Final Exam

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

True

A network attacker wants to know IP addresses used on a network, remote access procedures, and weaknesses in network systems.

True

A wireless access point (WAP) is the connection between a wired and wireless network.

Polymorphic virus

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?

Consumer

Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank X?

Confidentiality

Alison discovers that a system under her control has been infected with malware, which is using a keylogger to report user keystrokes to a third party. What information security property is this malware attacking?

True

Backdoor programs are typically more dangerous than computer viruses

VPN concentrator

Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use?

True

CompTIA Security+ is an entry-level security certification

True

DoD and NSA have adopted several training standards to serve as a pathway to satisfy Directive 8140. Although they are called standards, they are really training requirements for specific job responsibilities.

False

Federal agencies fall under the legislative branch of the U.S. government.

International Council of E-Commerce Consultants (EC-Council)

Fran is interested in learning more about the popular Certified Ethical Hacker (CEH) credential. What organization should she contact?

True

Information systems security is about ensuring the confidentiality, integrity, and availability of IT infrastructures and the systems they comprise.

GIAC Certified Forensic Examiner (GCFE)

Jonas is an experienced information security professional with a specialized focus on evaluating computers for evidence of criminal or malicious activity and recovering data. Which GIAC certification would be most appropriate for Jonas to demonstrate his abilities?

True

Juniper Networks offers vendor-specific certifications.

Captive portal

Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?

True

Payment Card Industry Data Security Standard (PCI DSS) version 3.2 defines 12 requirements for compliance, organized into six groups, called control objectives.

Hub

Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?

True

The goal of a command injection is to execute commands on a host operating system.

True

The three main categories of network security risk are reconnaissance, eavesdropping, and denial of service.

Integrity

Tim is implementing a set of controls designed to ensure that financial reports, records, and data are accurately maintained. What information security goal is Tim attempting to achieve?

Security

Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, what type of safeguards must be implemented by all covered entities, regardless of the circumstances?

Virtual Lan (VLAN)

Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?

27002

What ISO security standard can help guide the creation of an organization's security policy?

Fear

What is NOT a common motivation for attackers?

Federal Communications Commission (FCC)

Which of the following agencies is NOT involved in the Gramm-Leach-Bliley Act (GLBA) oversight process?

Children's Internet Protection Act (CIPA)

Betty visits a local library with her young children. She notices that someone using a computer terminal in the library is visiting pornographic websites. What law requires that the library filter offensive web content for minors?

False

Cisco offers certifications only at the Associate, Professional, and Expert levels.

False

The Certified Secure Software Lifecycle Professional (CSSLP) credential measures the knowledge and skills necessary for professionals involved in the process of authorizing and maintaining information systems.

True

The Data Link Layer of the OSI Reference Model is responsible for transmitting information on computers connected to the same local area network (LAN).

True

The Federal Trade Commission (FTC) Safeguards Rule requires a financial institution to create a written information security program that must state how the institution collects and uses customer data.

False

The ISACA Certified in Risk and Information Systems Control (CRISC) certification targets security professionals who ensure that their organization satisfies IT governance requirements.

Unexpected power failures

What is NOT a typical sign of virus activity on a system?

255

What is the maximum value for any octet in an IPv4 IP address?

Dynamic Host Configuration Protocol (DHCP)

What protocol is responsible for assigning IP addresses to hosts on most networks?

Certified Information System Security Professional (CISSP)

Which of the following certifications is considered the flagship Information Systems Security Certification Consortium, Inc. (ISC)2 certification and the gold standard for information security professionals?

Right to delete unwanted information from records

Which of the following is NOT one of the rights afforded to students (or the parents of a minor student) under the Family Educational Rights and Privacy Act (FERPA)?

Network

Which term accurately describes Layer 3 of the Open Systems Interconnection (OSI) model?

Hertz

Which unit of measure represents frequency and is expressed as the number of cycles per second?

Nmap

Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose?

False

The CISSP-ISSEP concentration requires that a candidate demonstrate two years of professional experience in the area of architecture.

False

The Centers for Medicare & Medicaid Services (CMS) investigates and responds to complaints from people who claim that a covered entity has violated the Health Insurance Portability and Accountability Act (HIPAA).

False

Trojans are self-contained programs designed to propagate from one host machine to another using the host's own network communications protocols.

Remote Access Tool (RAT)

What type of malicious software allows an attacker to remotely control a compromised computer?


Ensembles d'études connexes

Auditing Exam 4: Chapter 7,8 Mod E

View Set

Chapter 14 NCLEX-Style Review Questions

View Set

Ortho/Rhuem: Exam 3 (Disorders of the Hip)

View Set