Test 2 Coms and Security

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?

Does the firewall properly block unsolicited network connection attempts?

Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?

False positive error

What is NOT a common motivation for attackers?

Fear

What is NOT an effective key distribution method for plaintext encryption keys?

Unencrypted email

What type of malicious software allows an attacker to remotely control a compromised computer?

Remote Access Tool (RAT)

How can you verify that the integrity of encrypted files is maintained during the transmission to another user's computer?

Compare the decrypted file's contents with the contents of the original file.

Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking?

Confidentiality

Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?

SQL injection

In a __________ attack, the attacker attempts to use scripting commands in the URL itself, or through a device, such as a web form, to gain administrator, or some other elevated level of user privileges in an attempt to force the victim's server to display the desired data on-screen.

non-persistent cross-site scripting

Norm recently joined a new organization. He noticed that the firewall technology used by his new firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used?

Application proxying

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?

Audit

What firewall approach is shown in the figure?

Screened subnet

The __________ instructs Linux which folders to share with NFS and what NFS features should be enabled.

/etc/exports file

What is the maximum value for any octet in an IPv4 IP address?

255

What ISO security standard can help guide the creation of an organization's security policy?

27002

What type of system is intentionally exposed to attackers in an attempt to lure them out?

Honeypot

Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?

Alice's private key

Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?

Alice's public key

Which of the following determines the impact to an organization in the event that key processes and technology are not available?

Business impact analysis

Which information security objective allows trusted entities to endorse information?

Certification

Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block?

Internet Control Message Protocol (ICMP)

Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?

Is the security control likely to become obsolete in the near future?

Which of the following is a Windows local security password policy?

Maximum password age

What term describes the longest period of time that a business can survive without a particular critical system?

Maximum tolerable downtime (MTD)

Brian would like to conduct a port scan against his systems to determine how they look from an attacker's viewpoint. What tool can he use for this purpose?

Nmap

When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve?

Nonrepudiation

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

Preventive

Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis?

Qualitative

Which approach to cryptography provides the strongest theoretical protection?

Quantum cryptography

Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?

Secure Sockets Layer (SSL)

Which intrusion detection system strategy relies upon pattern matching?

Signature detection

Joe is responsible for the security of the industrial control systems for a power plant. What type of environment does Joe administer?

Supervisory Control and Data Acquisition (SCADA)

Which set of characteristics describes the Caesar cipher accurately?

Symmetric, stream, substitution

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?

System integrity monitoring

Why do hackers often send zipped and encrypted files and attachments?

They cannot be opened by antivirus software and so they will often reach the recipient.

Forensics and incident response are examples of __________ controls.

corrective

Purchasing an insurance policy is an example of the ____________ risk management strategy.

transfer

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Residual risk

In the lab, you used __________ to implement the organization's password policy.

Group Policy

If someone sends you his public key and you import it into Kleopatra, will he be able to decrypt the encrypted messages you send him?

No because you must provide your public key to any user wanting to decrypt any message encrypted by you.

Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?

Report writing

Which of the following determines the probability of a risk (such as an earthquake or a power outage) to occur and the impact that occurrence would have on operations?

Risk analysis

Which Web application attack is more likely to extract privacy data elements out of a database?

SQL Injection attack

A __________ will masquerade as a seemingly useful program while actually compromising system security and possibly acting as a "back door," allowing additional hack tools and access to the system.

Trojan

Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use?

Virtual LAN (VLAN)

What protocol is responsible for assigning IP addresses to hosts on most networks?

What protocol is responsible for assigning IP addresses to hosts on most networks?

Val would like to limit the websites that her users visit to those on an approved list of pre-cleared sites. What type of approach is Val advocating?

Whitelisting

Gary is configuring a Smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity?

Wi-Fi

What standard is NOT secure and should never be used on modern wireless networks?

Wired Equivalent Privacy (WEP)

The primary assumption of __________ is that no one single tool or practice will completely deter a resolved attacker.

defense in depth


Ensembles d'études connexes

ADN 120 Unit 1 Thermoregulation, Fluid & Electrolytes and Glucose Regulation

View Set

EPS 200 - Atmospheric Chemistry & Physics

View Set

Quant Section - GMAT; Manhattan Prep

View Set