Information Security Test 2

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What file type is least likely to be impacted by a file infector virus?

.docx

Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall?

25

What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities?

800

Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) model. What other two layers of the model will her component need to interact with?

Application and Session

Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking?

Confidentiality

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?

Cross-site scripting (XSS)

What is NOT one of the four main purposes of an attack?

Data import

Tonya is working with a team of subject matter experts to diagnose a problem with her system. The experts determine that the problem likely resides at the Presentation Layer of the Open Systems Interconnection (OSI) model. Which technology is the most likely suspect?

Encryption

Which organization creates information security standards that specifically apply within the European Union?

European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER)

A border router can provide enhanced features to internal networks and help keep subnet traffic separate.

False

A packet-filtering firewall remembers information about the status of a network communication.

False

All request for comments (RFC) originate from the Internet Engineering Task Force (IETF).

False

Another name for a border firewall is a DMZ firewall.

False

Implicit deny is when firewalls look at message addresses to determine whether a message is being sent around an unending loop.

False

Internet Control Message Protocol (ICMP) is a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.

False

The International Standard Book Number (ISBN) is an IEEE standard.

False

David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use?

Fibre Channel over Ethernet (FCoE)

What type of firewall security feature limits the volume of traffic from individual hosts?

Flood guard

Which unit of measure represents frequency and is expressed as the number of cycles per second?

Hertz

Gary is troubleshooting a security issue on an Ethernet network and would like to look at the Ethernet standard. What publication should he seek out?

IEEE 802.3

Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management?

ISO 27002

Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI?

International Organization for Standardization (ISO)

Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block?

Internet Control Message Protocol (ICMP)

What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?"

National Institute of Standards and Technology (NIST)

Which term accurately describes Layer 3 of the Open Systems Interconnection (OSI) model?

Network

Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?

Polymorphic virus

Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working?

Presentation

Which document is the initial stage of a standard under the Internet Engineering Task Force (IETF) process?

Proposed Standard (PS)

What type of malicious software allows an attacker to remotely control a compromised computer?

Remote Access Tool (RAT)

What type of publication is the primary working product of the Internet Engineering Task Force (IETF)?

Request for comment (RFC)

What is NOT an area where the Internet Architecture Board (IAB) provides oversight on behalf of the Internet Engineering Task Force (IETF)?

Subject matter expertise on routing and switching

Which type of virus targets computer hardware and software startup functions?

System infector

Breanne's system was infected by malicious code after she installed an innocent-looking solitaire game that she downloaded from the Internet. What type of malware did she likely encounter?

Trojan horse

A computer virus is an executable program that attaches to, or infects, other executable programs.

True

A firewall is a basic network security defense tool.

True

A network attacker wants to know IP addresses used on a network, remote access procedures, and weaknesses in network systems.

True

A network protocol governs how networking equipment interacts to deliver data across the network.

True

A successful denial of service (DoS) attack may create so much network congestion that authorized users cannot access network resources.

True

A wireless access point (WAP) is the connection between a wired and wireless network.

True

ActiveX is used by developers to create active content.

True

American National Standards Institute (ANSI) was formed in 1918 through the merger of five engineering societies and three government agencies.

True

Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily.

True

It is common for rootkits to modify parts of the operating system to conceal traces of their presence.

True

The International Electrotechnical Commission (IEC) was instrumental in the development of standards for electrical measurements, including gauss, hertz, and weber.

True

The International Telecommunication Union (ITU) was formed in 1865 as the International Telegraph Union to develop international standards for the emerging telegraph communications industry.

True

The Internet Engineering Task Force (IETF) is a collection of working groups (WGs), and each working group addresses a specific topic.

True

The OSI Reference Model is a theoretical model of networking with interchangeable layers.

True

The function of homepage hijacking is to change a browser's homepage to point to the attacker's site.

True

The goal of a command injection is to execute commands on a host operating system.

True

The term "web defacement" refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server.

True

Unlike viruses, worms do NOT require a host program in order to survive and replicate.

True

What is NOT a typical sign of virus activity on a system?

Unexpected power failures

Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use?

VPN concentrator

Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?

Virtual LAN (VLAN)

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?

Whois

What type of network connects systems over the largest geographic area?

Wide area network (WAN)

What is NOT a service commonly offered by unified threat management (UTM) devices?

Wireless network access

Standards provide guidelines to ensure that products in today's computing environments work together.

True

TCP/IP is a suite of protocols that operates at both the Network and Transport layers of the OSI Reference Model.

True

The Baldrige National Quality Program is part of the National Institute of Standards and Technology (NIST).

True

The Data Link Layer of the OSI Reference Model is responsible for transmitting information on computers connected to the same local area network (LAN).

True


Ensembles d'études connexes

Chapter 22 Head and Spinal Cord Injuries EAQ

View Set

APUSH REVIEW - [PERIOD and COURSE OUTLINE]

View Set