Fundamentals of Network Security Chapter 10, SECURITY+ GUIDE TO NETWORK SECURITY - CH1, Fundamentals of Network Security Chapter 9, Fundamentals of Network Security Chapter 8, Security - Chapter 7, Security - Chapter 6, Fundamentals of Network Securi...
"What PIN is considered to be the most commonly used PIN? 1234 4321 0000 7777 "
1234
"Select the item that is not considered to be a basic characteristic of mobile devices. A small form factor. A mobile operating system. A removable media storage. A data synchronization capabilities. "
A removable media storage.
"A QR code can't contain which of the following items directly? A URL. A phone number. An e-mail address. A video. "
A video.
True
A vulnerability is a flaw or weakness that allows a threat to bypass security.
"Select the proprietary wireless network technology that is used primarily by sensors for communicating data. ANT Bluetooth SCD USB "
ANT
c
According to the U.S. Bureau of Labor Statistics, what percentage of growth for information security analysts is the available job outlook supposed to reach through 2024? a. 10 b. 15 c. 18 d. 27
False
As security is increased, convenience is often increased.
"Which enterprise deployment model allows users to use their personal mobile devices for business purposes? BYOD COPE VDI CYOD "
BYOD
"What type of filtering software divides email messages that have been received into two piles, spam and non-spam and then analyzes every word in each email and determines how frequently a word occurs in the spam pile compared to the not-spam pile? Blacklist filtering Whitelist filtering Bayesian filtering Extension filtering"
Bayesian filtering
False
Brokers steal new product research or a list of current customers to gain a competitive advantage.
"Which enterprise deployment model requires employees to choose from a selection of company owned and approved devices? BYOD COPE VDI CYOD "
COPE
Because attacks can come from a variety of sources and in many ways, information security is by its very nature complex. The more complex something becomes, the more difficult it is to understand. In addition, complex systems allow many opportunities for something to go wrong. Complex security systems can be hard to understand, troubleshoot, and feel secure about. As much as possible, a secure system should be simple for those on the inside to understand and use. Complex security schemes are often compromised to make them easier for trusted users to work with, yet this can also make it easier for the attackers. In short, keeping a system simple from the inside but complex on the outside can sometimes be difficult but reaps a significant benefit.
Describe the security principle of simplicity.
"What can be enabled to prevent a mobile device from being used until a user enters the correct passcode, such as a pin or password? Enable a smart card Enable a lock screen Enable a sleep time setting Enable a challenge-response screen "
Enable a lock screen
True or False: As a class, tablets are devices that closely resemble standard desktop computers.
FALSE
True or False: MDM tools cannot provide the ability to detect and restrict jailbroken and rooted devices.
FALSE
True or False: The greatest asset of a mobile device-its security.
FALSE
True or False: Virtual machines store sensitive applications and data on a remote server that is accessed through a smartphone.
FALSE
True or False: When securing a laptop, it can be placed in an office or a desk drawer.
FALSE
True or False: An embedded system is computer hardware and software contained within a smaller system that is designed for a specific function.
False, "contained within a lager system"
True or False: A compiled code test is used to ensure that the projected application meets all specifications at that point
False, this is model verification
"What type of technology can add geographical identification data to media such as digital photos taken on a mobile device? GPS locating GeoData tagging GPS marking GPS tagging "
GPS tagging
"Select the option that represents a wearable technology. Android iPhone Google Chromebook Google Glass "
Google Glass
"How is the coverage area for a cellular telephony network usually divided in a typical city? Hexagon shaped cells. Square square shaped cells. Triangle shaped cells. Circular shaped cells. "
Hexagon shaped cells.
"What systems control locally or at remote locations by collecting, monitoring, and processing real-time data so that machines can directly control devices such as valves, pumps, and motors without the need for human intervention? SCADA HVAC ICS RTOS "
ICS
d
In information security, what can constitute a loss? a. theft of information b. a delay in transmitting information that results in a financial penalty c. the loss of good will or a reputation d. all of the above
d
In information security, which of the following is an example of a threat actor? a. a force of nature such as a tornado that could destroy computer equipment b. a virus that attacks a computer network c. a person attempting to break into a secure computer network d. all of the above
d
In what kind of attack can attackers make use of millions of computers under their control in an attack against a single server or network? a. centered b. local c. remote d. distributed
Products (physical security): The physical security around the data. May be as basic as door locks or as complicated as intrusion-detection systems and firewalls. People (personnel security): Those who implement and properly use security products to protect data. Procedures (organizational security): Plans and policies established by an organization to ensure that people correctly use the products.
Information security is achieved through a combination of what three entities? Provide at least one example of each entity.
Three of the characteristics of information that must be protected by information security are: 1. Confidentiality-Confidentiality ensures that only authorized parties can view the information. 2. Integrity-Integrity ensures that the information is correct and no unauthorized person or malicious software has altered that data. 3. Availability-Availability ensures that data is accessible to authorized users.
List and describe three of the characteristics of information that must be protected by information security?
"How could an administrator initially manage applications on mobile devices using a technique called ""app wrapping?"" Mobile Application Management Extended Application Management Remote Application Management Cloud Application Management "
Mobile Application Management
"What type of management system below can help distribute and manage public and corporate apps? Wireless Device Management Mobile Device Management Total Device Management Extended Device Management "
Mobile Device Management
"What type of update service can Apple users take advantage of to update their operating systems via wireless carriers? OTG COPE OTA VDI "
OTA (Over-the-Air)
"What connection technology allows a mobile device with a USB connection to act as either a host or a peripheral used for external media access? OTG COPE OTA VDI "
OTG (USB On-the-Go)
True
One of the challenges in combating cyberterrorism is that many of the prime targets are not owned and managed by the federal government.
"What type of software is specifically designed for a SoC in an embedded system? SCADA HVAC ICS RTOS "
RTOS (Real-time operating system)
"Which of the following frameworks requires a QR code or PIN on each IoT device for authenticating it to the network, and uses an Elliptic Curve Diffie-Hellman secure key exchange and a Transport Layer Security (TLS) tunnel? P2413 Standard European Union Telecomm Law and Regulations Security 2 (S2) framework Industrial Internet Security Framework (IISF) "
Security 2 (S2) framework
c
Select the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data. a. availability b. confidentiality c. integrity d. identity
c
Select the term that best describes automated attack software? a. open-source utility b. insider software c. open-source intelligence d. intrusion application
False
Smart phones give the owner of the device the ability to download security updates.
False
Successful attacks are usually not from software that is poorly designed and has architecture/design weaknesses.
True or False: In the production stage the application is released to be used in its actual setting.
TRUE
True or False: Infrared light is next to the visible light on the light spectrum.
TRUE
True or False: Mobile devices using location services are at increased risk of targeted physical attacks.
TRUE
True or False: Some mobile devices can be configured so that the device automatically unlocks and stays unlocked until a specific action occurs.
TRUE
True or False: Static program analyzers are tools that examine the software without actually executing the program; instead, the source code is reviewed and analyzed.
TRUE
True or False: Tethering may allow an unsecured mobile device to infect other tethered mobile devices or the corporate network.
TRUE
True or False: The transmission time needed to repeat a signal from one earth station to another is approximately 250 milliseconds.
TRUE
True
The CompTIA Security+ certification is a vendor-neutral credential.
False
The Sarbanes-Oxley Act restricts electronic and paper data containing personally identifiable financial information.
False
The Security Administrator reports directly to the CIO.
d
Those who wrongfully disclose individually identifiable health information can be fined up to what amount per calendar year? a. $50,000 b. $250,000 c. $500,000 d. $1,500,000
c
To date, the single most expensive malicious attack occurred in 2000, which cost an estimated $8.7 billion. What was the name of this attack? a. Nimda b. Slammer c. Love Bug d. Code Red
True
To mitigate risk is the attempt to address risk by making the risk less serious.
"Which of the following selections is not one of the features provided by a typical MDM? Rapidly deploy new mobile devices Discover devices accessing enterprise systems Track stolen devices Enforce encryption settings "
Track stolen devices
a
Under which laws are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format? a. HIPAA b. HLPDA c. HCPA d. USHIPA
"Which of the following is NOT an Android Smart Lock configuration option? Trusted places detection On-body detection User device detection Trusted face "
User device detection, should be Trusted devices detection
"How can an area be made secure from a non-secured area via two interlocking doors to a small room? Using a lockout Using a mantrap Using a closet Using a pit"
Using a mantrap
Script kiddies are individuals who want to break into computers to create damage yet lack the advanced knowledge of computers and networks needed to do so. Instead, script kiddies do their work by downloading automated attack software (scripts) from Web sites and using it to perform malicious acts.
What are script kiddies?
Accept, transfer, avoid, and mitigate.
What are the four different risk response techniques?
b
What class of attacks use innovative attack tools and once a system is infected it silently extracts data over an extended period? a. Inside Attacks b. Advanced Persistent Threat c. Embedded Attacks d. Modified Threat
a
What information security position reports to the CISO and supervises technicians, administrators, and security staff? a. security manager b. security engineer c. security auditor d. security administrator
Vulnerable business processes, also called business process compromise (BPC), occurs when an attacker manipulates commonplace actions that are routinely performed within an organization.
What is occurring when an attacker manipulates commonplace actions that are routinely performed in a business?
The PCI DSS is a set of security standards that all companies that process, store, or transmit credit or debit card information must follow. PCI applies to any enterprise or merchant, regardless of its size or number of card transactions, that processes transactions either online or in person.
What is the Payment Card Industry Data Security Standard (PCI DSS)?
b
What level of security access should a computer user have to do their job? a. password protected b. least amount c. limiting amount d. authorized access
a
What process describes using technology as a basis for controlling the access and usage of sensitive data? a. technical controls b. administrative controls c. control diversity d. vendor diversity
c
What term best describes any premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against noncombatant targets by subnational groups or clandestine agents? a. cybercriminal b. cracking c. cyberterrorism d. hacking
d
What term describes a layered security approach that provides the comprehensive protection? a. comprehensive-security b. diverse-defense c. limiting-defense d. defense-in-depth
a
What term is used to describe a group that is strongly motivated by ideology, but is usually not considered to be well-defined and well-organized? a. hactivists b. hacker c. script kiddies d. cyberterrorist
c
What term is used to describe state-sponsored attackers that are used for launching computer attacks against their foes? a. nation state threats b. cyber military c. nation state actors d. state hackers
d
What term refers to an action that provides an immediate solution to a problem by cutting through the complexity that surrounds it? a. unicorn b. approved action c. secure solution d. silver bullet
Many security researchers believe that nation state actors might be the deadliest of any threat actors. Nation state actors target very specific resources and the attackers keep working until they are successful. State sponsored attackers are highly skilled and have enough government resources to breach almost any security defense
What threat actors are generally believed to be the most dangerous threat actors? Explain your answer.
c
What type of diversity is being implemented if a company is using multiple security products from different manufacturers? a. multiple-product security b. manufacturer diversity c. vendor diversity d. vendor-control security
b
What type of theft involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain? a. cyberterrorism b. identity theft c. phishing d. social scam
a
Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information? a. Gramm-Leach-Bliley b. Sarbanes-Oxley c. California Database Security Breach d. USA Patriot
a,b
Which of the following are considered threat actors? (Choose all that apply.) a. brokers b. competitors c. administrators d. individuals
b,c
Which of the following describes various supporting structures for implementing security that provides a resource of how to create a secure IT environment? (Choose all that apply.) a. regulatory frameworks b. reference architectures c. industry-standard frameworks d. reference frameworks
a
Which of the following ensures that data is accessible to authorized users? a. availability b. confidentiality c. integrity d. identit
a,b,c
Which of the following is a common security framework? (Choose all that apply.) a. ISO b. COBIT c. RFC d. ASA
b,c,d
Which of the following is a valid fundamental security principle? (Choose all that apply.) a. signature b. diversity c. simplicity d. layering
d
Which of the three protections ensures that only authorized parties can view information? a. security b. availability c. integrity d. confidentiality
a
Which position below is considered an entry-level position for a person who has the necessary technical skills? a. security technician b. security administrator c. CISO d. security manager
b
Which term below is frequently used to describe the tasks of securing information that is in a digital format? a. network security b. information security c. physical security d. logical security
c
Which term is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so? a. cybercriminal b. hacker c. script kiddies d. cyberterrorist
At the current rate of submissions of potential malware on a daily basis, updates for anti-virus software would need to be released every few seconds.
Why are there delays in updating products such as anti-virus software to resist attacks?
With modern tools at their disposal, attackers can quickly scan systems to find weaknesses and launch attacks with unprecedented speed. Many tools can even initiate new attacks without any human participation, thus increasing the speed at which systems are attacked.
Why is the speed of malicious attacks making the challenge of keeping computers secure more difficult?
"What specific software can examine a computer for any infections as well as monitor computer activity and scan new documents that might contain a virus? anti-malware antivirus security applications firewall"
antivirus
"What type of OS in firmware is designed to manage a specific device like a video game console? network OS client OS workstation OS appliance OS"
appliance OS
"Which management system is used to support the creation and subsequent editing and modification of digital content by multiple employees? extended management content management remote management application management "
content management
"Which option allows a mobile device to be configured so that the device automatically unlocks and stays unlocked until a specific action occurs? selected context authentication context-aware authentication user designated authentication trigger locking "
context-aware authentication
"What type of update does not allow a user to refuse or delay security updates? preventative forced mandatory security"
forced
"What mobile operating system below requires all applications to be reviewed and approved before they can be made available in the App store? Android Blackberry OS iOS Symbian "
iOS
"Which of the following is NOT a benefit of using the CYOD enterprise deployment model for an enterprise? management flexibility increased internal service increased employee performance less oversight "
increased internal service
"Which of the following can replace using radio frequency (RF) for the communication media? ANT Bluetooth repeaters infrared "
infrared
"What process gives a user access to a file system on a mobile device with full permissions, essentially allowing the user to do anything on the device? mirroring jailbreaking sideloading carrier unlocking "
jailbreaking
"Mobile devices with global positioning system (GPS) abilities typically make use of: weak passwords location services open networks anti-virus software "
location services
"What monitors emails for spam and other unwanted content to prevent these messages from being delivered? mail gateway firewall router gateway code emulation"
mail gateway
"Which of the following systems is located in a satellite and regenerates a signal that is sent back to earth at another frequency? repeater cell transmitter RF receiver modulator "
repeater
"A computer that uses SSD drives and is smaller than a standard notebook is an example of what type of a portable computer? subnotebook laptop tablet netbook "
subnotebook
"What portable computing devices, designed for user convenience, have a sensor called an accelerometer that senses vibrations and movements that can determine the orientation of the device? laptops notebooks tablets subnotebook "
tablets
"Select the computing device that uses a limited version of an operating system and uses a web browser with an integrated media player. tablet notebook netbook web-based "
web-based