprinting -false negative -security information and event management (SIEM) system
operating system fingerprinting
________ is an authentication credential that is generally longer and more complex than a password. -authorization -two-factor authentication; TFA -passphrase -continuous authentication
passphrase
If VoIP traffic needs to traverse through a WAN with congestion, you need ___________. -committed information rate; CIR -quality of service; QoS -call control -convergence
quality of service (QoS)
____________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage. -recovery time objective; RTO -availability -downtime -mean time to repair; MTTR
recovery time objective (RTO)
Any organization that is serious about security will view ___________ as an ongoing process. -business objectives -gap analysis -standards -risk management
risk management
Another type of attacker is called a ________. This is a person with little or no skill who simply follows directions or uses a "cookbook"approach to carrying out a cyberattack without understanding the meaning of the steps he or she is performing. -hacker -script kiddke -white-hat hacker -black-hat hacker
script kiddie
The tunnel can be created between a remote workstation using the public Internet and a VPN router or a secure browser and ________ Web site. -LAN -hypertext transfer protocol (HTTP) -secure sockets layer virtual private network (SSL-VPN)
secure sockets layer virtual private network (SSL-VPN)
SOC 2 and SOC 3 reports both address primarily ________-related controls. -management -security -communication -financial reporting
security
The world needs people who understand computer-systems ________ and who can protect computers and networks from criminals and terrorists. -applications -integrity -connectivity -security
security
The world needs people who understand computer-systems ________ and who can protect computers and networks from criminals and terrorists. -integrity -connectivity -applications -security
security
When an information security breach occurs in your organization, a __________ helps determine what happened to the system and when. -functional policy -security event log -baseline -security policy
security even log
When an information security breach occurs in your organization, a __________ helps determine what happened to the system and when. -functional policy -baseline -security event log -security policy
security event log
The ____________ is the central part of a computing environment's hardware, software,and firmware that enforces access control for computer systems. -event-based synchronization system -authentication -security kernel -physical access control
security kernel
Your organization's __________ sets the tone for how you approach related activities. -guidelines -security policy -assets -configuration
security policy
The ___________ framework defines the scope and contents of three levels of audit reports. -permission-level -zone transfer -real-time monitoring -service organization control (SOC)
service organization control (SOC)
________ is the basis for unified communications and is the protocol used by real-time applications such as IM chat, conferencing, and collaboration. -dense wavelength division multiplexin; DWDM -multimodal communications -direct inward system access; DISA -session initiation protocol; SIP
session initiation protocol (SIP)
SIP is a ___________ protocol used to support real-time communications -policy -signaling -government -security
signaling
An organization's facilities manager might give you a security card programmed with your employee ID number, also known as a ________. -password -smart card -resources -physical access control
smart card
One of the most popular types of attacks on computer systems involves ___________. These attacks deceive or use people to get around security controls. The best way to avoid this risk is to ensure that employees know how to handle such attacks. -world wide web -cloud computing -worms -social engineering
social engineering
What term is used to describe communication that doesn't happen in real time but rather consists of messages (voice or e-mail) that are stored on a server and downloaded to endpoint devices? -store-and-forward communications -call control -multimodal communications -real-time communications
store-and-forward commuications
What term is used to describe a device used as a logon authenticator for remote users of a network? -smart card -authorization -synchronous token -physically constrained user interface
synchronous token
A method of restricting resource access to specific periods of time is called ________. -separation of duties -multi-tenancy -classification -temporal isolation
temporal isolation
What fills security gaps and software weaknesses? -cryptography -testing and quality assurance -data classification standard -cybersecurity
testing and quality assurance
What is meant by annual rate of occurrence (ARO)? -A collection of the knowledge and best practices of the project management profession. -The estimated loss due to a specific realized threat. -the annual probability that a stated threat will be realized -A comparison of security controls in place and the controls that are needed to address all identified threats.
the annual probability that a stated threat will be realized
Which of the following is the definition of ciphertext? - any action that could damage an asset -A mathematical formula that quantifies the amount of uptime for a system<br>compared to the amount of downtime. Usually displayed as a ratio or percentage. -The opposite of cleartext. Data sent as ciphertext is not visible and not easily decipherable, if at all. -The buying and selling of goods and services online through a secure Web site, with payment by credit card or direct debit from a checking account.
the opposite of cleartext. Data sent as ciphertext is not visible and not easily decipherable, if at all
The primary difference between SOC 2 and SOC 3 reports is ________. -their focus -the number of auditors involved -their audience -their length
their audience
RTO identifies the maximum allowable ________ to recover the function. -time -data loss -risk -support
time
Network devices can implement ___________ to better support VoIP and SIP IP packets and reduce dropped calls and delays. -traffic prioritization -application convergence -unified communications; UC -real-time communications
traffic prioritization
A benchmark is the standard by which a system is compared to determine whether it is securely configured. One technique in an audit is to compare the current setting of a computer or device with a benchmark to help identify differences. -true -false
true
A common problem with using analog for transmitting data was that analog communications carried high bit error rates. -true -false
true
A compliance liaison works with each department to ensure that it understands, implements, and monitors compliance in accordance with the organization's policies. -true -false
true
A physically constrained user interface is a user interface that does not provide a physical means of entering unauthorized information. -true -false
true
A way to protect your organization from personnel-related security violations is to use job rotation. This minimizes risk by rotating employees among various systems or duties, which prevents collusion. -true -false
true
Accreditation is management's formal acceptance of risk and their permission to implement. -true -false
true
An SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA). -true -false
true
An attacker will use exploit software when performing vulnerability assessments and intrusive penetration testing. -true -false
true
An organization must comply with rules on two levels: regulatory compliance and organizational compliance. -true -false
true
Analog central office (CO) switch means a switch used by the phone company to connect analog circuits and phone calls. -true -false
true
Both automated processes and humans use access control policies. -true -false
true
Failing to prevent an attack all but invites an attack. -true -false
true
Human latency is the amount of time humans take to consider input or correspondence, take action, and then respond. -true -false
true
Initiating changes to avoid expected problems is the definition of proactive change management. -true -false
true
Many jurisdictions require audits by law. -true -false
true
Multimodal communications encompasses protocol convergence, infrastructure convergence, and application convergence. -true -false
true
One of the earliest uses of mobile devices was to take work away from the workplace, and mobile workers quickly became the drivers for migrating applications to mobile devices. -true -false
true
Organizations should start defining their IT security policy framework by defining an asset classification policy. -true -false
true
Resources are protected objects in a computing system, such as files, computers, or printers. -true -false
true
Risks can be a positive thing, and a risk management plan should address positive and negative risk outcomes. -true -false
true
SAS70 was officially retired in June 2011 and was superseded and enhanced by the Statement of Standards for Attestation Engagements Number 16 (SSAE 16), which is now the predominant auditing and reporting standard for service organizations. -true -false
true
Synchronous token means a device used as a logon authenticator for remote users of a network. -true -false
true
The process of managing the baseline settings of a system device is the definition of configuration control. -true -false
true
The proportion of value of a particular asset likely to be destroyed by a given risk, expressed as a percentage, is exposure factor (EF). -true -false
true
The term annual rate of occurrence (ARO) describes the annual probability that a stated threat will be realized. -true -false
true
The term asynchronous token refers to an authentication token used to process challenge-response authentication with a server. The token takes the server's challenge value and calculates a response. The user enters the response to authenticate a connection. -true -false
true
The term functional policy describes a statement of an organization's management direction for security in such specific functional areas as e-mail, remote access, and Internet surfing. -true -false
true
Today's LAN standard is the Institute of Electrical and Electronics Engineers (IEEE) 802.3. -true -false
true
Voice and data traffic should be segmented on different backbone links to optimize performance, segment voice, and data traffic on separate GigE or 10GigE fiber-optic trunks. -true -false
true
When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without problems. -true -false
true
A communication protocol that is connectionless and is popular for exchanging small amounts of data or messages is called ________. -user datagram protocol; UDP -authentication -decentralized access control -single-factor authentication
user datagram protocol (UDP)
Which of these biometric authentication methods is not as accurate as the rest? -retina scan -voice pattern -iris scans -facial recognition
voice pattern
Which of these biometric authentication methods is not as accurate as the rest? -voice pattern -retina scan -iris scans -facial recognition
voice pattern