IS 360 Study Guide #3
What file type is least likely to be impacted by a file infector virus? .exe .docx .com .dll
.docx
How many domains of knowledge are covered by the Certified Information Systems Security Professional (CISSP) exam? 7 8 9 10
8
A Windows server was corrupted due to a malware attack. A System State backup is available from before the attack occurred, when the server was fully operational. What steps will be needed after recovery from the backup to return the machine to its operational state? Install applications required for the server's function. Reconfigure the backup system. Recovery will return the system to its operational state. Reconfigure Windows to the desired state.
???
How do multiple clients access the same folder on an NFS server? Each NFS client has access to a private copy of the files on the NFS server. Each NFS client has access to the same copy of the files on the NFS server. Each NFS client creates a local copy of the files on the NFS server. The NFS server merges the sets of files from each NFS client.
???
Hybrid cryptography uses ________ cryptography to negotiate a shared ________ key. asymmetric; symmetric symmetric; asymmetric asymmetric; public symmetric; private
???
Implementing ________ administration of Windows Defender through Active Directory allows administrators to make a change in antivirus policy once and deploy it to all computers in the domain. central universal local forest
???
In the Group Policy Management editor's Turn off real-time protection Setting, which State would you choose to ensure that Windows Defender's real-time protection is always on and cannot be overridden by other users, including local administrators? Not Supported Not Configured Disabled Enabled
???
Which Linux log file would be most useful for identifying failed login attempts? /var/log/secure /var/log/messages /var/log/kern.log /etc/rsyslog.conf
???
Why would an analyst use a tool like Autopsy to analyze a disk image rather than just using standard file explorer tools to examine the contents? The tool allows the analyst to break user encryption if needed. The tool allows the analyst to analyze the network topology as well as the drive information. The tool allows the analyst to quickly identify the IP addresses of possible intrusions. The tool allows the analyst to quickly find high-value evidence from various information sources on the drive.
???
By creating users, assigning those users to groups, and then applying groups to resources in the domain, the administrator sets up both authentication using the Active Directory Domain authentication policies and builds a series of nested __________ to control the access to domain resources. Domain Integrity Controllers Security Hosts Virtual Directory Authenticators Access Control Lists
Access Control Lists
Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature? Alice's public key Alice's private key Bob's public key Bob's private key
Alice's private key
Under the Federal Information Security Management Act (FISMA) of 2002, which of the following broadens the scope of FISMA beyond a federal agency and is important because IT systems and functions are often outsourced? The Office of Management and Budget (OMB) is responsible for FISMA compliance. An agency must protect the IT systems that support its operations even if another agency or contractor owns the IT systems. FISMA requires each federal agency to create an agency-wide information security program. Agencies must test and evaluate the security program at least annually and test IT systems with greater risk more often.
An agency must protect the IT systems that support...
What is not a privacy principle created by the Organisation for Economic Co-operation and Development (OECD)? An organization should collect only what it needs. An organization should share its information. An organization should keep its information up to date. An organization should properly destroy its information when it is no longer needed.
An organization should share its information
Which of the following terms describes a registry of mail servers that have been blocked due to their association with large volumes of spam email? Listserv Spamserv Blacklist Blockmail
Blacklist
Members of the __________ group called Remote Desktop Users are allowed to use the remote desktop services to connect to remote machines. Builtin (built-in) Superuser Active Windows Advanced Users
Builtin
Oscar is a network engineer. He is responsible for the networks and security protections, such as firewalls, in his local government agency. He is beginning a professional development journey and trying to determine an entry-level or associate-level security certification that is a good match with his current knowledge and skills. Which certification should he pursue? Cisco Certified Network Associate (CCNA) Juniper Networks Certified Internet Professional (JNCIP)-Enterprise Administration of Symantec Security Analytics Check Point Certified Security Administrator (CCSA)
CCNA
Which of the following is the point at which two error rates of a biometric system are equal and is the measure of the system's accuracy expressed as a percentage? False acceptance rate (FAR) False rejection rate (FRR) Crossover error rate (CER) Reaction time
CER
How can the percentage of requests handled by a back-end server be adjusted in the HAProxy load balancer? Configuring the server to use HTTPS instead of HTTP Changing the weight of the server in the back-end server pool Changing the mode of the server in the back-end server pool Changing the IP address of the front-end server
Changing the weight
Which method of fault tolerance connects two or more computers to act like a single computer in a highly coordinated manner? Redundant Array of Inexpensive Disks (RAID) Clustering Load balancing Outsourcing to the cloud
Clustering
Helen has no security experience. She would like to earn a certification that demonstrates that she has the basic knowledge necessary to work in the information security field. What certification would be an appropriate first step for her? Certified Information Systems Security Professional (CISSP) CompTIA Security+ GIAC Assessing Wireless Networks (GAWN) Certified Internet Web Professional (CIW)
CompTIA+
Rylie is a newly hired cybersecurity expert for a government agency. Rylie used to work in the private sector. She has discovered that, whereas private sector companies often had confusing hierarchies for data classification, the government's classifications are well known and standardized. As part of her training, she is researching data that requires special authorization beyond normal classification. What is this type of data called? Compartmentalized Assured Public Exclusive
Compartmentalized
Which part of the C-I-A triad refers to preventing the disclosure of secure information to unauthorized individuals or systems? Confidentiality Integrity Accessibility Availability
Confidentiality
Donnelly is an IT specialist. He is in charge of the server and network appliances inventory. The infrastructure roadmap calls for a network systems reconfiguration in the next six months. Adina, the security expert, asks Donnelly to prepare a standardized list of all current and proposed equipment and then to present it to her in a hardware configuration chart. What does Adina tell Donnelly that the chart should include? Change control management Copies of all software configurations for routers and switches Impact assessment System life cycle
Copies of all software
Lin installed a time-management utility that she downloaded from the Internet. Now several applications are not responding to normal commands. What type of malware did she likely encounter? Virus Worm Ransomware Trojan horse
Trojan horse
Which of the following combines something you know (e.g. password) with something you are (e.g. fingerprint) or something you possess (e.g. USB stick) and can also employ a certificate system that adds a distinct third layer to the authentication process? Single-factor authentication Two-factor authentication Three-factor authentication Multi-factor authentication
Two-factor
Wen is a network security professional. He wants to strengthen the security of his agency's network infrastructure defenses. Which control can he use to protect the network? Require scanning of all removable media Use proxy services and bastion hosts to protect critical services Ensure that all operating systems have been patched with the latest updates from vendors Disable any unnecessary operating system services and processes that may pose a security vulnerability
Using proxy services and bastion hosts to protect critical services
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations? Whois Simple Network Management Protocol (SNMP) Ping Domain Name System (DNS)
Whois
Hacking groups create _______ to launch attacks whereby they infect vulnerable machines with agents that perform various functions at the command of the controller. logic bombs honeypots ransomware botnets
botnets
Which type of Autopsy timeline filter would be most useful to determine when documents were changed on a computer? Filtering based on included text Filtering based on event type Filtering based on file type Filtering based on user
event type
Which of the following is not true of U.S. Department of Defense/military Directive (DoDD) 8140? DoDD 8140 includes training and certification in cybersecurity to prepare Department of Defense (DoD) personnel to meet the demands of cyberwarfare. DoDD 8140 is more role based than the 8570.01 directive. DoDD 8140 is an operationally focused cybersecurity training framework. DoDD 8140 certifications are unique and will not include commercial certifications.
first one
Policies related to acceptable use, antivirus, email, firewalls, wireless, or mobile device security are examples of a ________ policy, which provides direction to management in specific areas. strategy baseline functional standards
functional
Because __________, auditing every part of an organization and extending into all outsourcing partners may not be possible. of resource constraints all users should be informed they are being audited all users should not be informed they are being audited such an extensive audit is outside of best practices recommendations
of resource constraints
The Microsoft Security Baseline Analyzer __________ scores the severity of each vulnerability and offers suggestions for addressing each of the vulnerabilities found. baseline recap vulnerability finder evaluation report
report
Hajar has been an (ISC)2 Certified Information Systems Security Professional (CISSP) for 10 years. She would like to earn an advanced certification that demonstrates her ability in systems security engineering. Which of the following CISSP concentrations would meet Hajar's needs? CISSP-ISASP CISSP-ISSEP CISSP-ISSMP CISSP-ISSAP
second one
To create a digital signature for a message, first calculate a hash value of the message and then ________. encrypt the hash value with the sender's public key decrypt the hash value with the sender's public key encrypt the hash value with the sender's private key decrypt the hash value with the sender's private key
second one
When should an organization's managers have an opportunity to respond to the findings in an audit? Managers should write a report after receiving the final audit report. Managers have the opportunity to respond to a draft copy of the audit report. Auditors then put that response in the final report. Managers should not have an opportunity to respond to audit findings. Managers should write a letter to the Board following receipt of the audit report.
second one
How does the Autopsy timeline view of events help an analyst? The timeline can quickly identify data that has been sent outside the company. The timeline can provide the true identity of a user. The timeline can help establish a sequence of events among different sources of data. The timeline can be used to quickly identify unauthorized access.
third one
Which document would be the most important for the people assigned to bring a data center back to production for normal business operations after a natural disaster? Business Impact Analysis Business Continuity Plan Disaster Recovery Plan Confidentiality, Integrity, and Availability Triad
DRP
What is not a symmetric encryption algorithm? Diffie-Hellman Data Encryption Standard (DES) International Data Encryption Algorithm (IDEA) Carlisle Adams Stafford Tavares (CAST)
Diffie-Hellman
Security objectives add value to relationships between businesses or between businesses and their customers. Which objective binds a message or data to a specific entity? Message authentication Digital signature Receipt and confirmation Nonrepudiation
Digital signature
Which of the following password policies would be used to prohibit users from re-using their seven most recent passwords? Maximum password length Enforce password history Maximum password age Password must meet complexity requirements
Enforce
Biyu is a network administrator. She is developing the compliance aspect of her company's security policy. Currently, she is focused on the records of actions that the organization's operating system or application software creates. What aspect of compliance is Biyu focusing on? Certification Event logs Professional ethics Remediation
Event logs
Anya is a cybersecurity engineer for a high-secrecy government installation. She is configuring biometric security that will either admit or deny entry using facial recognition software. Biometric devices have error rates and certain types of accuracy errors that are more easily tolerated depending on need. In this circumstance, which error rate is she likely to allow to be relatively high? None Crossover error rate (CER) False acceptance rate (FAR) False rejection rate (FRR)
FRR
Antivirus, firewall, and email use policies belong to what part of a security policy hierarchy? Environment Functional policies in support of organization policy Organizational security policy Supporting mechanisms
Functional policies
Which certification program enables credential holders to earn a Gold credential through the acceptance of a technical paper that covers an important area of information security? International Information Systems Security Certification Consortium (ISC)2 CompTIA ISACA Global Information Assurance Certification (GIAC)
GIAC
In the Windows Scan Results section of the Microsoft Security Baseline Analyzer report, the __________ link opens a new Internet Explorer window with information about the issue and possible solutions. What was scanned Best practices How to correct this What to do next
How to correct this
Which organization promotes technology issues as an agency of the United Nations? International Telecommunication Union (ITU) Institute of Electrical and Electronics Engineers (IEEE) American National Standards Institute (ANSI) Internet Assigned Numbers Authority (IANA)
ITU
Which of the following is not true of data backup options? A full backup copies everything to backup media. A differential backup starts with making a full backup; successive backups back up changes made since the last full backup. An incremental backup starts with a full backup; successive backups back up only that day's changes. It is faster to create differential weekday backups than incremental backups.
It is faster to create differential weekday backups
Which agreement type is typically less formal than other agreements and expresses areas of common interest? Service-level agreement (SLA) Blanket purchase agreement (BPA) Memorandum of understanding (MOU) Interconnection security agreement (ISA)
MOU
What is the average time a device will function before it fails? Recovery time objective (RTO) Recovery point objective (RPO) Mean time to failure (MTTF) Mean time between failures (MTBF)
MTTF
Taylor is a security professional working for a retail company. She is revising the company's policies and procedures to meet Payment Card Industry Data Security Standard (PCI DSS) objectives. One change she has made is to require the use of antivirus software on all systems commonly affected by malware and to keep them regularly updated. Which PCI DSS control objective is she attempting to meet? Build and maintain a secure network Protect cardholder data Maintain a vulnerability management program Implement strong access control measures
Maintain a vulnerability management program
Isabella is a digital forensic specialist. She wants to recover deleted data from a computer disk. The computer is currently running. Which process should she take to do so without accidentally overwriting any deleted data? Copy the contents of the disk drive to an external drive without shutting down the computer Shut down the computer, reboot, and then copy the contents of the disk drive to an external drive Make an image of memory, shut down the computer, attach the disk drive to a forensic lab device, and read the data from the disk Because processes constantly run on computers and request new sectors to store data, it is not possible to recover deleted data without some data being overwritten
Make an image...
Which of the following statements is true regarding managing change management? Many tools and suites are available to aid the security practitioner in implementing and managing change management. Because of the importance of security, most organizations now have unlimited budgets for their security programs. Unfortunately, there are no tools for compliance and analysis that are built into the operating system. Most tools for compliance and analysis are expensive and outside the budgets of most organizations.
Many tools
Alison retrieved data from a company database containing personal information on customers. When she looks at the Social Security number (SSN) field, she sees values that look like this: "XXX-XX-9142." What has happened to these records? Encryption Truncation Hashing Masking
Masking
Which of the following tools enables the security practitioner to discover vulnerabilities and patch-level deficiencies at the Windows host machine level? Microsoft Security Baseline Analyzer Group Policy Objects FileZilla Patch Analyzer
Microsoft Security Baseline Analyzer
Which of the following tools scans for available updates to the operating system, Microsoft Data Access Components (MDAC), Microsoft XML Parser (MSXML), .NET Framework, and SQL Server? Windows Administrator Microsoft Security Baseline Analyzer Group Policy Objects Microsoft Patch Analyzer
Microsoft Security Baseline Analyzer
Which of the following tools uses Microsoft Update and Windows Server Update Services (WSUS) technologies to scan for insecure configuration settings and Windows service packs and patches? Windows Administrator Microsoft Security Baseline Analyzer Group Policy Objects Microsoft Patch Analyzer
Microsoft Security Baseline Analyzer
On a Windows network share, if the user can add, edit, and delete files and folders within the LabFiles folder, what type of access controls and permissions are probably configured? Modify Read and execute List folder contents Full control
Modify
What U.S. federal government agency is charged with the responsibility of creating information security standards and guidelines for use within the federal government and more broadly across industries? Office of Management and Budget (OMB) Department of Defense (DoD) National Institute of Standards and Technology (NIST) Department of Homeland Security (DHS)
NIST
Which of the following is a U.S. federal agency within the Department of Commerce that provides standards for measurement and technology on which nearly all computing devices rely? Institute of Electrical and Electronics Engineers (IEEE) American National Standards Institute (ANSI) World Wide Web Consortium (W3C) National Institute of Standards and Technology (NIST)
NIST
Which type of authentication includes smart cards? Knowledge Ownership Location Action
Ownership
During which step of the incident-handling process do you develop a formal communication plan and identify all key stakeholders? Preparation Identification Notification Documentation
Preparation
Marguerite is creating a budget for a software development project. What phase of the system life cycle is she undertaking? Project initiation and planning Functional requirements and definition System design specification Operations and maintenance
Project initiation and planning
Karen is a hacker. She wants to access a server and control it remotely. The tool she plans to use is a type of Trojan. What tool will Karen use for this purpose? Ping Simple Network Management Protocol (SNMP) agent Network mapper (Nmap) Remote Access Tool (RAT)
RAT
Which of the following attack methods has the advantage of getting around strict inbound firewall protocols? SQL injection Reverse shell Persistent XSS injection Reflective XSS injection
Reflective XSS injection
Which of the following does not need to comply with the Family Educational Rights and Privacy Act (FERPA)? Schools that do not receive federal funds State and local educational agencies Public colleges and universities Primary and secondary schools
Schools that don't recieve
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following? Least privilege Security through obscurity Need to know Separation of duties
Separation of duties
Devaki is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Devaki's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place? Session hijacking Extensible Markup Language (XML) injection Cross-site scripting (XSS) Structured Query Language (SQL) injection
Session hijacking
The chief executive officer (CEO) of a company recently fell victim to an attack. The attackers sent the CEO an email that appeared to come from the company's attorney. The email informed the CEO that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? Spear phishing Pharming Ransomware Command injection
Spear phishing
If it is impractical to place guest users in a secure network, isolated from the production network by firewall barriers, then: guest users should be denied any and all forms of access. unrestricted access and permissions will be the only way realistic way to handle guest users. guest users should be encouraged to use USB ports and CD drives rather than the network. specific areas of access should be determined and they should be as restrictive as possible.
Specific areas...
Which type of virus targets computer hardware and software startup functions? Hardware infector System infector File infector Data infector
System infector
Susan is a digital forensic examiner. She is investigating a case in which a driver has been accused of vehicular homicide. She has the driver's mobile device and cellular records. What type of mobile device evidence is most likely to reveal whether the driver was actively using a mobile device when the incident occurred? Global positioning system (GPS) information and history Network connection information and history Text messages Device information
Text messages
Your incident response team has followed the response plan and isolated all the machines involved in a network breach. The initial analysis was completed based on network activity logs, and a report about the incident was created. Following the initial report, your team has had time to properly image all the drives and perform a more detailed analysis. You are given the task of creating a report to update the situation. What is the best approach? Create a new report that completely replaces the initial report; provide detailed information about all the initial conclusions and the new conclusions. Create a new report that does not reference the initial report; provide detailed conclusions based only on the new information. Create an update-only report similar to the original report; provide detailed information on new or changed conclusions. Identify unchanged conclusions. Do not report on changes discovered after the initial report was filed.
third one
Which of the following pieces of information from a PCAP file obtained on a company's LAN would be a strong indication that data was being sent to an outside agent? A session with attached files A source IP address outside the company's address range A destination IP address outside the company's address range An encrypted protocol
A destination IP address...
Which organization creates information security standards that specifically apply within the European Union (EU)? International Telecommunication Union (ITU) American National Standards Institute (ANSI) European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER) Institute of Electrical and Electronics Engineers (IEEE)
ETSI TC CYBER
Maria is using accounting software to compile sensitive financial information. She receives a phone call and then momentarily leaves her desk. While she's gone, Bill walks past her cubicle and sees that she has not locked her desktop and left data exposed. Bill uses his smartphone to take several photos of this data with the intent of selling it to the company's competitor. What access control compromise is taking place? Accessing networks Eavesdropping by observation Exploiting hardware and software Gaining physical access
Eavesdropping by observation