Exam 2 - Ch. 8, 9, 10, 11, 12, 13, 14
Which of the following is the process of providing additional private credentials that match the user ID or username?
Authentication
Which of the following terms means the process to decide what a user can do?
Authorization
A successful DoS attack violates the ______ property of C-I-A.
Availability
The term _______ defines the components, including people, information, and conditions, that support business objectives.
Business drivers
______ cabling provides excellent protection from interference but can be expensive.
Fiber Optic
Which of the following is commonly the primary security control for data entering the LAN-to-WAN domain?
Filtering
Which type of network device is most commonly used to filter network traffic?
Firewall
Which security related act requires organizations to protect all personal medical information?
HIPAA
Which of the following protocols is used for encrypted traffic?
HTTPS
Which of the following devices repeats input received to all ports?
Hub
Which department should take the lead in User Domain compliance accountability?
Human Resources
Which of the following devices detect potential intrusions? (Select two). A. Firewall B. IPS C. IDS D. Load balancer
IPS; IDS
Which of the following is the process of verifying credentials of a specific user?
Identification
Which of the following is not a common feature of a data center? A. Controlled environment B. Limited physical access C. In-room generator D. Raised floor
In-room generator
The ______ property of the C-I-A triad provides the assurance the information cannot be changed by unauthorized users.
Integrity
Which of the following best describes the purpose of auditing?
It verifies that systems are operating in compliance
Which of the following terms defines a strategy in which you grant access that allows a user to complete assigned tasks and nothing else?
Least Privilege
Which WAN technology is a cost-effective solution for connecting multiple locations?
MPLS
Which common term originally referred to the large cabinets that housed the processing units and memory modules of early computers?
Mainframe
Which benefits do application performance monitoring software provide? (Select two). A. Measure end-user response time B. Measure senior management browsing habits C. Measure end-user traffic volume D. Measure application installed code base
Measure end-user response time; Measure end-user traffic volume
Which of the following controls would comply with the directive to limit access to payroll data to computers in the HR department?
Media Access Control-based authorization
Which of the following describes a common LAN protocol deployed to a network the size of a city?
Metro Ethernet
The ______ feature speeds up routing network packets by adding a label to each packet with routing information.
Multi-protocol label switching (MPLS)
Which of the following is a solution that defines and implements a policy that describes the requirements to access your network?
NAC
When using DAC, a subject must possess sufficient clearance as well as ________ to access an object.
Need to Know
A(n) ______ is a dedicated computer on a LAN that runs network management software.
Network Monitoring Plan (NMP)
Every disaster recovery plan should protect ______ first.
People
Which of the following is a series of individual tasks that users accomplish to comply with one or more goals?
Procedure
What are the types of malware? (Select two). A. Programs that actively spread or infect B. Programs that slow down data transfer C. Programs that cause damage D. Programs that hide
Programs that actively spread or infect Programs that hide
A(n) _______ makes requests for remote services on behalf of local clients.
Proxy Server
Which access control method is based on granting permissions?
RBAC
Using a RACI matrix, which attribute refers to the party that actually carries out the work?
Responsible
Which LAN device commonly has the ability to filter packets and deny traffic based on the destination address?
Router
______ is a network protocol used to monitor network devices.
SNMP
Which of the following is an internal control report for the services provided by a service provider?
SOC
Which of the following protocols works well with firewalls?
SSTP
Which of the following terms ensures at least two people must perform a series of actions to complete as task?
Separation of Duties
The _____ contains guaranteed availability for your WAN connection.
Service level agreement (SLA)
If you only have one connection to the Internet and that connection fails, your organization loses its Internet connection. This is an example of a(n) ______.
Single Point of Failure
According to SOX requirements, which type of user accounts are prohibited from accessing the production environment?
Software developers
Which of the following is a collection of requirements that the users must meet?
Standard
Which of the following controls would best protect sensitive data disclosure to unauthorized users using remote computers?
Strong passwords
A(n) ______ is a subdivision or part of a network.
Subnet
_______ is a technique that creates a virtual encrypted channel that allows applications to use any protocol to communicate with servers and services without having to worry about addressing privacy concerns.
Tunneling
Which protocol does SNMP use to transport messages?
UDP
A(n) ______ makes it easy to establish what appears to be a dedicated connection over a WAN.
Virtual Private Network (VPN)
Many organizations use a(n) ______ to allow remote users to connect to internal network resources.
Virtual Private Network (VPN)
Why is mapping a LAN a productive exercise?
Visual maps help in understanding your LAN design
A(n) ______ can exclude unnecessary traffic from the WAN.
WAN Optimizer
Which entity is responsible for controlling access to network traffic in the WAN?
WAN service provider
Who writes SLAs?
WAN service provider
Some attackers use the process of ______ to find modems that may be used to attack a computer.
War Dialing
A(n) ______ generally resides in the DMZ and provides the interface between remote users and an application server.
Web server
A ______ is a type of malware that is a self-contained program that replicates and sends copies of itself to other computers
Worm
Defining access controls where each user has the permission to carry out assigned tasks and nothing else is called
the principle of least privilege
Most WAN protocols operate at which level in the OSI reference model?
2
Which of the following is true? A. A BCP is normally part of a DRP B. A BCP addresses only IT issues C. A DRP is normally part of a BCP D. A DRP should address even minor interruptions
A DRP is normally part of a BCP
Which of the following best describes a dual-homed ISP connection?
A network that maintains two ISP connections
Which of the following best describes the term honeypot?
A server that is deliberately set up in an unsecure manner to attract attackers
Which of the following types of policies defines prohibited actions?
Acceptable use policy (AUP)
Which type of plan contains instructions on how to recover from a power failure?
BCP
Which of the following transmission techniques requires the entire bandwidth of a channel?
Baseband
True or False. The primary concern for remote access is availability.
False
True or False. WAN subscription cost tends to decrease as availability increases.
False
What does it mean when there are differences between the last security configuration baseline and the current security configuration settings?
Changes have occurred (either authorized or unauthorized)
Which type of agreement can protect the ability to file a patent application?
Confidentiality agreement
Why is LAN device configuration control important?
Configuration control can detect changes an attacker might have made to allow harmful traffic in a LAN
True or False. You only need written authorization prior to conducting a penetration test that accesses resources outside your organization.
False
Which type of WAN generally has the highest speed and is most secure?
Dedicated line
Which of the following choices protect your system from users transferring private data files from a server to a workstation? (Select two). A. Increase the frequency of object access audits. B. Deliver current security policy training. C. Place access control to prohibit inappropriate actions. D. Enable access auditing for all private data files.
Deliver current security policy training. Place access control to prohibit inappropriate actions.
A(n) ______ is an isolated part of a network that is connected both to the Internet and your internal secure network and is a common home for Internet-facing Web servers.
Demilitarized Zone (DMZ)
Which type of control only reports that a violation has occurred?
Detective
______ means the ongoing attention and care an organization places on security and compliance.
Due diligence
Where must sensitive information be encrypted to ensure its confidentiality? (Select two). A. While in use on a workstation B. During transmission over the network C. As it is stored on disk D. In memory
During transmission over the network As it is stored on disk
Which of the following is the primary type of control employed in the WAN domain?
Encryption
_______ is the primary security control used in the Remote Access domain.
Encryption
True or False. A LAN is a network that generally spans several city blocks.
False
True or False. A confidentiality agreement sets the expectations of each employee and sets job performance standards.
False
True or False. A local resource is any resource connected to the local LAN.
False
True or False. All VPN traffic is encrypted.
False
True or False. Because the System/Application domain is the innermost domain, security controls are not as important.
False
True or False. By definition, VPN traffic is encrypted.
False
True or False. PCI DSS allows merchants to store the CVV number.
False
True or False. The WAN domain commonly contains a DMZ.
False
True or False. The main concern of data security in the System/Application domain is integrity.
False
Which type of full database encryption doesn't require any user interaction?
TDE
Which protocol is commonly used to protect data sent to Web browsers when not using VPNs?
TLS
What condition must exist for a background check to be governed by FCRA?
The investigation is performed by a third party
How can some smart routers attempt to stop a DoS attack in progress?
They can terminate any connections with the source of the attack
Which of the following would be the best use for a packet sniffer? A. To approve or deny traffic based on the destination address B. To encrypt confidential data C. To analyze packet contents to specific LAN devices D. To track configuration changes to specific LAN devices
To analyze packet contents for known inappropriate traffic
True or False. A distributed application is one in which the components that make up the application reside on different computers.
True
True or False. A solid multilayered security plan means that an attacker will likely encounter several security controls before reaching the System/Application domain components.
True
True or False. Discretionary access control is based on roles and granted permissions.
True
True or False. Even the newest wireless protocols are slower than using high-quality physical cable.
True
True or False. Given adequate security controls, PDAs are appropriate for use as remote access devices.
True
True or False. NAT is helpful to hide internal IP addresses from the outside world.
True
True or False. One of the most important concerns when sending data across a WAN is confidentiality
True
True or False. The use of global user accounts can simplify user maintenance.
True
True or False. You should back up LAN device configuration settings as part of a LAN backup.
True
Many organizations use a RCI matrix to document tasks and the personnel responsible for the assignments. RACI stands for ______, ______, consulted, and informed.
responsible, accountable