InfoSec Ch1
Which security control would be implemented to stop attackers from intercepting and reading sensitive email messages? A. An acceptable use policy B. A data classification standard C. An IT security policy framework D. A VPN for remote access E. Secure access controls
D. A VPN for remote access
Bob is the information security and compliance manager for a financial institution. Which regulation is most likely to directly apply to Bob's employer? A. Health Insurance Portability and Accountability Act (HIPAA) B. Federal Information Security Management Act (FISMA) C. Children's Internet Protection Act (CIPA) D. Gramm-Leach-Bliley Act (GLBA)
D. Gramm-Leach-Bliley Act (GLBA)
Which of the following is not a U.S. compliance law or act? A. CIPA B. FERPA C. FISMA D. PCI DSS E. HIPAA
D. PCI DSS
Which tool or application can be used to create a remote connection with network devices, including switches, file servers, or web servers, across a LAN or WAN? A. Traceroute B. Ping C. Nslookup D. PuTTY
D. PuTTY
________ routing refers to the process of routing packets via paths that are manually defined on a router, while ________ routing refers to the process of routing packets via paths that may change according to network conditions. A. Forwarding table; ARP table B. Dynamic; static C. ARP table; forwarding table D. Static; dynamic
D. Static; dynamic
Which Layer 2 device does not count as a hop in tracert output? A. Firewall B. Router C. Workstation D. Switch
D. Switch
Which term describes any action that could damage an asset? A. Risk B. Countermeasure C. Vulnerability D. Threat
D. Threat
Which of the following is a command-line utility that is used to display the configuration values assigned to its Network Interface Card(s), including the MAC addresses, on a Windows computer? A. NAT B. Forwarding tables C. ARP table D. ipconfig
D. ipconfig
Unauthorized access to data centers and downtime of servers are risks to which domain of an IT infrastructure? A. System/Application Domain B. Remote Access Domain C. Wide Area Network (WAN) Domain D. Workstation Domain
A. System/Application Domain
Internet IP packets are to cleartext what encrypted IP packets are to __________. A. Confidentiality B. Ciphertext C. Virtual private networks D. Cryptography algorithms E. None of the above
B. Ciphertext
A data classification standard is usually part of which policy definition? A. Asset classification policy B. Acceptable use policy C. Vulnerability assessment and management policy D. Security awareness policy E. Threat assessment and monitoring policy
A. Asset classification policy
Which security control is most helpful in protecting against eavesdropping on wide area network (WAN) transmissions? A. Encrypting transmissions with virtual private networks (VPNs) B. Blocking Transmission Control Protocol (TCP) synchronize (SYN) open connections C. Deploying an intrusion detection system/intrusion prevention system (IDS/IPS) D. Applying filters on exterior Internet Protocol (IP) stateful firewalls
A. Encrypting transmissions with virtual private networks (VPNs)
When selling software, software manufacturers limit their liability using which of the following? A. End-User License Agreements B. Confidentiality agreements C. Software development agreements D. By developing error-free software and code so there is no liability E. None of the above
A. End-User License Agreements
Which of the following is not a security control that can be configured by the Group Policy Management Console (GPMC)? A. Static routes B. Windows updates C. Password policies D. Program execution privileges
A. Static routes
A publicly traded company or U.S. federal government agency must go public and announce that it has had a data breach and inform the impacted individuals of that data breach. A. True B. False
A. True
Encrypting email communications is needed when sending confidential information within an email message through the public Internet. A. True B. False
A. True
Information security is specific to securing information, whereas information systems security is focused on the security of the systems that house the information. A. True B. False
A. True
Using security policies, standards, procedures, and guidelines helps organizations decrease risks and threats. A. True B. False
A. True
A data breach typically occurs after which of the following? A. Unauthorized access to systems and application is obtained B. Vulnerability assessment scan C. Configuration change request D. Implementation of a new data center E. Implementation of a web application update
A. Unauthorized access to systems and application is obtained
Remote access security controls help to ensure that the user connecting to an organization's network is who the user claims to be. A username is commonly used for _______, whereas a biometric scan could be used for _______. A. identification, authentication B. identification, authorization C. authorization, accountability D. authentication, authorization
A. identification, authentication
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate? A. Confidentiality B. Integrity C. Availability D. Nonrepudiation
B. Integrity
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If that is correct, which one of the tenets of information security did this attack violate? A. Nonrepudiation B. Integrity C. Confidentiality D. Availability
B. Integrity
Which element of the security policy framework requires approval from upper management and applies to the entire organization? A. Standard B. Policy C. Procedure D. Guideline
B. Policy
Which term describes the level of exposure to some event that has an effect on an asset, usually the likelihood that something bad will happen to an asset? A. Countermeasure B. Risk C. Vulnerability D. Threat
B. Risk
Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used? A. Procedure B. Standard C. Guideline D. Policy
B. Standard
Which security control would reduce the likelihood of an attacker's gaining unauthorized access to a user's login ID? A. VPN B. Two-factor authentication C. Encrypting all stored data D. Firewall
B. Two-factor authentication
What is a primary risk to the Workstation Domain, the Local Area Network (LAN) Domain, and the System/Application Domain? A. Unauthorized network probing and port scanning B. Unauthorized access to systems C. Downtime of IT systems for an extended period after a disaster D. Mobile worker token or other authentication stolen
B. Unauthorized access to systems
In which domain of a typical IT infrastructure is the first layer of defense for a layered security strategy? A. Local Area Network (LAN) Domain B. User Domain C. Workstation Domain D. System/Application Domain
B. User Domain
Which of the following is a service typically found in the System/Application Domain that is used to manage users and application settings from a central location and apply the configurations to computers in a managed group? A. Server Manager B. Domain Name System C. Active Directory Domain Services (AD DS) D. Group Policy Management Console (GPMC)
C. Active Directory Domain Services (AD DS)
The __________ tenet of information systems security is concerned with the recovery time objective. A. Confidentiality B. Integrity C. Availability D. All of the above E. None of the above
C. Availability
Which element of the security policy framework offers suggestions rather than mandatory actions? A. Procedure B. Standard C. Guideline D. Policy
C. Guideline
Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing? A. Policy B. Standard C. Procedure D. Guideline
C. Procedure
Which domain contains critical systems and applications that support and provide various services that perform core functions like authentication, authorization, and data management? A. Remote Access Domain B. Workstation Domain C. System/Application Domain D. LAN-to-WAN Domain
C. System/Application Domain
Which domain is typically the weakest link in any IT infrastructure? A. Remote Access Domain B. LAN-to-WAN Domain C. User Domain D. Workstation Domain
C. User Domain
Cloud Service Providers (CSPs) use the ________ to offer services to customers throughout the world. A. System/Application Domain B. User Domain C. WAN Domain D. Remote Access Domain
C. WAN Domain
When a full tunnel is being used by a VPN client and server, you can expect the first hop in ________ to always be the gateway for the ________ network. A. PuTTY; VPN B. PuTTY; remote C. tracert; VPN D. tracert; remote
C. tracert; VPN
Maximizing availability primarily involves minimizing __________. A. The amount of downtime recovering from a disaster B. The mean time to repair a system or application C. Downtime by implementing a business continuity plan D. The recovery time objective E. All of the above
E. All of the above
Which of the following security controls can help mitigate malicious email attachments? A. Email filtering and quarantining B. Email attachment antivirus scanning C. Verifying with users that email source is reputable D. Holding all incoming emails with unknown attachments E. All of the above
E. All of the above
The __________ is the weakest link in an IT infrastructure. A. System/Application Domain B. LAN-to-WAN Domain C. WAN Domain D. Remote Access Domain E. User Domain
E. User Domain
True or False? Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.
True
True or False? Availability is the tenet of information security that deals with uptime and downtime.
True
True or False? The Local Area Network (LAN) Domain of a typical IT infrastructure includes both physical network components and logical configuration of services for users.
True
True or False? The Local Area Network (LAN)-to-Wide Area Network (WAN) Domain is where the IT infrastructure links to a WAN and the Internet.
True
True or False? The System/Application Domain of a typical IT infrastructure consists of hardware, operating system software, applications, and data and includes hardware and its logical design.
True
True or False? The User Domain of a typical IT infrastructure defines the people and processes that access an organization's information systems.
True