Intro to Cybersecurity Midterm 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Continuity of operations

A business manager is documenting a set of steps for processing orders if the primary internet connection fails which of these would best describe

A usb data blocker

A sec admin is concerned about data exfil resulting in malicious phone charging stations. The best protection is

Vulnerability

Adam is evaluating the security of a web server before it goes live. He believes that na issue in the code allows a cross-site scripting attack against the server. What term describes the issues Adam discovered?

Alice Private Key

Alice would like to send a message to bob using a digital signature. What cryptographic key does alice use to create the digital signature?

5%

Aziz is responsible for the administration of tan e-commerce website that generates 100k per day in revenue for his firm. The website uses a DB that contains sensitive information about the firms customers. He expects that a compromise of the DB would result in 500k of fines. What is the ARO of this attack?

GLBA

Bob is the IS and compliance manager for a financial institution. Which regulation is most likely to directly apply to Bob's employer?

Procedure

Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing this update is MANDATORY Which type of document is Chris writing?

Mike's Public Key

David would like to send mike a message using an asymmetric encryption algorithm. What key should he use to encrypt the message?

Create an OS security policy to prevent the use of removalbe media

Elizabeth, a security admin, is concerned about the potential for data exfiltration using external storage drive. Which of the following would be the Best way to prevent this method of data exfiltration?

Recovery time persepctive

Hajar is developing a business impact assessment for her organization. She is working with business unites to determine the target state of recovered data that allows the organization to continue normal processing after a major interruption. Which of the following is Hajar determining?

Data Processor

Helen's organization maitans medical records on behalf of its customers, who are individual physicians. What term best describes the role of Helens organization?

ISO 27002

Juan comes across documentation form his organization related to several IS initiatives using different standards as their reference. Which ISO standard provides current guidance on IS?

PaaS

Keisha is a network admin. She wants a cloud based service that will allow her to load operating system on a vm and manage them as if they were local server. What is keisha looking for?

Credit Cards

Maya is creating a computing infrastructure compliant with PCI DSS. What type of information is she most likely trying to protect?

Confidentiality

Nolan is writing an AAR on a security breach that took place in his organization. The attackers stole thousands of customer records from the organization's database. What cybersecurity principle was most affected?

Transfer

Purchasing an insurance Policy is an example of a _____

YEAH, DO IT!!

READ THE KEY SERVICE GRAPH

Integrity

Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If that is correct which of the CIA triad does it affect?

Password lockout

Recent audit has found that existing password policies do not include any restrictions on password attempts. Which of the following would correct this

Audit

The board of directors of Kate's company recently hired an independent firm to review the state of the organization's security controls and certify those results to the board. What term best describes this engagement?

Unavailability of future patches

Tom's organization recently learned that the vendor is discontinuing support for their customer's management CRM system. What should concern Tom the most from a security perspective

Separation of duties

Tomahawk industries develops weapons control system for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following

Deterrent

Tonya is concerned about the risk that an attacker will attempt to gain access to her organizations db server. She is searching for a control that would discourage the attackers from attempting to gain access. What type of security control is she seeking to implement?

Time-based one-time passwords

Trevor is deploying the Google Authenticator mobile application for use in his organization. What type of one-time password system does Google Authenticator use in its default mode?

False

True/False? NIST is a nongovermental organization whose goal is to develop and publish international standards.

Shadow IT

Ursula recently discovered that a group of developers are sharing information over a messaging tool provided by a cloud vendor but not sanctioned by her organization. What term describes this use of technology?

AES

Vince is choosing a symmetric encryption algorithm for use in his organization. He would like to choose the strongest algorith from the choices below. What algorithm should he choose?

IoC

Vince recently received the hash values of malicious software that several other firms in his industry found installed on their systems after a compromise. What term best describes this information?

HIPAA

What compliance regulation most directly affects the operations of a healthcare provider

To make the organization's personnel aware of existing risk

What is the main purpose of risk identification in an organization?

Likelihood X impact = RE

What is the typical risk equation

Deterrent

What kind of security control is associated with a login banner

Hardware that mirrors the primary site, but no data

What level of technology infrastructure should you expect to find in a cold site alternative data center facility?

Center for Internet Security

What organization is known for creating independent security benchmark covering hardware and software platforms from many different vendors

Stream cipher

What type of cipher operates on one character of text at a time?

Hashes produced by a specific hash function may vary in size

Which of the following is not true of hash functions?

Password complexity requirements

Which of the following technologies is the least effective means of preventing shared accounts

Nation-state actors

Which of the following threat actors typically has the greatest access to resources.

List of applications in use

Which of the following would be commonly provided by a casb

organized crime

Which of these threat actors would be most likely to accack system for direct financial gain

Create specific technology requirements for an organization

Which one of the following is the least common use of the NIST cybersecurity framework?

Symmetric stream substitution

Which set of characteristics describes the Caesar cipher accurately.

Brute Force

Which type of attack does an account lockout policy help to prevent


Ensembles d'études connexes

Health Assessment PrepU Ch. 9-10

View Set

Ch 35: Key Pediatric Nursing Interventions

View Set

Маймылдардың пайда болуы 11 кл.

View Set

Chapter 3: Electrical Fundementals

View Set

Functions of the Integumentary System

View Set

Fundamental of nursing 1 midterm

View Set

Systems Analysis and Design Ch 1, 2, 3, 4, 5, 6

View Set

Pathophysiology Reproductive Questions

View Set

Computer Architecture and Fetch-execute cycle

View Set