ITC560 Exam 3

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Devaki is a network engineer. She is diagnosing an issue with a small business customers wireless local area network. She knows the Institute of electrical and electronics engineers (IEEE) has created the standards involved in various networks technology while WLAN standards, cover a wide array of subsets, which general standard does she need to consult that addresses all WLANS?

802.11

Devaki is network engineer. She is diagnosing an issue with a small business customers wireless local area network. She knows the institute of electrical and electronics engineers has created the standards involved in various network technologies. While WLAN standards over a wide array of subnets, which general standard does she need to consult that address all WLANs.

802.11

Hajar is responsible for keeping her banking institutions servers operating 24 seven her recovery strategy is to have fully redundant or duplicate operations and synchronize data and to operate the site continuously which strategy has she selected?

Alternate Processing Site, Mirrored Site

Under the Federal Information Security Management Act (FISMA) of 2002, which of the following broadens the scope of FISMA beyond a federal agency and is important because IT systems and functions are often outsourced?

An agency must protect the IT systems that support its operations even if another agency or contractor owns the IT systems.

Mary is designing a software component that will function at the presentation layer of the OSI model. What other two layers of the model will her component need to interact with?

Application Layer and Session Layer

Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) Reference Model. What other two layers of the model will her component need to interact with?

Application and Session

Jiang is pursuing a career in information security. He wants to eventually achieve the ISC certified information systems, security professional certification, but does not have the required experience. If he passes the CISSP exam now, which credential will Jiang get?

Associate of (ISC)2

Joe is the chief executive officer of the company that handles medical billing for several Regional Hospital systems. How would Joe's company be classified under the health insurance portability and accountability act?

Business associate of a covered entity

Betty visits a local library with her young children. She notices that someone using a computer terminal in the library is visiting, pornographic websites. What law requires that the library filter offensive web content for minors?

CIPA

Betty visits a local library with her young children. She notices that someone using a computer terminal is visiting pornographic websites. What law requires that the library filter offensive web content for minors?

CIPA

Hajar has been an (ISC)? Certified Information Systems Security Professional (CISSP) for 10 years. She would like to earn an advanced certification that demonstrates her ability in systems security engineering. Which of the following CISS concentrations would meet Hajar's needs?

CISSP-ISSEP

Arturo is leading a project to commission a new information system that will be used by a U.S. federal government agency. The agency uses the risk management framework (RMF) approach for Federal Information Security Management Act (FISMA) compliance. He is working with his team to assess and document agency IT systems based on risk. What step of the risk management framework is Arturo completing?

Categorize Information Systems

Maria is an IT security professional for a large healthcare corporation. She has been working with the compliance team on a few projects and is expanding her skills to include risk management, as well as control and assurance activities. What ISACA certification would be the best fit?

Certified Information Security Manager

Richard would like to earn a certification that demonstrates his ability to manage enterprise security programs. What certification would be most appropriate for Richard?

Certified Information Security Manager

What certification focuses on information systems, audit, Control, and security professionals?

Certified Information Systems Auditor

Collin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. What certification would be most suitable for this purpose?

Certified Secure Software Lifecycle Professional

Colin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. what certification would be most suitable for this purpose?

Certified Secure Software Lifecycle Professional (CSSLP)

Maria is an IT security professional for a large healthcare corporation. She has been working with the compliance team on a few projects and is expanding her skills to include risk management as well as control and assurance activities what ISACA certification would be the best fit?

Certified in Risk and Information Systems Control (CRISC)

Which of the following should you avoid during a disaster and recover?

Combine services that were on different hardware platforms onto common servers to speed up recovery

During which step of the incident handling process is the goal to contain the incident?

Containment

Maya is creating a computer infrastructure compliant with the payment card industry, data security standard. What type of information is she most likely trying to protect?

Credit card information

Which of the following provides IT and communications support to the White House, secretary of defense, and all military sectors that contribute to the defense of the United States of America?

DISA

Which type of evidence helps explain other evidence and includes visual aids such as charts and graphs?

Demonstrative

Which type of evidence helps explain other evidence and includes visual aids, such as charts and graphs

Demonstrative evidence

Which type of evidence is stored in a computers, memory, as well as on storage devices, as in files, and must be accompanied by documentation that validates the evidence is authenticity?

Digital evidence

A(n) _______ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime (MTD).

Disaster

Which document is the Internet engineering task force request for comments second stage, after participants have demonstrated that the standard has been deployed in working environments?

Draft Standard

which term describes a process that requires an organization to preserve and not alter evidence that may be used in court? This process can help ensure that normal data-handling procedures do not contaminate or even delete data that may be needed for a case.

E-discovery

Tonya is working with a team of subject matter experts to diagnose a problem with her system. The experts determined that the problem likely resides at the transport layer of the OSI model. Which functionality is the most likely suspect?

End-to-end communication maintenance

Which organization creates information security standards that specifically apply within the European Union?

European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER)

True or False? A website designer seeking guidance on how to incorporate, Simple Object Access Protocol (SOAP) and Extensible Markup Language (XML) would most likely consult Internet Engineering Task Force (IETF) requests for comments (RFCS).

False

True or False? CompTIA Security+ is an expert-level security certification.

False

True or False? Symantec offers vendor-neutral certifications as well as certifications for its product lines.

False

True or False? The (ISC Certified Secure Software Lifecycle Professional (CSSLP) credential measures the knowledge and skills necessary for professionals involved in the process of authorizing and maintaining information systems.

False

True or False? The Gramm-Leach-Bliley Act (GLBA) applies to the financial activities of both consumers and privately held companies.

False

True or False? The Health Insurance Portability and Accountability Act (HIPAA) replaced the Health Information Technology for Economic and Clinical Health (HITECH) Act.

False

True or False? The ISACA Certified in Risk and Information Systems Control (CRISC) certification targets security professionals who ensure that their organization satisfies IT governance requirements.

False

True or False? The federal agencies that oversee Gramm-Leach-Bliley Act (GLBA) compliance may not act against the financial institutions that they regulate when those institutions violate GLBA.

False

True or false? All types of disaster recovery sites are available in the cloud.

False

True or false? Business continuity management includes business continuity planning, disaster recovery planning, crisis management, incident response management, and risk management.

False

True or false? CompTia security+ is an expert level security certification.

False

True or false? Cyber terrorism is the use of online media and assets to harass individuals.

False

True or false? During a simulation test of a contingency plan, you must shut down the original system at the primary site for the duration.

False

True or false? Security professionals seeking Cisco certification must begin at the entry level and may work their way through the associate, professional, specialist, and expert levels.

False

True or false? Symantec offers vendor neutral certifications as well as certifications for its product lines.

False

True or false? The health insurance portability and accountability act applies only to current mental and physical health information and payments.

False

True or false? The health insurance portability and accountability act(HIPAA) replace the health information technology for economic and clinical Health(HITECH) Act.

False

True or false? The international organization for standardization publishes the IEEE 802 local area network/metropolitan area network standards family.

False

True or false? Under the payment card industry data security standard, the rules with which an organization must comply depend on which types of payment cards they accept.

False

true or false the national Institute of standards and technology is a non-governmental organization, whose goal is to develop and publish international standards.

False

true or false? Testimonial evidence is often the most important evidence in court because it provides relevance for other types of evidence.

False

true or false? the Internet engineering task force (IETF) request for comments. Development process is conducted solely by scientist on the Internet architecture board.

False

true or false? the international electro technical commission (IEC) develop standards, which cover both wired and wireless communication technologies, that are commonly adopted by member countries in the European union

False

True or false? The process of collecting evidence is called evidence preservation.

False, Evidence acquisition

True or false? The macOS operating system uses the EXT3 or EXT4 for file systems

False, uses APFS

Devaki is a new compliance manager. She is reading about various regulations to determine which ones apply to her industry. What law applies specifically to consumer data that originates in Europe?

GDPR

Which certification program enables credential holders to earn a gold credential through the acceptance of a technical paper that covers an important area of information security?

GIAC

Juan is an experienced information security professional. He has spent a lot of time evaluating computers for evidence of criminal or malicious activity as well as recovering data. Which global information assurance certification credential focus area is most likely to have certifications that are a good fit for Juan's skills and knowledge?

GIAC Certified Forensic Examiner

Lin works for a large finance school institution. She has been asked to create a written information, security program, which must state how the institution collects and uses customer data, and must describe the controls, used to protect that data. She is also in charge of running the program, conducting a risk assessment to identify risks to customer information, and assessing current safeguards to make sure they are affective, among other tasks. Which of the following is she trying to comply with?

GLBA Safeguards Rule

Devaki is a new compliance manager. She is reading about various regulations to determine which ones apply to her industry. What law applies specifically to consumer data that originates in Europe?

General Data Protection Regulation (GDRP)

Which of the following is a unit of measure that represents frequency and is expressed as the number of cycles per second?

Hertz

What organization offers a variety of security certifications that are focused on the requirements of auditors?

ISACA

Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management?

ISO 27002

During which step of the incident-handling process does triage take place?

Identification

Oscar is a digital forensic specialist. He has been given a suspect hard disc that has been physically damaged. He wants to try to recover the data. What is the first step he should take?

Install it in a test system

Fran is interested in learning more about the popular Certified Ethical Hacker credential. What organization should she contact?

International Council of E-Commerce Consultants (EC-Council)

Maria is working on the definition and application of the terms, gauze, hertz, and Weber. Which standards source should she consult?

International Electrotechnical Commission (IEC)

Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) Reference Model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI?

International Organization for Standardization

bill is conducting an analysis of the new IT service. He would like to assess it using the open systems interconnection reference model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI?

International Organization for Standardization (ISO)

Lin is a digital forensic specialist who works in a forensic lab. She is evaluating diagnostic forensic software to add to the lab's toolkit. She wants a tool that is open source that can also be used for penetration testing. Which tool should she choose?

Kali Linux

Lynn is a digital forensic specialist who works in a forensic lab. She is evaluating diagnostic forensic software to add to the labs tool kit. She wants a tool that is open source that can also be used for penetration testing. Which tool should she use?

Kali Linux

Alison retrieved data from a company database containing personal information on customers. When she looks at the Social Security number (SSN) field, she sees values that look like this: "XXX-XX-9142." What has happened to these records?

Masking

Allison retrieve data from a company database containing personal information on customers. When she looks at the Social Security number field, she sees values that look like this: "XX-XX-9142." What happened to these records?

Masking

Which of the following is not true of mobile devices and forensics?

Mobile devices do not need to follow ordinary chain of custody techniques

Which of the following is a U.S. federal agency within the Department of Commerce that provides standards for measurement and technology on which nearly all computing devices rely?

NIST

which of the following is a U.S. Federal agency within the Department of Commerce that provides standards for measurement and technology on which nearly all computing devices rely?

National Institute of Standards and Technology

What type of organizations are required to comply with the Sarbanes Oxley act?

Publicly traded companies

Which method of fault tolerance connects two or more computers to act like a s ingle computer in a highly coordinated manner?

RAID

Which of the following is not true of requests for comments (RFCs)?

RFCs may be modified

Which of the following is not true of request for comments?

RFCs may be modified.

Which type of evidence is any physical object that you can touch or otherwise directly observe, such as a hard drive?

Real evidence

Isabella is an IT security manager for a state agency. The agency can survive for nine hours without a functioning data center. The power goes out in her data center. It takes six hours to move data center operations to an alternate site. Which of the following describes the time it takes for the move?

Recovery Time Objective

During which step of the incident-handling process is the goal to contain the incident?

Response

Which of the following is NOT one of the rights afforded to students (or the parents of a minor student) under the Family Educational Rights and Privacy Act (FERPA)?

Right to delete unwanted information from records: The Family Educational Rights and Privacy Act

Which of the following does not need to comply with the family educational rights and privacy act?

Schools that do not receive federal funding

Helen has no security experience. She would like to earn a certification that demonstrates that she has the basic knowledge necessary to work in the information security field. What certification would be an appropriate first step for her?

Security+

Which of the following items would generally not be considered personally identifiable information?

Social media post

Carl has assembled a team of representatives from each department to test a new business continuity plan during the test, the representatives meet in a room and review many aspects of the plan, such as the goals, scope, assumptions, and the structure of the organization. They also conduct scenario based exercises as though they are executing the plan for a certain type of incident to find errors, such as gaps or overlaps. What type of plan is being conducted?

Structured walk-through

Joe is responsible for the security of the systems that control and monitor devices for a power plant. What type of system does Joe likely administer?

Supervisory Control and Data Acquisition (SCADA)

Ben is working toward a position as a senior security administrator. He would like to earn his first international information systems security certification consortium certification. which certification is most appropriate for his needs?

Systems Security Certified Practitioner

The Internet Engineering Task Force (IETF) works closely with the World Wide Web Consortium (W3C) and the International Organization for Standardization (ISO/International Electrotechnical Commission (IEC) focusing on which of the following?

TCP/IP

Which type of evidence is information collected from individuals that supports and helps to interpret other types of evidence?

Testimonial

What is the determination?

The evidence is either acceptable or unacceptable to a court of law?

How are the health insurance portability and accountability act and payment card industry data security standard alike?

They both have requirements that protect the confidentiality, integrity, and availability of data.

Which term describes a process that requires an organization to preserve and not alter evidence that may be used in court?

This process can help ensure that normal data handling procedures do not contaminate or even delete data that may be needed for a case Legal Hold/Litigation Hold

Under the health insurance portability and accountability act(HIPAA) privacy rule, covered entities may not use or disclose people's protected health information without their written consent, although there are exceptions. Which of the following is generally not an allowed exception under the privacy rule?

To discuss a patient's medical status at a conference

What is the purpose of a disaster recovery plan (DRP):

To minimize disruption to business and IT operations, by keeping downtime of systems to a minimum and preventing significant data loss.

The Internet Engineering Task Force (IETF) works closely with the World Wide Web Consortium (W3C) and the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) focusing on which of the following?

Transmission Control Protocol/Internet Protocol

True or False? A Faraday bag stops any electromagnetic emanations from passing into or out of the bag, preventing a mobile device from communicating with the outside world.

True

True or False? A network engineer in the United States who needs guidance on information security systems could consult the National Institute of Standards and Technology (NIST) Special Publications 800 series.

True

True or False? A primary concern for collected evidence is the preservation of its collected state, which means assurance that evidence remains unchanged from its state when it was collected.

True

True or False? A successful business impact analysis (BIA) maps the context, the critical business functions (BFS), and the processes on which they rely.

True

True or False? An organization can maintain a cloud based disaster recovery site for a traction of the cost of a physical site.

True

True or False? Any component that, if it fails, could interrupt business processing is a single point of failure (SPOF).

True

True or False? Any component that, if it fails, could interrupt business processing is called a single point of failure (SPOF).

True

True or False? Certified Internet Web Professional (CIW) offers several credentials that focus on both general and web-related security.

True

True or False? Digital forensics is the process of using well-defined analytical and investigative techniques to guide the processes of collecting and examining evidence related to a computer security incident.

True

True or False? E-discovery is an iterative process of examining storage media, searching for items of interest, identifying likely items that may have value as evidence, and then recovering those items.

True

True or False? Even if a mobile device is deemed not to be a direct part of a crime or incident, its ability to record the environment of an attacker during the incident could be material?

True

True or False? Fault-tolerance options are not replacements for data backups.

True

True or False? ISO/IC 27002 provides organizations with best-practice recommendations on information security management.

True

True or False? In an incremental backup, you start with a full back up when network traffic is light. Then, each night, you back up only that day's changes.

True

True or False? Juniper Networks offers vendor-specific certifications for its networking product line.

True

True or False? Sarbanes-Oxley Act (SOX) Section 404 requires an organization's executive officers to establish, maintain, review, and report on the effectiveness of the company's internal controls over financial reporting (ICFR).

True

True or False? Schools and libraries that must comply with the Children's Internet Protection Act (CIPA) must also have some way to allow adults unfiltered Internet access.

True

True or False? The Institute of Electrical and Electronics Engineers (IEEE) develops and distributes standards that relate to electricity and electronics.

True

True or False? The emergency operations center (EOC) is the place where an organization's recovery team will meet and work during a disruption.

True

True or False? The process of collecting evidence is called evidence preservation.

True

True or False? The purpose of the Children's Online Privacy Protection Act of 1998 (COPPA) is to restrict the online collection of personal information of children under 13 years of age.

True

True or False? Time stamps correspond to computer log files to help coordinate a sequence of events and are accurate to at least the second.

True

True or False? When outsourcing operations to a cloud service provider, the client is responsible for determining the best fault tolerance implementations to meet the service level agreement availability requirements.

True

True or False? Whereas a vendor-neutral certification covers concepts and topics that are general in nature, a vendor-specific certification focuses on a specific product or product line.

True

True or False? While running business operations at an alternate site, you must continue to make backups of data and systems.

True

True or false World Wide Web Consortium (W3C) standards and specifications ensure that web applications, interact with web components from other vendors.

True

True or false? A certification is an official statement that validates that a person has satisfied specific job Requirements.

True

True or false? A faraday bag stops any electromagnetic imaginations from passing into or out of the bag, preventing a mobile device from communicating with the outside world

True

True or false? A network engineer in the United States who needs guidance on information security systems could consult the national Institute of standards and technology special publications, 800 series

True

True or false? All checkpoint certification exams involve some hands-on experience

True

True or false? All types of evidence are subject to the chain of custody procedures.

True

True or false? Certified Internet web professional offer several credentials that focus on both general and Webb related security

True

True or false? Examples of major disruptions include extreme weather, application, failure, and criminal activity.

True

True or false? Generally, once evidence becomes inadmissible, it cannot be fixed.

True

True or false? ISO/IEC27002 provides organizations with the best practice recommendations on information, security management

True

True or false? Juniper Networks offers vendor specific certifications for its networking product line.

True

True or false? Operating systems remove data when a file is deleted.

True

True or false? Patching computers and devices with the latest security fixes makes them more resistant to many types of attacks.

True

True or false? Regarding disaster recovery, an alternate processing center or mirrored site is always ready and under the organizations control.

True

True or false? The Graham-Leach Bliley act applies to the financial activities of both consumers and privately held companies.

True

True or false? The ISC healthcare certified information security and privacy practitioner. Credential recognizes the knowledge and skills necessary to perform and conduct security and privacy work for health care organizations.

True

True or false? The US Department of Defense cyber crime division (DC3) set standards for digital evidence processing, analysis, and diagnostics.

True

True or false? The federal information security modernization act of 2014 assigned the Department of Homeland security the responsibility for developing, implementing, and ensuring federal government wide compliance as per FISM information security policies procedures and security controls.

True

True or false? The international electro technical commission (IEC) is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.

True

True or false? The international electro technical commission is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes

True

True or false? The national initiative for cybersecurity education training framework provides descriptions of work roles and specialty areas for information security professionals.

True

True or false? The term computer crime typically refers to crimes that target, computer resources, either data that computer store or the services they provide, or both

True

True or false? There are excellent security professionals who hold no certifications

True

True or false? There are excellent security professionals, who hold no certifications

True

True or false? Today's mobile devices almost all run with either iOS or android

True

True or false? Two common methods to protect evidence during imaging are to use forensics software that forces read only mode or connect to the evidence device using a hardware interface that blocks any right operations

True

True or false? Visa, MasterCard, and other payment card vendors helped to create the payment card industry data security standard.

True

True or false? Visa, MasterCard, and other payment card, vendors help to create the payment card, industry, data security, standard.

True

True or false? Whereas a vendor, neutral certification covers concepts, and topics that are general in nature, a vendor specific certification focuses on a specific product or product line

True

What certification focuses on information systems audit, control, and security professionals?

True

true or false? Even if a mobile device is deemed not to be a direct part of a crime or incident, it's ability to record the environment of an attacker during incident could be material.

True

true or false? One requirement of the GIAC security expert credential is that candidates must hold three GI AC credentials, with two of the credentials being gold.

True

true or false? Standards provide guidelines to ensure that products in today's computing environments work together.

True

true or false? The Internet engineering task force is a collection of working groups, and each working group addresses a specific topic

True

true or false? The system security certified practitioner credential covers 7 domains of best practices for information security.

True

The FAT32 and NTFS file systems are associated with which of the following?

Windows

Which type of evidence is information collected from individuals that supports and helps to interpret other types of evidence.

Witness Evidence

True or false? The Graham Leach Bliley act applies to the financial activities of both consumers and privately held company's.

false

Tim is implementing a set of controls design to ensure that financial reports, records, and data are accurately maintained. What information security goal is Tim attempting to achieve?

integrity

Which term describes a process that requires an organization to preserve and not alter evidence that may be used in court? This process can help ensure that normal data-handling procedures do not contaminate or even delete data that may be needed for a case.

legal hold

True or false? Forensic labs may use both open source and commercial software for digital analysis.

true

True or false? The federal information security modernization act of 2014 assigned the department of homeland, security, the responsibility for developing, implementing, and ensuring federal government wide compliance as per FISMA, information, security, policies, procedures, and security controls

true


Ensembles d'études connexes

Chapter 3: Compartmentation: Cells and Tissues

View Set

Subset 1 English Elementary Education

View Set

ACCT 2001: Chapter 7 (Inventory & CGS)

View Set

CSCI 270 Intro To Networking (Unit 1)

View Set

Head - (Dura, Arachnoid, and PIa Mater) - Brain Meninges / Sinsus

View Set

Saunder NCLEX 7th ed: Ch 39-40: Integumentary System & Medications

View Set

Telecom Chapter 2 - Network Standards

View Set