Security Midterm Pt. 1

(T/F) Connectivity is one of the five critical challenges that the Internet of Things (IoT) has to overcome

false

(T/F) Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks

false

(T/F) Often an extension of a memorandum of understanding (MOU), the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets.

false

Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?

80

Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?

Access to a high level of expertise

Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements

Applying security updates promptly

What is NOT a good practice for developing strong professional ethics

Assume that information should be free

What is the first step in a disaster recovery effort

Ensure that everyone is safe

Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used

standard

Which control is not designed to combat malware?

Firewalls

Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers?

HIPAA

(T/F) An example of a threat to access control is in a peer-to-peer (P2P) arrangement in which users share their My Documents folder with each other by accident.

true

(T/F) Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user

true

(T/F) Cars that have Wi-Fi access and onboard computers require software patches and upgrades from the manufacturer.

true

(T/F) Classification scope determines what data you should classify. Classification process determines how you handle classified data

true

(T/F) Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext

true

Which network device is capable of blocking network connections that are identified as potentially malicious

Intrusion Prevention System (IPS)

(T/F) Metadata of Internet of Things (IoT) devices can be sold to companies seeking demographic marketing data about users and their spending habits.

true

Which type of denial of service attack exploits the existence of software flaws to disrupt a service?

Logic attack

Which of the following is an example of a hardware security control: NTFS permission, MAC filtering, ID badge, security policy

MAC filtering

(T/F) Policies that cover data management should cover transitions throughout the data life cycle

true

(T/F) Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device.

true

(T/F) Some vending machines are equipped with a cellular phone network antenna for secure credit card transaction processing.

true

(T/F) The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security system

true

Beth must purchase firewalls for several network circuits used by her organization. Which one circuit will have the highest possible network throughput?

OC-12

Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?

Passive wiretap

For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public domain categories

true

One of the first industries to adopt and widely use mobile applications was the healthcare industry

true

Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking: project initiation and planning, functional requirements and definition, system design specification, operations and maintenance

Project initiation and planning

Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining?

Recovery Time Objective (RTO)

The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.

true

From a security perspective, what should organizations expect will occur as they become more dependent upon the Internet of Things (IoT)?

Security risks will increase.

What is not a common endpoint for a virtual private network (VPN) connection used for remote network access: laptop, firewall, route, content filter?

content filter

(T/F) Passphrases are less secure than passwords.

false

(T/F) Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device

false

(T/F) Store-and-forward communications should be used when you need to talk to someone immediately

false

(T/F) Terminal Access Controller Access Control System (TACACS+) is an authentication server that uses client and user configuration files

false

(T/F) The Sarbanes-Oxley (SOX) Act requires all types of financial institutions to protect consumers' private financial information

false

(T/F) The main difference between a virus and a work is that a virus does not meed a host program to infect

false

(T/F) Vishing is a type of wireless network attack

false

IoT devices cannot share and communicate your IoT device data to other systems and applications without your authorization or knowledge.

false

Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)

health monitoring

Which of the following is not a good technique for performing authentication of an end user

identification number

Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?

integrity

Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?

procedure

(T/F) A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match

true

(T/F) When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks.

true

(T/F) With proactive change management, management initiates the change to achieve a desired goal.

true

Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement?

Bring Your Own Device (BYOD)

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?

Payment Card Industry Data Security Standard (PCI DSS)

(T/F) Authorization controls include biometric devices

false

(T/F) Company-related classifications are not standard, therefore, there may be some differences between the terms "private" and "confidential" in different companies.

true

(T/F) Each 4G device has a unique Internet Protocol (IP) address and appears just like any other wired device on a network.

true

(T/F) Simple Network Management Protocol (SNMP) is used for network device monitoring, alarm, and performance

true

(T/F) The weakest link in the security of an IT infrastructure is the server.

true

Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery model is Kaira's company using?

Software as a Service (SaaS)

Which one of the following principles is not a component of the Biba integrity model

Subjects cannot change objects that have a lower integrity level.

(T/F) Bricks-and-mortar stores are completely obsolete now

false

(T/F) Change doesn't create risk for a business.

false

(T/F) Configuration changes can be made at any time during a system life cycle and no process is required

false