Security Final

Which term refers to the path or tool used by an attacker to attack a target? •A. Baseline monitor •B. Threat vector •C. Configuration scanner •D. Target actor

•B. Threat vector

The security kernel is also known as a __________. •A. baseline monitor •B. reference monitor •C. baseline reference •D. secure monitor

•B. reference monitor

A honeypot is sometimes called a(n) __________. •A. antivirus packet •B. SPAN •C. digital sandbox •D. firewall

•C. digital sandbox

Which type of testing involves running the system under a controlled speed environment? •A. Fuzz testing •B. Penetration testing •C. Stress testing •D. Load testing

•D. Load testing

Which term refers to the quarantine or isolation of a system from its surroundings? •A. Demilitarized zoning •B. Read-only domain controller pruning •C. Egress filtering •D. Sandboxing

•D. Sandboxing

Which law overhauled the financial accounting standards for publicly traded firms in the United States? •A. Computer Fraud and Abuse Act •B. Stored Communications Act •C. CAN-SPAM Act •D. Sarbanes-Oxley Act

•D. Sarbanes-Oxley Act

__________ systems are a combination of hardware and software designed to classify and analyze security data from numerous sources. •A. Port scanning •B. Honeypot •C. Network security monitoring (NSM) •D. Security information and event management (SIEM)

•D. Security information and event management (SIEM)

In which phase of the secure development lifecycle model would you employ use cases? •A. Coding phase •B. Design phase •C. Requirements phase •D. Testing phase

•D. Testing phase

What does a host-based IDS monitor? •A. Activity on an individual system •B. Activity on the network itself •C. A honeynet •D. A digital sandbox

A. Activity on an individual system

Certificates vouch for code security.

FALSE

TLS is dead and SSL is the path forward.

FALSE

Usually risk management includes both qualitative and quantitative elements.

TRUE

Virtualization can be used as a form of sandboxing with respect to an entire system.

TRUE

Windows Defender is now standard with all versions of the Windows desktop operating systems

TRUE

major focus of the disaster recovery plan (DRP) is the protection of human life.

TRUE

hich TCP port does SMTP use by default? •A. 25 •B. 110 •C. 143 •D. 443

•A. 25

What is the first step in the general risk management model? •A. Asset identification •B. Threat assessment •C. Impact determination and quantification •D. Residual risk management

•A. Asset identification

The two main places to filter spam are at the __________. •A. host itself and the server •B. firewall and the LAN •C. proxy server and the LAN •D. host itself and the firewall

•A. host itself and the server

The Wassenaar Arrangement can be described as a(n) __________. •A. international arrangement on export controls for conventional arms and dual-use goods and technologies •B. international arrangement on import controls and unconventional arms •C. rule governing encryption and decryption in the United States •D. rule governing interstate trade and accessibility in the United States

•A. international arrangement on export controls for conventional arms and dual-use goods and technologies

All accesses and privileges to systems, software, or data should be granted based on the principle of __________. •A. least privilege •B. role-based access •C. minimum use •D. activity-based access

•A. least privilege

DNS __________ is a variant of a larger attack class referred to as DNS spoofing, in which an attacker changes a DNS record through any of a multitude of means. •A. poisoning •B. smurfing •C. caching •D. kiting

•A. poisoning

What command stops a service in UNIX? •A. Stop •B. Kill •C. End •D. Finish

•B. Kill

In a UNIX operating system, which runlevel reboots the machine? •A. 0 •B. 1 •C. 3 •D. 6

D. 6

A birthday attack is a type of logic bomb virus that releases its payload on some famous person's birthday, such as Michelangelo.

FALSE

A control classified as preventative has to be known by a person in order to be effective.

FALSE

A worm is malicious code that has to attach itself to something else to survive.

FALSE

All data is equally important, and it is equally damaging in the event of loss.

FALSE

Backups can prevent a security event from occurring.

FALSE

Buffer overflow is one of the most common web attack methodologies.

FALSE

Change management should only be used in the quality assurance (QA) phase of a system's life.

FALSE

Changing a file's extension will alter the contents of a file.

FALSE

Check fraud is an example of computer-based fraud that deals with Internet advertising.

FALSE

Compilers create runtime code that can be executed via an interpreter engine, like a Java virtual machine (JVM), on a computer system.

FALSE

Computer trespass is only treated as a crime in the United States.

FALSE

Defense against attack begins by eliminating threats.

FALSE

Detecting that a security event is occurring or has occurred is an easy matter.

FALSE

Evidence offered by the witness that is not based on the personal knowledge of the witness—but is being offered to prove the truth of the matter asserted—falls under the exclusionary rule.

FALSE

For an intangible impact, assigning a financial value of the impact is easy.

FALSE

Hostile activity that does not match an IDS signature and goes undetected is called a false positive.

FALSE

Incident response is strictly an information security operation.

FALSE

Large organizations typically have the resources to protect everything against all threats.

FALSE

Most large enterprises rely on a paper-based system problem report (SPR) process.

FALSE

Network-based IDS (NIDS) examines activity on a system, such as a mail server or web server.

FALSE

Oral testimony that proves a specific fact is considered real evidence.

FALSE

Performing cloud-based data loss prevention (DLP) is as simple as moving the enterprise edge methodology to the cloud.

FALSE

Relevant evidence must be convincing or measure up without question.

FALSE

Sender Policy Framework (SPF) validates the receiving address of the e-mail.

FALSE

Service pack is the term given to a small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system to attacks.

FALSE

Since developers create and enhance programs, they should be able to install these programs on the production system.

FALSE

The DMCA protects the rights of recording artists and the music industry.

FALSE

The PATRIOT Act permits the Justice Department to proceed with its rollout of the Carnival program, an eavesdropping program for the Internet.

FALSE

The archive bit is cleared in a differential backup.

FALSE

The generation of a real random number is a trivial task.

FALSE

The spiral model is an iterative model designed to enable the construction of increasingly complex versions of a project.

FALSE

When analyzing computer storage components, the original system should be analyzed.

FALSE

When performing forensics on a computer system you should use the utilities provided by that system.

FALSE

A physical hard disk drive will persist data longer than a solid state drive.

TRUE

A signed applet can be hijacked.

TRUE

All risks need to be mitigated or controlled.

TRUE

Both forensics and e-discovery are secondary processes from a business perspective.

TRUE

Context-based signatures match a pattern of activity based on the other activity around it, such as a port.

TRUE

Executable code integrity can be verified using host-based intrusion detection systems.

TRUE

Export control rules for encryption technologies fall under the Wassenaar Arrangement.

TRUE

General UNIX baselining follows similar concepts as baselining for Windows OSs.

TRUE

Hoax e-mails can have a real impact on bandwidth

TRUE

JavaScript is part of the Java environment.

TRUE

Least privilege refers to removing all controls from a system.

TRUE

Major legal awards have been decided based on failure to retain information.

TRUE

Most e-mail is sent in plaintext, providing no privacy in its default form.

TRUE

Perpetrating some sort of electronic fraud is one reason a specific system might be targeted for attack.

TRUE

Protecting data while in use is a much trickier proposition than protecting it in transit or in storage.

TRUE

RAID increases reliability through the use of redundancy.

TRUE

Recovery is the returning of the asset into the business function.

TRUE

S/MIME uses the X.509 format for certificates

TRUE

Shimming is the process of putting a layer of code between the driver and the operating system.

TRUE

Snapshots are instantaneous save points in time on virtual machines.

TRUE

The impact of an event is a measure of the actual loss when a threat exploits a vulnerability.

TRUE

The interruption of power is a common issue during a disaster.

TRUE

The space that is left over in a cluster is called slack space.

TRUE

There is no recovery from data that has been changed.

TRUE

Traffic that is encrypted will typically pass by an intrusion prevention system untouched.

TRUE

Which statement applies to a low-impact exposure incident? •A. A low-impact exposure incident only involves repairing the broken system. •B. A low-impact exposure incident may result in significant risk exposure. •C. A low-impact exposure incident require the highest level of scrutiny. •D. A low-impact exposure incident can essentially be ignored.

•A. A low-impact exposure incident only involves repairing the broken system.

Which term refers to the process by which application programs manipulate strings to a base form, creating a foundational representation of the input? •A. Canonicalization •B. Obfuscation •C. Injection •D. Blacklisting

•A. Canonicalization

Which law makes it a crime to knowingly access a computer that is either considered a government computer or used in interstate commerce, or to use a computer in a crime that is interstate in nature? •A. Computer Fraud and Abuse Act •B. Stored Communications Act •C. CAN-SPAM Act •D. Sarbanes-Oxley Act

•A. Computer Fraud and Abuse Act

Which term refers to the process responsible for managing the lifecycle of all incidents? •A. Incident management •B. Configuration management •C. Release management •D. Change management

•A. Incident management

Which term refers to a key measure used to prioritize actions throughout the incident response process? •A. Information criticality •B. Information scalability •C. Footprinting •D. Steganography

•A. Information criticality

What is an advantage of a host-based IDS? •A. It can reduce false-positive rates. •B. Its signatures are broader. •C. It can examine data before it is decrypted. •D. It is inexpensive to maintain in the enterprise.

•A. It can reduce false-positive rates.

In which CMMI-DEV maturity level are processes generally ad hoc and chaotic? •A. Level 1: Initial •B. Level 2: Managed •C. Level 3: Defined •D. Level 5: Optimizing

•A. Level 1: Initial

Which action is an example of transferring risk? •A. Management purchases insurance for the occurrence of the risk. •B. Management applies controls that reduce the impact of an attack. •C. Management has decided to accept responsibility for the risk if it does happen. •D. Management has decided against deploying a module that increases risk.

•A. Management purchases insurance for the occurrence of the risk.

Which protection ring has the highest privilege level and acts directly with the physical hardware? •A. Ring 0 •B. Ring 1 •C. Ring 2 •D. Ring 3

•A. Ring 0

Which term refers to the possibility of suffering harm or loss? •A. Risk •B. Hazard •C. Threat vector •D. Threat actor

•A. Risk

Which term refers to a form of malware that is specifically designed to modify the operation of the operating system in some fashion to facilitate nonstandard functionality? •A. Rootkit •B. Boot sector virus •C. Spyware •D. Dieware

•A. Rootkit

Which of the following is a primary e-mail protocol? •A. SMTP •B. SNMP •C. P3OP •D. MUA

•A. SMTP

The process of taking control of an already existing session between a client and a server is known as __________. •A. TCP/IP hijacking •B. DNS kiting •C. smurfing •D. sniffing

•A. TCP/IP hijacking

Which type of systems is one that fairly closely mimics the production environment, with the same versions of software, down to patch levels, and the same sets of permissions, file structures, and so on? •A. Test •B. Virtual •C. Production •D. Staging

•A. Test

Which infection method involves planting malware on a Web site that the victim employees will likely visit? •A. Watering hole attack •B. Spoofing •C. SQL injection attack •D. Remote administration Trojan (RAT) attack

•A. Watering hole attack

How is quarantine accomplished? •A. With the erection of firewalls that restrict communication between machines •B. By rebooting the infected machine as many times as needed •C. By encrypting the infected data on the network's hard drive •D. With periodic patches of the infected systems

•A. With the erection of firewalls that restrict communication between machines

A(n) __________ outlines the proper settings and configurations for an application or set of applications. •A. application configuration baseline •B. memory management report •C. locally shared object •D. deprecated function

•A. application configuration baseline

Clusters that are marked by the operating system as usable when needed are referred to as __________. •A. free space •B. slack space •C. open space •D. unused space

•A. free space

A law that is passed by a legislative branch of government is known as a(n) __________. •A. statutory law •B. administrative law •C. common law •D. blue law

•A. statutory law

The term __________ refers the unauthorized scanning for and connecting to wireless access points, frequently done while driving near a facility. •A. war-driving •B. war-dialing •C. indirect attack •D. brute force attack

•A. war-driving

Which calculated value determines the threshold for evaluating the cost/benefit ratio of a given countermeasure? •A. SLE •B. ALE •C. SRO •D. ARO

•B. ALE

Which term describes a piece of code that is distributed to allow additional functionality to be added to an existing program? •A. Plug-in •B. Add-on •C. Applet •D. Certificate

•B. Add-on

Which component of an IDS examines the collected network traffic and compares it to known patterns of suspicious or malicious activity stored in the signature database? •A. Traffic collector •B. Analysis engine •C. Signature database •D. Examination collector

•B. Analysis engine

What term refers to the process of assessing the state of an organization's security compared against an established standard? •A. Pen testing •B. Auditing •C. Vulnerability testing •D. Accounting

•B. Auditing

What term refers to the process of establishing a system's operational state? •A. Hardening •B. Baselining •C. Securing •D. Controlling

•B. Baselining

Which management tool is used for identifying relationships between a risk and the factors that can cause it? •A. Baseline identification and analysis •B. Cause and effect analysis •C. Cost/benefit analysis •D. Risk management plan

•B. Cause and effect analysis

Which change management phase ensures that only approved changes to a baseline are allowed to be implemented? •A. Configuration auditing •B. Configuration control •C. Configuration identification •D. Configuration status accounting

•B. Configuration control

Which attack is a code injection attack in which an attacker sends code in response to an input request? •A. Cache poisoning •B. Cross-site scripting attack •C. Man-in-the-middle •D. Buffer overflow

•B. Cross-site scripting attack

Which phase of the secure development lifecycle model is concerned with minimizing the attack surface area? •A. Coding phase •B. Design phase •C. Requirements phase •D. Testing phase

•B. Design phase

Which cryptographic protocols can be used by SSL/TLS? •A. HTTPS and SSMTP •B. Diffie-Hellman and RSA •C. RC4 and 3DES •D. MD5 and SHA-1

•B. Diffie-Hellman and RSA

Which of the following rules applies to evidence obtained in violation of the Fourth Amendment of the Constitution? •A. Best evidence rule •B. Exclusionary rule •C. Hearsay rule •D. Evidentiary rule

•B. Exclusionary rule

Which protocol is used for the transfer of hyperlinked data over the Internet, from web servers to browsers? •A. SSMTP •B. HTTP •C. SPOP3 •D. HSTS

•B. HTTP

Which term refers to the ability to distribute the processing load over two or more systems? •A. High availability clustering •B. Load balancing •C. Infrastructure as a Service (IaaS) •D. Single point of failure

•B. Load balancing

Which term refers to a type of an attack where an attacker spoofs addresses and imposes their packets in the middle of an existing connection? •A. Spoofing •B. Man-in-the-middle attack •C. Sniffing •D. Injecting

•B. Man-in-the-middle attack

Which attack type is common, and to a degree, relatively harmless? •A. Port flooding •B. Port scan •C. Buffer overflow •D. SQL injection

•B. Port scan

Which strategy has the goal of defining the requirements for business continuity? •A. Business continuity plan (BCP) •B. Recovery time objective (RTO) •C. Disaster recovery plan (DRP) •D. Recovery point objective (RPO)

•B. Recovery time objective (RTO)

When using Secure FTP (SFTP) for confidential transfer, what protocol is combined with FTP to accomplish this task? •A. Secure Sockets Layer (SSL) •B. Secure Shell (SSH) •C. Transport Layer Security (TLS) •D. Secure Hyper Text Transfer Protocol (HTTPs)

•B. Secure Shell (SSH)

What is a software bomb? •A. A firework that destroys all the disks and CDs in your library •B. Software that can destroy or modify files when commands are executed on the computer •C. Screensavers that show fireworks going off •D. Software trying to access a computer

•B. Software that can destroy or modify files when commands are executed on the computer

substitutions in the event that the primary person is not available to fulfill their assigned duties? •A. Risk assessment •B. Succession planning •C. Business continuity planning •D. Business impact analysis

•B. Succession planning

__________ technologies involve the miniaturization of the various circuits needed for a working computer system. •A. TCP wrappers •B. System on a Chip (SoC) •C. Daemon •D. Supervisory control and data acquisition (SCADA)

•B. System on a Chip (SoC)

Which report documents changes or corrections to a system? •A. System process report •B. System problem report •C. Segregated software report •D. System progress report

•B. System problem report

Which port does HTTP traffic travel over by default? •A. TCP port 8080 •B. TCP port 80 •C. UDP port 8080 •D. UDP port 80

•B. TCP port 80

What is the Convention on Cybercrime? •A. A convention of black hats who trade hacking secrets •B. The first international treaty on crimes committed via the Internet and other computer networks •C. A convention of white hats who trade hacker prevention knowledge •D. A bilateral treaty regulating international conventions

•B. The first international treaty on crimes committed via the Internet and other computer networks

Which item should be available for short-term interruptions, such as what might occur as the result of an electrical storm? •A. Backup emergency generator •B. Uninterruptible power supply (UPS) •C. Cloud computing service •D. RAID 6 disk storage with parity duplication

•B. Uninterruptible power supply (UPS)

Which alternative site is designed to be operational within a few days? •A. Hot site •B. Warm site •C. Cold site •D. Reciprocal site

•B. Warm site

Which alternative site is partially configured, usually having peripherals and software, but perhaps not the more expensive main processing components? •A. Hot site •B. Warm site •C. Cold site •D. Reciprocal site

•B. Warm site

SYN flooding is an example of a __________. •A. viral attack •B. denial-of-service attack •C. logic bomb •D. Trojan horse

•B. denial-of-service attack

Few instant messaging programs currently support __________. •A. the ability to share files •B. encryption •C. video transmission •D. connection to a smart device

•B. encryption

One of the steps that the majority of system administrators running Internet e-mail servers have taken to reduce spam is to shut down __________. •A. spam filters •B. mail relaying •C. e-mail attachments •D. Outlook Express

•B. mail relaying

A __________ is a software or hardware device that is used to observe traffic as it passes through a network on shared broadcast media. •A. logic bomb •B. network sniffer •C. backdoor •D. trapdoor

•B. network sniffer

An attack that takes advantage of bugs or weaknesses in the software is referred to as __________. •A. a brute-force attack •B. software exploitation •C. a dictionary attack •D. weakness exploitation

•B. software exploitation

Which TCP port does IMAP use by default? •A. 110 •B. 25 •C. 143 •D. 443

•C. 143

If you have a farm of five web servers and two of them break, what is the exposure factor (EF)? •A. 0 percent •B. 20 percent •C. 40 percent •D. 100 percent

•C. 40 percent

How does an IPS differ from an IDS? •A. An IPS is passive and an IDS is active. •B. An IPS uses heuristics and an IDS is signature-based. •C. An IPS will block, reject, or redirect unwanted traffic; an IDS will only send an alert. •D. An IDS will block, reject, or redirect unwanted traffic; an IPS will only send an alert.

•C. An IPS will block, reject, or redirect unwanted traffic; an IDS will only send an alert.

Which product filters out junk e-mail? •A. Intrusion detection system •B. Personal firewall •C. Antispam •D. Antivirus

•C. Antispam

What was the primary reason for the spread of the ILOVEYOU worm? •A. Network firewalls failed. •B. Systems did not have the appropriate software patch. •C. Automatic execution, such as Microsoft Outlook's preview pane. •D. Virus scan software was not updated.

•C. Automatic execution, such as Microsoft Outlook's preview pane.

What are the two components comprising information criticality? •A. Data location and data classification •B. Quantity of data involved and data location •C. Data classification and the quantity of data involved •D. Impact on the core business process and its location

•C. Data classification and the quantity of data involved

Oral testimony that proves a specific fact with no inferences or presumptions is which type of evidence? •A. Hearsay •B. Real evidence •C. Direct evidence •D. Demonstrative evidence

•C. Direct evidence

Business records, printouts, and manuals are which type of evidence? •A. Direct evidence •B. Real evidence •C. Documentary evidence •D. Demonstrative evidence

•C. Documentary evidence

Which event is an example of a tangible impact? •A. Breach of legislation or regulatory requirements •B. Loss of reputation or goodwill (brand damage) •C. Endangerment of staff or customers •D. Breach of confidence

•C. Endangerment of staff or customers

In an "old school" attack, which step is a listing of the systems and vulnerabilities to build an attack game plan. •A. Scanning •B. Footprinting •C. Enumeration •D. Pilfering

•C. Enumeration

A principal reference for rules governing the export of encryption can be found in the __________. •A. Bureau of Industry and Security •B. U.S. Department of Commerce •C. Export Administration Regulations •D. State Department

•C. Export Administration Regulations

Which form of configuration auditing verifies that the configuration item performs as defined by the documentation of the system requirements? •A. Activity-based access control •B. Configuration status accounting •C. Functional configuration audit •D. Physical configuration audit

•C. Functional configuration audit

Which plug-in helps a browser maintain an HTTPS connection and gives a warning when it is not present? •A. NoScript •B. FTPS •C. HTTPS Everywhere •D. Authenticode

•C. HTTPS Everywhere

Which of the following has the least volatile data? •A. CPU storage •B. RAM •C. Hard disk •D. Kernel table

•C. Hard disk

What are the three states of the data lifecycle in which data requires protection? •A. In storage, during encryption, and during backup •B. During processing, during encryption, and during deletion •C. In storage, in transit, and during processing •D. During identification, during encryption, and during backup

•C. In storage, in transit, and during processing

Which term refers to the targeting of specific steps of a multistep process with the goal of disrupting the overall process? •A. Scanning •B. Footprinting •C. Kill chain •D. Indicator of compromise (IOC)

•C. Kill chain

In which CMMI-DEV maturity level does an organization establish quantitative objectives for quality and process performance and use them as criteria in managing projects? •A. Level 2: Managed •B. Level 3: Defined •C. Level 4: Quantitatively Managed •D. Level 5: Optimizing

•C. Level 4: Quantitatively Managed

Which protocol allows the exchange of different kinds of data across text-based e-mail systems? •A. MTA •B. MUA •C. MIME •D. MDA

•C. MIME

What tool is the protocol/standard for the collection of network metadata on the flows of network traffic? •A. Sniffer •B. Penetration test •C. NetFlow •D. NetStat

•C. NetFlow

Which tool is designed to probe a system for open ports? •A. Web proxy •B. Reverse scanner •C. Port scanner •D. Open proxy

•C. Port scanner

Which process is responsible for planning, scheduling and controlling the movement of releases to test and live environments? •A. Incident management •B. Backout plan •C. Release management •D. Software engineering

•C. Release management

Which term refers to a risk that remains after implementing controls? •A. Unsystematic risk •B. Systematic risk •C. Residual risk •D. Control

•C. Residual risk

Which type of attack can be used to execute arbitrary commands in a database? •A. DB manipulation •B. DB injection •C. SQL injection •D. XML injection

•C. SQL injection

Unsolicited commercial e-mail is known as __________. •A. Hoax e-mail •B. Worm •C. Spam •D. Spork

•C. Spam

Which term refers to a preapproved change that is low risk, relatively common and follows a procedure or work instruction? •A. Change •B. Reserve change •C. Standard change •D. Emergency change

•C. Standard change

Which port is used by SSMTP? •A. TCP port 21 •B. TCP port 443 •C. TCP port 465 •D. TCP port 80

•C. TCP port 465

Which service allows organizations to share cyberthreat information in a secure and automated manner? •A. Cyber kill chain •B. Cyber Observable eXpression (CybOX) •C. Trusted Automated eXchange of Indicator Information (TAXII) •D. Structured Threat Information eXpression (STIX)

•C. Trusted Automated eXchange of Indicator Information (TAXII)

Which advanced malware tool assists security engineers in hunting down malware infections based on artifacts that the malware leaves behind in memory? •A. Snort •B. Suricata •C. Yara •D. Wireshark

•C. Yara

Law that is based on previous events or precedents is known as __________. •A. statutory law •B. administrative law •C. common law •D. blue law

•C. common law

The process of attempting to break a cryptographic system is called __________. •A. encrypting •B. cipher texting •C. cryptography •D. cryptanalysis

•C. cryptography

Which statistical term is a representation of the frequency of the event, measured in a standard year? •A. SLE •B. ALE •C. SRO •D. ARO

•D. ARO

Which term is a means of signing an ActiveX control so that a user can judge trust based on the control's creator? •A. Side-jacking •B. Server side scripting •C. Cross-site scripting •D. Authenticode

•D. Authenticode

Which term refers to ensuring proper procedures are followed when modifying the IT infrastructure? •A. Qualitative risk assessment •B. Quantitative risk assessment •C. Configuration management •D. Change management

•D. Change management

Which indicator of compromise (IOC) standard is a method of information sharing developed by MITRE? •A. Structured Threat Information eXpression (STIX) •B. Incident Object Description Exchange Format (IODEF) •C. OpenIOC •D. Cyber Observable eXpression (CybOX)

•D. Cyber Observable eXpression (CybOX)

Which backup requires a small amount of space and is considered to have a complex restoration process? •A. Partial •B. Differential •C. Incremental •D. Delta

•D. Delta

Which plan defines the data and resources necessary and the steps required to restore critical organizational processes? •A. Succession plan •B. Business impact analysis (BIA) •C. Business continuity plan (BCP) •D. Disaster recovery plan (DRP)

•D. Disaster recovery plan (DRP)

__________ is a branch of digital forensics dealing with identifying, managing, and preserving digital information that is subject to legal hold. •A. Clustering •B. Partitioning •C. Litigation holding •D. E-discovery

•D. E-discovery

Which protocol is designed to operate both ways, sending and receiving, and can enable remote file operations over a TCP IP connection? •A. Telnet •B. SSH •C. SNMP •D. FTP

•D. FTP

What application is associated with TCP Ports 989 and 990? •A. SSL/TLS 3.0 •B. SPOP3 •C. SFTP •D. FTPS

•D. FTPS

Which backup technique requires a large amount of space and is considered to have a simple restoration process? •A. Delta •B. Differential •C. Incremental •D. Full

•D. Full

Which term refers to the process of checking whether the program specification captures the requirements from the customer? •A. Data exposure •B. Static analysis •C. Verification •D. Validation

•D. Validation

Which of the following is a popular, open source protocol analyzer? •A. Snort •B. Suricata •C. Bit Defender •D. Wireshark

•D. Wireshark

The Gramm-Leach-Bliley Act is a major piece of legislation that __________. •A. implements the principle that a signature, contract, or other record may not be deleted •B. denies legal effect, validity, or enforceability solely because it is electronic form •C. makes it a violation of federal law to knowingly use another's identity •D. affects the financial industry and contains significant privacy provisions for individuals

•D. affects the financial industry and contains significant privacy provisions for individuals

The term __________ refers to software that has been designed for some nefarious purpose. •A. virus •B. worm •C. Trojan horse •D. malware

•D. malware

Evidence that is convincing or measures up without question is known as __________. •A. Direct evidence •B. Real evidence •C. Documentary evidence •D. Demonstrative evidence •SUFFICIENT

•SUFFICIENT

Which tool has been the de facto standard IDS engine since its creation in 1998? •A. Squid •B. Snort •C. Bro •D. Suricata

Snort

Windows Server 2016 replaced the traditional ROM-BIOS with the __________. •A. ELAM Boot •B. Secure Boot •C. Unified Extensible Firmware Interface (UEFI) •D. Trusted Machine Platform

C. Unified Extensible Firmware Interface (UEFI