ITC560 Exam 3
Devaki is a network engineer. She is diagnosing an issue with a small business customers wireless local area network. She knows the Institute of electrical and electronics engineers (IEEE) has created the standards involved in various networks technology while WLAN standards, cover a wide array of subsets, which general standard does she need to consult that addresses all WLANS?
802.11
Devaki is network engineer. She is diagnosing an issue with a small business customers wireless local area network. She knows the institute of electrical and electronics engineers has created the standards involved in various network technologies. While WLAN standards over a wide array of subnets, which general standard does she need to consult that address all WLANs.
802.11
Hajar is responsible for keeping her banking institutions servers operating 24 seven her recovery strategy is to have fully redundant or duplicate operations and synchronize data and to operate the site continuously which strategy has she selected?
Alternate Processing Site, Mirrored Site
Under the Federal Information Security Management Act (FISMA) of 2002, which of the following broadens the scope of FISMA beyond a federal agency and is important because IT systems and functions are often outsourced?
An agency must protect the IT systems that support its operations even if another agency or contractor owns the IT systems.
Mary is designing a software component that will function at the presentation layer of the OSI model. What other two layers of the model will her component need to interact with?
Application Layer and Session Layer
Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) Reference Model. What other two layers of the model will her component need to interact with?
Application and Session
Jiang is pursuing a career in information security. He wants to eventually achieve the ISC certified information systems, security professional certification, but does not have the required experience. If he passes the CISSP exam now, which credential will Jiang get?
Associate of (ISC)2
Joe is the chief executive officer of the company that handles medical billing for several Regional Hospital systems. How would Joe's company be classified under the health insurance portability and accountability act?
Business associate of a covered entity
Betty visits a local library with her young children. She notices that someone using a computer terminal in the library is visiting, pornographic websites. What law requires that the library filter offensive web content for minors?
CIPA
Betty visits a local library with her young children. She notices that someone using a computer terminal is visiting pornographic websites. What law requires that the library filter offensive web content for minors?
CIPA
Hajar has been an (ISC)? Certified Information Systems Security Professional (CISSP) for 10 years. She would like to earn an advanced certification that demonstrates her ability in systems security engineering. Which of the following CISS concentrations would meet Hajar's needs?
CISSP-ISSEP
Arturo is leading a project to commission a new information system that will be used by a U.S. federal government agency. The agency uses the risk management framework (RMF) approach for Federal Information Security Management Act (FISMA) compliance. He is working with his team to assess and document agency IT systems based on risk. What step of the risk management framework is Arturo completing?
Categorize Information Systems
Maria is an IT security professional for a large healthcare corporation. She has been working with the compliance team on a few projects and is expanding her skills to include risk management, as well as control and assurance activities. What ISACA certification would be the best fit?
Certified Information Security Manager
Richard would like to earn a certification that demonstrates his ability to manage enterprise security programs. What certification would be most appropriate for Richard?
Certified Information Security Manager
What certification focuses on information systems, audit, Control, and security professionals?
Certified Information Systems Auditor
Collin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. What certification would be most suitable for this purpose?
Certified Secure Software Lifecycle Professional
Colin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. what certification would be most suitable for this purpose?
Certified Secure Software Lifecycle Professional (CSSLP)
Maria is an IT security professional for a large healthcare corporation. She has been working with the compliance team on a few projects and is expanding her skills to include risk management as well as control and assurance activities what ISACA certification would be the best fit?
Certified in Risk and Information Systems Control (CRISC)
Which of the following should you avoid during a disaster and recover?
Combine services that were on different hardware platforms onto common servers to speed up recovery
During which step of the incident handling process is the goal to contain the incident?
Containment
Maya is creating a computer infrastructure compliant with the payment card industry, data security standard. What type of information is she most likely trying to protect?
Credit card information
Which of the following provides IT and communications support to the White House, secretary of defense, and all military sectors that contribute to the defense of the United States of America?
DISA
Which type of evidence helps explain other evidence and includes visual aids such as charts and graphs?
Demonstrative
Which type of evidence helps explain other evidence and includes visual aids, such as charts and graphs
Demonstrative evidence
Which type of evidence is stored in a computers, memory, as well as on storage devices, as in files, and must be accompanied by documentation that validates the evidence is authenticity?
Digital evidence
A(n) _______ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime (MTD).
Disaster
Which document is the Internet engineering task force request for comments second stage, after participants have demonstrated that the standard has been deployed in working environments?
Draft Standard
which term describes a process that requires an organization to preserve and not alter evidence that may be used in court? This process can help ensure that normal data-handling procedures do not contaminate or even delete data that may be needed for a case.
E-discovery
Tonya is working with a team of subject matter experts to diagnose a problem with her system. The experts determined that the problem likely resides at the transport layer of the OSI model. Which functionality is the most likely suspect?
End-to-end communication maintenance
Which organization creates information security standards that specifically apply within the European Union?
European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER)
True or False? A website designer seeking guidance on how to incorporate, Simple Object Access Protocol (SOAP) and Extensible Markup Language (XML) would most likely consult Internet Engineering Task Force (IETF) requests for comments (RFCS).
False
True or False? CompTIA Security+ is an expert-level security certification.
False
True or False? Symantec offers vendor-neutral certifications as well as certifications for its product lines.
False
True or False? The (ISC Certified Secure Software Lifecycle Professional (CSSLP) credential measures the knowledge and skills necessary for professionals involved in the process of authorizing and maintaining information systems.
False
True or False? The Gramm-Leach-Bliley Act (GLBA) applies to the financial activities of both consumers and privately held companies.
False
True or False? The Health Insurance Portability and Accountability Act (HIPAA) replaced the Health Information Technology for Economic and Clinical Health (HITECH) Act.
False
True or False? The ISACA Certified in Risk and Information Systems Control (CRISC) certification targets security professionals who ensure that their organization satisfies IT governance requirements.
False
True or False? The federal agencies that oversee Gramm-Leach-Bliley Act (GLBA) compliance may not act against the financial institutions that they regulate when those institutions violate GLBA.
False
True or false? All types of disaster recovery sites are available in the cloud.
False
True or false? Business continuity management includes business continuity planning, disaster recovery planning, crisis management, incident response management, and risk management.
False
True or false? CompTia security+ is an expert level security certification.
False
True or false? Cyber terrorism is the use of online media and assets to harass individuals.
False
True or false? During a simulation test of a contingency plan, you must shut down the original system at the primary site for the duration.
False
True or false? Security professionals seeking Cisco certification must begin at the entry level and may work their way through the associate, professional, specialist, and expert levels.
False
True or false? Symantec offers vendor neutral certifications as well as certifications for its product lines.
False
True or false? The health insurance portability and accountability act applies only to current mental and physical health information and payments.
False
True or false? The health insurance portability and accountability act(HIPAA) replace the health information technology for economic and clinical Health(HITECH) Act.
False
True or false? The international organization for standardization publishes the IEEE 802 local area network/metropolitan area network standards family.
False
True or false? Under the payment card industry data security standard, the rules with which an organization must comply depend on which types of payment cards they accept.
False
true or false the national Institute of standards and technology is a non-governmental organization, whose goal is to develop and publish international standards.
False
true or false? Testimonial evidence is often the most important evidence in court because it provides relevance for other types of evidence.
False
true or false? the Internet engineering task force (IETF) request for comments. Development process is conducted solely by scientist on the Internet architecture board.
False
true or false? the international electro technical commission (IEC) develop standards, which cover both wired and wireless communication technologies, that are commonly adopted by member countries in the European union
False
True or false? The process of collecting evidence is called evidence preservation.
False, Evidence acquisition
True or false? The macOS operating system uses the EXT3 or EXT4 for file systems
False, uses APFS
Devaki is a new compliance manager. She is reading about various regulations to determine which ones apply to her industry. What law applies specifically to consumer data that originates in Europe?
GDPR
Which certification program enables credential holders to earn a gold credential through the acceptance of a technical paper that covers an important area of information security?
GIAC
Juan is an experienced information security professional. He has spent a lot of time evaluating computers for evidence of criminal or malicious activity as well as recovering data. Which global information assurance certification credential focus area is most likely to have certifications that are a good fit for Juan's skills and knowledge?
GIAC Certified Forensic Examiner
Lin works for a large finance school institution. She has been asked to create a written information, security program, which must state how the institution collects and uses customer data, and must describe the controls, used to protect that data. She is also in charge of running the program, conducting a risk assessment to identify risks to customer information, and assessing current safeguards to make sure they are affective, among other tasks. Which of the following is she trying to comply with?
GLBA Safeguards Rule
Devaki is a new compliance manager. She is reading about various regulations to determine which ones apply to her industry. What law applies specifically to consumer data that originates in Europe?
General Data Protection Regulation (GDRP)
Which of the following is a unit of measure that represents frequency and is expressed as the number of cycles per second?
Hertz
What organization offers a variety of security certifications that are focused on the requirements of auditors?
ISACA
Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management?
ISO 27002
During which step of the incident-handling process does triage take place?
Identification
Oscar is a digital forensic specialist. He has been given a suspect hard disc that has been physically damaged. He wants to try to recover the data. What is the first step he should take?
Install it in a test system
Fran is interested in learning more about the popular Certified Ethical Hacker credential. What organization should she contact?
International Council of E-Commerce Consultants (EC-Council)
Maria is working on the definition and application of the terms, gauze, hertz, and Weber. Which standards source should she consult?
International Electrotechnical Commission (IEC)
Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) Reference Model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI?
International Organization for Standardization
bill is conducting an analysis of the new IT service. He would like to assess it using the open systems interconnection reference model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI?
International Organization for Standardization (ISO)
Lin is a digital forensic specialist who works in a forensic lab. She is evaluating diagnostic forensic software to add to the lab's toolkit. She wants a tool that is open source that can also be used for penetration testing. Which tool should she choose?
Kali Linux
Lynn is a digital forensic specialist who works in a forensic lab. She is evaluating diagnostic forensic software to add to the labs tool kit. She wants a tool that is open source that can also be used for penetration testing. Which tool should she use?
Kali Linux
Alison retrieved data from a company database containing personal information on customers. When she looks at the Social Security number (SSN) field, she sees values that look like this: "XXX-XX-9142." What has happened to these records?
Masking
Allison retrieve data from a company database containing personal information on customers. When she looks at the Social Security number field, she sees values that look like this: "XX-XX-9142." What happened to these records?
Masking
Which of the following is not true of mobile devices and forensics?
Mobile devices do not need to follow ordinary chain of custody techniques
Which of the following is a U.S. federal agency within the Department of Commerce that provides standards for measurement and technology on which nearly all computing devices rely?
NIST
which of the following is a U.S. Federal agency within the Department of Commerce that provides standards for measurement and technology on which nearly all computing devices rely?
National Institute of Standards and Technology
What type of organizations are required to comply with the Sarbanes Oxley act?
Publicly traded companies
Which method of fault tolerance connects two or more computers to act like a s ingle computer in a highly coordinated manner?
RAID
Which of the following is not true of requests for comments (RFCs)?
RFCs may be modified
Which of the following is not true of request for comments?
RFCs may be modified.
Which type of evidence is any physical object that you can touch or otherwise directly observe, such as a hard drive?
Real evidence
Isabella is an IT security manager for a state agency. The agency can survive for nine hours without a functioning data center. The power goes out in her data center. It takes six hours to move data center operations to an alternate site. Which of the following describes the time it takes for the move?
Recovery Time Objective
During which step of the incident-handling process is the goal to contain the incident?
Response
Which of the following is NOT one of the rights afforded to students (or the parents of a minor student) under the Family Educational Rights and Privacy Act (FERPA)?
Right to delete unwanted information from records: The Family Educational Rights and Privacy Act
Which of the following does not need to comply with the family educational rights and privacy act?
Schools that do not receive federal funding
Helen has no security experience. She would like to earn a certification that demonstrates that she has the basic knowledge necessary to work in the information security field. What certification would be an appropriate first step for her?
Security+
Which of the following items would generally not be considered personally identifiable information?
Social media post
Carl has assembled a team of representatives from each department to test a new business continuity plan during the test, the representatives meet in a room and review many aspects of the plan, such as the goals, scope, assumptions, and the structure of the organization. They also conduct scenario based exercises as though they are executing the plan for a certain type of incident to find errors, such as gaps or overlaps. What type of plan is being conducted?
Structured walk-through
Joe is responsible for the security of the systems that control and monitor devices for a power plant. What type of system does Joe likely administer?
Supervisory Control and Data Acquisition (SCADA)
Ben is working toward a position as a senior security administrator. He would like to earn his first international information systems security certification consortium certification. which certification is most appropriate for his needs?
Systems Security Certified Practitioner
The Internet Engineering Task Force (IETF) works closely with the World Wide Web Consortium (W3C) and the International Organization for Standardization (ISO/International Electrotechnical Commission (IEC) focusing on which of the following?
TCP/IP
Which type of evidence is information collected from individuals that supports and helps to interpret other types of evidence?
Testimonial
What is the determination?
The evidence is either acceptable or unacceptable to a court of law?
How are the health insurance portability and accountability act and payment card industry data security standard alike?
They both have requirements that protect the confidentiality, integrity, and availability of data.
Which term describes a process that requires an organization to preserve and not alter evidence that may be used in court?
This process can help ensure that normal data handling procedures do not contaminate or even delete data that may be needed for a case Legal Hold/Litigation Hold
Under the health insurance portability and accountability act(HIPAA) privacy rule, covered entities may not use or disclose people's protected health information without their written consent, although there are exceptions. Which of the following is generally not an allowed exception under the privacy rule?
To discuss a patient's medical status at a conference
What is the purpose of a disaster recovery plan (DRP):
To minimize disruption to business and IT operations, by keeping downtime of systems to a minimum and preventing significant data loss.
The Internet Engineering Task Force (IETF) works closely with the World Wide Web Consortium (W3C) and the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) focusing on which of the following?
Transmission Control Protocol/Internet Protocol
True or False? A Faraday bag stops any electromagnetic emanations from passing into or out of the bag, preventing a mobile device from communicating with the outside world.
True
True or False? A network engineer in the United States who needs guidance on information security systems could consult the National Institute of Standards and Technology (NIST) Special Publications 800 series.
True
True or False? A primary concern for collected evidence is the preservation of its collected state, which means assurance that evidence remains unchanged from its state when it was collected.
True
True or False? A successful business impact analysis (BIA) maps the context, the critical business functions (BFS), and the processes on which they rely.
True
True or False? An organization can maintain a cloud based disaster recovery site for a traction of the cost of a physical site.
True
True or False? Any component that, if it fails, could interrupt business processing is a single point of failure (SPOF).
True
True or False? Any component that, if it fails, could interrupt business processing is called a single point of failure (SPOF).
True
True or False? Certified Internet Web Professional (CIW) offers several credentials that focus on both general and web-related security.
True
True or False? Digital forensics is the process of using well-defined analytical and investigative techniques to guide the processes of collecting and examining evidence related to a computer security incident.
True
True or False? E-discovery is an iterative process of examining storage media, searching for items of interest, identifying likely items that may have value as evidence, and then recovering those items.
True
True or False? Even if a mobile device is deemed not to be a direct part of a crime or incident, its ability to record the environment of an attacker during the incident could be material?
True
True or False? Fault-tolerance options are not replacements for data backups.
True
True or False? ISO/IC 27002 provides organizations with best-practice recommendations on information security management.
True
True or False? In an incremental backup, you start with a full back up when network traffic is light. Then, each night, you back up only that day's changes.
True
True or False? Juniper Networks offers vendor-specific certifications for its networking product line.
True
True or False? Sarbanes-Oxley Act (SOX) Section 404 requires an organization's executive officers to establish, maintain, review, and report on the effectiveness of the company's internal controls over financial reporting (ICFR).
True
True or False? Schools and libraries that must comply with the Children's Internet Protection Act (CIPA) must also have some way to allow adults unfiltered Internet access.
True
True or False? The Institute of Electrical and Electronics Engineers (IEEE) develops and distributes standards that relate to electricity and electronics.
True
True or False? The emergency operations center (EOC) is the place where an organization's recovery team will meet and work during a disruption.
True
True or False? The process of collecting evidence is called evidence preservation.
True
True or False? The purpose of the Children's Online Privacy Protection Act of 1998 (COPPA) is to restrict the online collection of personal information of children under 13 years of age.
True
True or False? Time stamps correspond to computer log files to help coordinate a sequence of events and are accurate to at least the second.
True
True or False? When outsourcing operations to a cloud service provider, the client is responsible for determining the best fault tolerance implementations to meet the service level agreement availability requirements.
True
True or False? Whereas a vendor-neutral certification covers concepts and topics that are general in nature, a vendor-specific certification focuses on a specific product or product line.
True
True or False? While running business operations at an alternate site, you must continue to make backups of data and systems.
True
True or false World Wide Web Consortium (W3C) standards and specifications ensure that web applications, interact with web components from other vendors.
True
True or false? A certification is an official statement that validates that a person has satisfied specific job Requirements.
True
True or false? A faraday bag stops any electromagnetic imaginations from passing into or out of the bag, preventing a mobile device from communicating with the outside world
True
True or false? A network engineer in the United States who needs guidance on information security systems could consult the national Institute of standards and technology special publications, 800 series
True
True or false? All checkpoint certification exams involve some hands-on experience
True
True or false? All types of evidence are subject to the chain of custody procedures.
True
True or false? Certified Internet web professional offer several credentials that focus on both general and Webb related security
True
True or false? Examples of major disruptions include extreme weather, application, failure, and criminal activity.
True
True or false? Generally, once evidence becomes inadmissible, it cannot be fixed.
True
True or false? ISO/IEC27002 provides organizations with the best practice recommendations on information, security management
True
True or false? Juniper Networks offers vendor specific certifications for its networking product line.
True
True or false? Operating systems remove data when a file is deleted.
True
True or false? Patching computers and devices with the latest security fixes makes them more resistant to many types of attacks.
True
True or false? Regarding disaster recovery, an alternate processing center or mirrored site is always ready and under the organizations control.
True
True or false? The Graham-Leach Bliley act applies to the financial activities of both consumers and privately held companies.
True
True or false? The ISC healthcare certified information security and privacy practitioner. Credential recognizes the knowledge and skills necessary to perform and conduct security and privacy work for health care organizations.
True
True or false? The US Department of Defense cyber crime division (DC3) set standards for digital evidence processing, analysis, and diagnostics.
True
True or false? The federal information security modernization act of 2014 assigned the Department of Homeland security the responsibility for developing, implementing, and ensuring federal government wide compliance as per FISM information security policies procedures and security controls.
True
True or false? The international electro technical commission (IEC) is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.
True
True or false? The international electro technical commission is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes
True
True or false? The national initiative for cybersecurity education training framework provides descriptions of work roles and specialty areas for information security professionals.
True
True or false? The term computer crime typically refers to crimes that target, computer resources, either data that computer store or the services they provide, or both
True
True or false? There are excellent security professionals who hold no certifications
True
True or false? There are excellent security professionals, who hold no certifications
True
True or false? Today's mobile devices almost all run with either iOS or android
True
True or false? Two common methods to protect evidence during imaging are to use forensics software that forces read only mode or connect to the evidence device using a hardware interface that blocks any right operations
True
True or false? Visa, MasterCard, and other payment card vendors helped to create the payment card industry data security standard.
True
True or false? Visa, MasterCard, and other payment card, vendors help to create the payment card, industry, data security, standard.
True
True or false? Whereas a vendor, neutral certification covers concepts, and topics that are general in nature, a vendor specific certification focuses on a specific product or product line
True
What certification focuses on information systems audit, control, and security professionals?
True
true or false? Even if a mobile device is deemed not to be a direct part of a crime or incident, it's ability to record the environment of an attacker during incident could be material.
True
true or false? One requirement of the GIAC security expert credential is that candidates must hold three GI AC credentials, with two of the credentials being gold.
True
true or false? Standards provide guidelines to ensure that products in today's computing environments work together.
True
true or false? The Internet engineering task force is a collection of working groups, and each working group addresses a specific topic
True
true or false? The system security certified practitioner credential covers 7 domains of best practices for information security.
True
The FAT32 and NTFS file systems are associated with which of the following?
Windows
Which type of evidence is information collected from individuals that supports and helps to interpret other types of evidence.
Witness Evidence
True or false? The Graham Leach Bliley act applies to the financial activities of both consumers and privately held company's.
false
Tim is implementing a set of controls design to ensure that financial reports, records, and data are accurately maintained. What information security goal is Tim attempting to achieve?
integrity
Which term describes a process that requires an organization to preserve and not alter evidence that may be used in court? This process can help ensure that normal data-handling procedures do not contaminate or even delete data that may be needed for a case.
legal hold
True or false? Forensic labs may use both open source and commercial software for digital analysis.
true
True or false? The federal information security modernization act of 2014 assigned the department of homeland, security, the responsibility for developing, implementing, and ensuring federal government wide compliance as per FISMA, information, security, policies, procedures, and security controls
true