SecurityTest1 (Ch1-3)
Which one of the following is an example of a disclosure threat? Espionage Alteration Denial Destruction
Espionage
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? Evil twin Wardriving Bluesnarfing Replay attack
Evil twin
Which type of attack involves the creation of some deception in order to trick unsuspecting users? Interception Interruption Fabrication Modification
Fabrication
Matthew captures traffic on his network and notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted connections? 20 22 23 80
22
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service? 21 23 80 443
80
Juan's web server was down for an entire day last September. It experienced no other downtime during that month. Which one of the following represents the web server uptime for that month? 96.67% 3.33% 99.96% 0.04%
96.67
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place? Address Resolution Protocol (ARP) poisoning Internet Protocol (IP) spoofing URL hijacking Christmas attack
Address Resolution Protocol (ARP) poisoning
Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements? Applying security updates promptly Using encryption for communications Removing IoT devices from the network Turning IoT devices off when not in use
Applying security updates promptly
Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality? Securing wiring closets Applying patches promptly Implementing LAN configuration standards Applying strong encryption
Applying strong encryption
During what phase of a remote access connection does the end user prove his or her claim of identity? Identification Authentication Authorization Tokenization
Authentication
Which password attack is typically used specifically against password files that contain cryptographic hashes? Brute-force attacks Dictionary attacks Birthday attacks Social engineering attacks
Birthday attacks
Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement? Privacy Bring Your Own Device (BYOD) Acceptable use Data classification
Bring Your Own Device (BYOD)
Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs? Voice over IP (VoIP) Audio conferencing Video conferencing Collaboration
Collaboration
What is NOT a common endpoint for a virtual private network (VPN) connection used for remote network access? Laptop Firewall Router Content filter
Content Filter
In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)? Home agent (HA) Foreign agent (FA) Care of address (COA) Correspondent node (CN)
Correspondent node (CN)
Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate? Encryption Decryption Deidentification Aggregation
Deidentification
Which risk is most effectively mitigated by an upstream Internet service provider (ISP)? Distributed denial of service (DDoS) Lost productivity Firewall configuration error Unauthorized remote access
Distributed denial of service (DDoS)
Which one of the following is NOT an area of critical infrastructure where the Internet of Things (IoT) is likely to spur economic development in less developed countries? Wastewater treatment Water supply management E-commerce Agriculture
E-commerce
Which compliance obligation includes security requirements that apply specifically to federal government agencies in the United States? Gramm-Leach-Bliley Act (GLBA) Health Insurance Portability and Accountability Act (HIPAA) Family Educational Rights and Privacy Act (FERPA) Federal Information Security Management Act (FISMA)
Federal Information Security Management Act (FISMA)
Which control is not designed to combat malware? Firewalls Antivirus software Awareness and education efforts Quarantine computers
Firewalls
Which one of the following is NOT a market driver for the Internet of Things (IoT)? Global adoption of non-IP networking Smaller and faster computing Growth of cloud computing Advancements in data analytics
Global adoption of non-IP networking
Which element of the security policy framework offers suggestions rather than mandatory actions? Policy Standard Guideline Procedure
Guideline
Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer? -Federal Information Security Management Act (FISMA) -Health Insurance Portability and Accountability Act (HIPAA) -Children's Internet Protection Act (CIPA) -Gramm-Leach-Bliley Act (GLBA)
Health Insurance Portability and Accountability Act (HIPAA)
Which one of the following governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals? Payment Card Industry Data Security Standard (PCI DSS) Federal Financial Institutions Examination Council (FFIEC) Federal Information Security Management Act (FISMA) Health Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA)
Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)? Virtual workplace Infrastructure monitoring Health monitoring Supply chain management
Health monitoring
With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network? Home agent (HA) Foreign agent (FA) Care of address (COA) Correspondent node (CN)
Home agent (HA)
Which one of the following is NOT a good technique for performing authentication of an end user? Password Biometric Identification Number Token
Identification Number
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate? Confidentiality Integrity Availability Nonrepudiation
Integrity
Which organization pursues standards for Internet of Things (IoT) devices and is widely recognized as the authority for creating standards on the Internet? Internet Society Internet Engineering Task Force Internet Association Internet Authority
Internet Engineering Task Force
Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion? Security Privacy Interoperability Compliance
Interoperability
Which network device is capable of blocking network connections that are identified as potentially malicious? Intrusion Prevention Sytem (IPS) Intrusion Detection System (IDS) Demilitarized Zone (DMZ) Web Server
Intrusion Prevention Sytem (IPS)
Which type of denial of service attack exploits the existence of software flaws to disrupt a service? SYN flood attack Smurf attack Logic attack Flooding attack
Logic attack
Which one of the following measures the average amount of time that it takes to repair a system, application, or component? Uptime Mean time to failure (MTTF) Mean time to repair (MTTR) Recovery time objective (RTO)
Mean time to repair (MTTR)
Beth must purchase firewalls for several network circuits used by her organization. Which one circuit will have the highest possible network throughput? OC-12 DS1 DS3 OC-3
OC-12
Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales? Replacement cost Opportunity cost Manpower cost Cost of good sold
Opportunity cost
Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing? Active wiretap Between-the-lines wiretap Piggyback-entry wiretap Passive wiretap
Passive wiretap
Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations? Password Protection Antivirus Software Deactivating USB Ports Vulnerability Scanning
Password Protection
Gwen's company is planning to accept credit cards over the Internet. Which one of the following governs this type of activity and includes provisions that Gwen should implement before accepting credit card transactions? Health Insurance Portability and Accountability Act (HIPAA) Family Educational Rights and Privacy Act (FERPA) Communications Assistance for Law Enforcement Act (CALEA) Payment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard (PCI DSS)
Which element of the security policy framework requires approval from upper management and applies to the entire organization? Policy Standard Guideline Procedure
Policy
Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing? Policy Standard Guideline Procedure
Procedure
Which tool can capture the packets transmitted between systems over a network? Wardialer OS fingerprinter Port scanner Protocol analyzer
Protocol analyzer
Which group is the most likely target of a social engineering attack? Receptionists and administrative assistants Information security response team Internal auditors Independent contractors
Receptionists and administrative assistants
Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of Internet of Things (IoT) innovation? Connect Secure Share Speak
Secure
From a security perspective, what should organizations expect will occur as they become more dependent upon the Internet of Things (IoT)? Security risks will increase. Security risks will decrease. Security risks will stay the same. Security risks will be eliminated.
Security risks will increase.
Which scenario presents a unique challenge for developers of mobile applications? Applying encryption to network communications Selecting multiple items from a list Obtaining Internet Protocol (IP) addresses Using checkboxes
Selecting multiple items from a list
In which type of attack does the attacker attempt to take over an existing connection between two systems? Man-in-the-middle attack URL hijacking Session hijacking Typosquatting
Session hijacking
Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery model is Kaira's company using? Platform as a Service (PaaS) Software as a Service (SaaS) Communications as a Service (CaaS) Infrastructure as a Service (IaaS)
Software as a Service (SaaS)
Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place? Spam Phishing Social engineering Spim
Spim
Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used? Policy Standard Guideline Procedure
Standard
Which one of the following is an advantage that the Internet of Things (IoT) brings to economic development for countries? Technical and industry development Confidentiality of personal information Network security devices Broadband capacity
Technical and industry development
Which one of the following is NOT an example of store-and-forward messaging? Telephone call Voicemail Unified messaging Email
Telephone call
Which term describes an action that can damage or compromise an asset? Risk Vulnerability Countermeasure Threat
Threat
Which term describes any action that could damage an asset? Risk Countermeasure Vulnerability Threat
Threat
Which classification level is the highest level used by the U.S. federal government? Top Secret Secret Confidential Private
Top Secret
What type of malicious software masquerades as legitimate software to entice the user to run it? Virus Worm Trojan horse Rootkit
Trojan horse
Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using? Cross-site scripting Session hijacking SQL injection Typosquatting
Typosquatting
An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using? Vishing Urgency Whaling Authority
Urgency
Which one of the following is typically used during the identification phase of a remote access connection? Username Password Token Fingerprint
Username
Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri? Cracker White-hat hacker Black-hat hacker Grey-hat hacker
White-hat hacker
Which type of attack against a web application uses a newly discovered vulnerability that is not patchable? SQL injection Cross-site scripting Cross-site request forgery Zero-day attack
Zero-day attack