MIS 374-Practice Exam 2

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall?

25

Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?

443

What is NOT a valid encryption key length for use with the Blowfish algorithm?

512 bits

Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?

Accountability

Alice would like to send a message to Bob using a digital signature. What cryptographic key does alice use to create the digital signature?

Alice's private key

Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?

Alices private key

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?

Audit

During what phase of a remote access connection does the end user prove his or her claim of identity?

Authentication

During which phase of the access control process does the system answer the question, "What can the requestor access?"

Authorization

Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?

Authorization

Which information security objective allows trusted entities to endorse information?

Certification

which information security objective allows trusted entities to endorse information?

Certification

Which audit data collection method ensures that information gathering covers all relevant areas

Checklist

An algorithm used for cryptographic purposes is known as a __________.

Cipher

Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking?

Confidentiality

Which activity manages the baseline settings for a system or device?

Configuration control

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?

Cross-site scripting (XSS)

Betty receives a cipher text message from her colleague Tim. What type of function does Betty need to use to read the plaintext message?

Decryption

Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?

Diffie-Hellman

A __________ is a representation of a physical signature stored in a digital format.

Digital signature

Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?

Discretionary access control (DAC)

The act of scrambling plaintext into ciphertext is known as __________.

Encryption

what mathematical problem forms the basis of most modern cryptographic algorithms?

Factoring Large Primes

A private key cipher is also called an asymmetric key cipher.

False

Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?

False positive error

What is NOT a good approach for destroying data on a magnetic disc?

Formatting

what type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?

Hash

which one of the following is an example of a logical access control?

Password

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?

SQL injection

In what type attack does the attacker send unauthorized commands directly to database?

SQL injection

There are several types of software development methods, but most traditional methods are based on the ________ model.

WaterFall

In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?

Waterfall

What standard is NOT secure and should never be used on modern wireless networks?

Wired Equivalent Privacy (WEP)

What wireless security technology contains significant flaws and should never be used?

Wired Equivalent Privacy (WEP)

legacy encryption for wireless networks. it is weak and does not provide sufficient protection for most traffic

Wired Equivalent Privacy(WEP)

Which cryptographic attack offers cryptanalysts the most information about how an encryption algorithm works?

chosen plaintext

Which intrusion detection system strategy relies upon pattern matching?

signature detection

Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?

Alices public key

Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?

Black-box test

Alice would like to send a message to Bob securely and wishes to encrypt the contents of the message. What key does she use to encrypt this message?

Bobs public key

Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?

Brute-force attack

Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?

Integrity

which of the following is an example of a hardware security control?

MAC filtering

When should an organization's managers have an opportunity to respond to the findings in an audit?

Managers should include their responses to the draft audit report in the final audit report.

Which agreement type is typically less formal than other agreements and expresses areas of common interest?

Memorandum of understanding (MOU)

which security testing activity uses tools that scan for services running on system?

Network mapping

Which regulatory standard would NOT require audits of companies in the United States?

Personal Information Protection and Electronic Documents Act

what is NOT a goal of information security awareness programs ?

Punish users who violate policy

which item is an auditor least likely to review during a system controls audit?

Resumes of system administrators

In what type of attack does the attacker send unauthorized commands directly to a database?

SQL injection

Having one person authorized to write checks and another to issue checks is an example of

Separation of duties

An encryption cipher that uses the same key to encrypt and decrypt is called a(n) __________ key.

Symmetric

DES, IDEA, RC4, and WEP are examples of __________.

Symmetric algorithms

This security monitoring tool would identify an unauthorized change to a computer system

System integrity monitoring

Which type of cipher works by rearranging the characters in a message?

Transposition

Current encryption for wireless networks. Much stronger than WEP, it is the recommended encryption for wireless use

Wi-Fi Protected Access (WPA)

Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing?

Separation of duties

Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?

Service level agreement (SLA)

Which set of characteristics describes the Caesar cipher accurately?

Symmetric, Stream, Substitution

Which set of characteristics describes the Caesar cipher accurately?

Symmetric, stream, substitution


Ensembles d'études connexes

chapter 6 psychology study guide

View Set

Leveraging IS in Business Midterm

View Set

OM 300 Module 14: Lean Operations

View Set

ATI TEAS science (S.1.1 General Anatomy & Physiology of a human), ATI TEAS 6 Review, ATI TEAS 6 - English & Language, TEAS 6 SCIENCE (IN-DEPTH BEYOND STUDY GUIDES), ATI TEAS 6 - Science (Human Anatomy and Physiology)

View Set

Intro to solid earth lecture: final exam

View Set

Geometry quiz: 6.1,6.2 Review Similarity and Mid-segments

View Set