IS 360 Study Guide #1

What is the determination that evidence is either acceptable or unacceptable to a court of law? Legal hold Preservation Admissibility Order of volatility

Admissibility

Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature? Alice's public key Alice's private key Bob's public key Bob's private key

Alice's private key

Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) Reference Model. What other two layers of the model will her component need to interact with? Network and Session Session and Transport Application and Session Application and Transport

Application and Session

Which part of the C-I-A triad refers to making sure information is obtainable when needed? Confidentiality Integrity Accessibility Availability

Availability

Which type of computer crime often involves nation-state attacks by well-funded cybercriminals? Cyberstalking Cyberterrorism Online fraud Identity theft

Cyberterrorism

What is the purpose of a disaster recovery plan (DRP)? To set the value of each business process or resource as it relates to how the entire organization operates To identify the critical needs to develop a business recovery plan To set the order or priority for restoring an organization's functions after a disruption To enable an organization to make critical decisions ahead of time so personnel can manage and review decisions without the urgency of an actual disaster

To enable an organization to make critical decisions ahead of time...

Which type of cipher works by rearranging the characters in a message? Substitution Steganographic Transposition Asymmetric

Transposition

A mobile device policy states the ________ security settings required for a device to connect to an organization's networks. minimal maximal unauthorized compromised

minimal

Digitally signing a document guarantees ________ due to its use of hashing. integrity authentication confidentiality non-repudiation

non-repudiation

Windows Group Policy can be used __________ to control access to many local computer and network resources such as drives, Internet access, kiosk mode, etc. only on a remote level only on a local level only on a domain level on either a local or domain level

on either a local or domain level

Which process creates symmetric secret keys for use in a hybrid cryptography method? Exchanging private keys Diffie-Hellman key exchange Exchanging an encrypted message Exchanging public keys

Diffie-Hellman key exchange

Some ciphers, regardless of type, rely on the difficulty of solving certain mathematical problems, which is the basis for asymmetric key cryptography. Which of the following is a branch of mathematics that involves multiplicative inverses that these ciphers use? Factoring small numbers Subset sum problems Quantum physics Field theory

Field theory

In the lab, you created and saved a __________ showing the properties for the password object you created earlier in the lab. Microsoft Security Baseline Analyzer scan report Security Strategies report Notepad list Group Policy Object report

Group Policy Object report

Which cryptographical technique could be used to determine whether a file has changed? Symmetric encryption Asymmetric encryption Hashing Salting

Hashing

Which of the following is a unit of measure that represents frequency and is expressed as the number of cycles per second? Power Weber Gauss Hertz

Hertz

What organization offers a variety of security certifications that are focused on the requirements of auditors? International Information Systems Security Certification Consortium (ISC)2 CompTIA Global Information Assurance Certification (GIAC) ISACA

ISACA

During which step of the incident-handling process does triage take place? Identification Notification Response Recovery and follow-up

Identification

Oscar is a digital forensic specialist. He has been given a suspect hard disk that has been physically damaged. He wants to try to recover data. What is the first step he should take? Boot the test system from its own internal drive Send the device to an organization that specializes in data recovery from damaged devices Install it in a test system Explore logical damage recovery

Install it in a test system

Which certification is not a top-level certification in its program? GIAC Security Expert (GSE) (ISC)2 Certified Information Systems Security Professional (CISSP) Cisco Certified Design Expert (CCDE) Juniper Networks Certified Internet Professional (JNCIP)-Security

JNCIP

Alison is a security professional. A user reports that, after opening an email attachment, every document he saves is in a template format and other Microsoft Word documents will not open. After investigating the issue, Alison determines that the user's Microsoft Office normal.dot template has been damaged, as well as many Word files. What type of virus is the most likely cause? Polymorphic virus Retro virus Cross-platform virus Macro virus

Macro virus

Hajar is a network engineer. She is creating a system of access involving clearance and classification based on users and the objects they need in a secure network. She is restricting access to secure objects by users based on least privilege and which of the following? Job rotation Security awareness Need to know Separation of duties

Need to know

When Alice receives a message from Bob, she wants to be able to demonstrate to Miriam that the message actually came from Bob. What goal of cryptography is Alice attempting to achieve? Confidentiality Integrity Authentication Nonrepudiation

Nonrepudiation

In which type of computer crime do cybercriminals engage in activities to either impersonate victims or to convince victims to carry out transactions that benefit the criminals, with a focus on extracting revenue from victims? Cyberstalking Exfiltrating data Online fraud Nonaccess computer crime

Online fraud

Janette is the director of her company's network infrastructure group. She is explaining to the business owners the advantages and disadvantages of outsourcing network security. One consideration she presents is the question of who would be responsible for the data, media, and infrastructure. What consideration is she describing? Adherence to policy Ownership Privacy Risk

Ownership

What is an example of a logical access control? Key for a lock Password Access card Fence

Password

An automatic teller machine (ATM) uses a form of constrained user interface to limit the user's ability to access resources in the system. Specifically for ATMs, which method is being used? Database views Encryption Menus Physically constrained user interfaces

Physically constrained user interfaces

Which approach to cryptography uses highly parallel algorithms that could solve problems in a fraction of the time needed by conventional computers? Quantum cryptography Asymmetric cryptography Elliptic curve cryptography Classic cryptography

Quantum cryptography

Which of the following is a payload that allows a threat actor to control an exploited target through shell commands? Listener Metasploit Meterpreter Reverse_tcp

Reverse_tcp

Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work? Security information and event management (SIEM) system Intrusion prevention system (IPS) Data loss prevention (DLP) system Virtual private network (VPN)

Security information and event management (SIEM) system

What are bash and zsh? Shells File systems Graphical user interfaces (GUIs) Operating systems

Shells

Arturo discovers a virus on his system that resides only in the computer's memory and not in a file. What type of virus has he discovered? Slow virus Retro virus Cross-platform virus Multipartite virus

Slow virus

Joe is responsible for the security of the systems that control and monitor devices for a power plant. What type of system does Joe likely administer? Supervisory Control and Data Acquisition (SCADA) Embedded robotic systems Mobile fleet Mainframe

Supervisory Control and Data Acquisition (SCADA)

Which set of characteristics describes the Caesar cipher accurately? Asymmetric, block, substitution Asymmetric, stream, transposition Symmetric, stream, substitution Symmetric, block, transposition

Symmetric, stream, substitution

Which of the following is not true of hash functions? Hash functions help detect forgeries by computing a checksum of a message and then combining it with a cryptographic function so that the result is tamperproof. The hashes produced by a specific hash function may vary in size. A hash is a checksum designed so that no one can forge a message in a way that will result in the same hash as a legitimate message. The output from the message digest algorithm (MD5) or the Secure Hash Algorithm (SHA) hash provides input for an asymmetric key algorithm that uses a private key as input.

The hashes produced by a specific hash function may vary in size

Susan performs a full backup of her server every Sunday at 1:00 a.m. and differential backups on Mondays through Fridays at 1:00 a.m. Her server fails at 9:00 a.m. on Wednesday. How many backups does Susan need to restore? 1 2 3 4

2

Which of the following certifications is considered the flagship International Information Systems Security Certification Consortium (ISC)2 certification and targets middle- and senior-level managers? Certified Authorization Professional (CAP) Certified Cloud Security Professional (CCSP) Certified Information Systems Security Professional (CISSP) Systems Security Certified Practitioner (SSCP)

???

Which of the following is not an advantage of sending syslog messages to a remote server? It makes it more difficult for an attacker to tamper with the log entries. It makes it easier for the administrator to remove log entries. It can streamline forensic investigations. It can protect individual machines from exhausting local storage.

???

Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve? Higher degree of privacy Access to a higher level of expertise Developing in-house talent Building internal knowledge

Access to a higher level of expertise

Jackson is a cybercriminal. He is attempting to keep groups of a company's high-level users from accessing their work network accounts by abusing a policy designed to protect employee accounts. Jackson attempts to log in to their work accounts repeatedly using false passwords. What security method is he taking advantage of? Account lockout policies Audit login events Passphrase usage Multifactor authentication

Account lockout policies

Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature? Alice's public key Alice's private key Bob's public key Bob's private key

Alice's private key

In the Open Systems Interconnection (OSI) Reference Model, which layer has the user interface that displays information to the user? Application Presentation Session Transport

Application

In an accreditation process, who has the authority to approve a system for implementation? Certifier Authorizing official (AO) System owner System administrator

Authorizing official (AO)

Takako is a security engineer for her company's IT department. She has been tasked with developing a security monitoring system for the company's infrastructure to determine when any network activity occurs outside the norm. What essential technique does she start with? Alarms Baselines Covert acts Intrusion detection system (IDS)

Baselines

A company's IT manager has advised the business's executives to use a method of decentralized access control rather than centralized to avoid creating a single point of failure. She selects a common protocol that hashes passwords with a one-time challenge number to defeat eavesdropping-based replay attacks. What is this protocol? Challenge-Handshake Authentication Protocol (CHAP) Lightweight Directory Access Protocol (LDAP) Kerberos Password Authentication Protocol (PAP)

Challenge-Handshake Authentication Protocol CHAP

What kinds of changes would a file integrity monitor like Tripwire be used to detect? Changes to system files or directories Changes to network routing Changes to user files or directories Changes in network connectivity

Changes to systems files or directories

Which cryptographic attack is relevant in only asymmetric key systems and hash functions? Chosen plaintext Ciphertext only Known plaintext Chosen ciphertext

Chosen ciphertext

Which method of fault tolerance connects two or more computers to act like a single computer in a highly coordinated manner? Redundant Array of Inexpensive Disks (RAID) Clustering Load balancing Outsourcing to the cloud

Clustering

Which principle of effective digital forensic investigations helps to ensure data in memory is not lost? Minimize original data handling Enforce the rules of evidence Do not exceed your knowledge Consider data volatility

Consider data volatility

Which of the following should you avoid during a disaster and recovery? Continue normal processes, such as separation of duties or spending limits If a number of systems are down, provide additional guidance or support to users Combine services that were on different hardware platforms onto common servers to speed up recovery While running at the alternate site, continue to make backups of data and systems

Continue normal processes, such as separation of duties or spending limits

Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered? Structured Query Language (SQL) injection Command injection Extensible Markup Language (XML) injection Cross-site scripting (XSS)

Cross-site scripting (XSS)

Which type of password attack is used on weak passwords and compares a hashed value of the passwords to the system password file to find a match? Dictionary attack Rainbow table attack Social engineering attack Brute-force attack

Dictionary attack

What type of attack occurs in real time and is often conducted against a specific target? Unstructured Structured Direct Indirect

Direct

Arturo is a network engineer. He wants to implement an access control system in which the owner of the resource decides who can change permissions, and permission levels can be granted to specific users, groups of people in the same or similar job roles, or by project. Which of the following should Arturo choose? Discretionary access control (DAC) Mandatory access control (MAC) Nondiscretionary access control Access control lists

Discretionary access control (DAC)

Lin is conducting an audit of an identity management system. Which question is not likely to be in the scope of her audit? Does the organization have an effective password policy? Does the firewall properly block unsolicited network connection attempts? Who grants approval for access requests? Is the password policy uniformly enforced?

Does the firewall properly block unsolicited network connection attempts?

Lincoln is a network security specialist. He is updating the password policy for his company's computing infrastructure. His primary method of improving password policy involves lowering the chance that an attacker can compromise and use the password before it expires. What does he do? Enables a 30-day password change policy Requires all passwords to contain at least eight alphanumeric characters Mandates that no password includes words common in an English dictionary Forbids a password being changed to any of the previous 10 passwords listed in the password history

Enables a 30-day password change policy

Tonya is working with a team of subject matter experts to diagnose a problem with her system. The experts determine that the problem likely resides at the Transport Layer of the Open Systems Interconnection (OSI) model. Which functionality is the most likely suspect? Process-to-process communication End-to-end communication maintenance Routing Signaling

End-to-end communication maintenance

Which of the following is least likely to be needed when rebuilding systems that were damaged during a disaster? Updating operating systems and applications with the most current patches Restoring data to the recovery point objective (RPO) Ensuring there are adequate operating system licenses Activating access control rules, directories, and remote access systems to permit users to get on the new systems

Ensuring there are adequate operating system licenses

Anya is a cybersecurity engineer for a high-secrecy government installation. She is configuring biometric security that will either admit or deny entry using facial recognition software. Biometric devices have error rates and certain types of accuracy errors that are more easily tolerated depending on need. In this circumstance, which error rate is she likely to allow to be relatively high? None Crossover error rate (CER) False acceptance rate (FAR) False rejection rate (FRR)

False rejection rate (FRR)

Which of the following agencies is not involved in the Gramm-Leach-Bliley Act (GLBA) oversight process? Securities and Exchange Commission (SEC) Federal Trade Commission (FTC) Federal Deposit Insurance Corporation (FDIC) Federal Communications Commission (FCC)

Federal Communications Commission (FCC)

Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is not a good approach for destroying data? Formatting Degaussing Physical destruction Repeatedly overwriting data

Formatting

Antivirus, firewall, and email use policies belong to what part of a security policy hierarchy? Environment Functional policies in support of organization policy Organizational security policy Supporting mechanisms

Functional policies in support of organization policy

Bob is sending a message to Alice. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Bob attempting to achieve? Confidentiality Integrity Authentication Nonrepudiation

Integrity

Rodrigo has just received an email at work from an unknown person. The sender claims to have incriminating evidence against Rodrigo and threatens to release it to his employer and his family unless he discloses certain confidential information about his employer's company. Rodrigo does not know that several other people in the organization received the same email. What form of social engineering has occurred? Intimidation Name dropping Appeal for help Phishing

Intimidation

Lin is a digital forensic specialist who works in a forensic lab. She is evaluating diagnostic forensic software to add to the lab's toolkit. She wants a tool that is open source that can also be used for penetration testing. Which tool should she choose? Kali Linux OSForensics EnCase The Forensic Toolkit (FTK)

Kali Linux

Which term describes a process that requires an organization to preserve and not alter evidence that may be used in court? This process can help ensure that normal data-handling procedures do not contaminate or even delete data that may be needed for a case. Legal hold E-discovery Admissibility Hash function

Legal hold

Which of the following is a digital forensics specialist least likely to need in-depth knowledge of? Computer memory, such as cache and random access memory (RAM) Storage devices Mainframes Operating systems, such as Windows, Linux, and macOS

Mainframes

Isabella is an IT security manager for a state agency. The agency can survive for nine hours without a functioning data center. If the power goes out in her data center, Isabella estimates it will take six hours to move data center operations to an alternate site. Which of the following describes how long the agency can survive without a functioning data center? Critical business function (CBF) Maximum tolerable downtime (MTD) Recovery time objective (RTO) Recovery point objective (RPO)

Maximum tolerable downtime (MTD)

Which of the following is not true of mobile devices and forensics? Mobile devices can be volatile and remotely managed. Mobile devices do not need to follow ordinary chain of custody techniques. Although options are available for breaking mobile device access controls, there is no guarantee that you will be able to access the device's data without the owner's cooperation. The process of accessing evidence on a mobile device is similar to that on a normal computer.

Mobile devices do not need to follow...

Which type of evidence is any physical object that you can touch or otherwise directly observe, such as a hard drive? Real Documentary Testimonial Demonstrative

Real

What is the correct order of change control procedures regarding changes to systems and networks? Request, approval, impact assessment, build/test, monitor, implement Request, impact assessment, approval, build/test, implement, monitor Request, approval, impact assessment, build/test, implement, monitor Request, impact assessment, approval, build/test, monitor, implement

Request, impact assessment, approval, build/test, implement, monitor

During which step of the incident-handling process is the goal to contain the incident? Identification Notification Response Recovery and follow-up

Response

Ben is working toward a position as a senior security administrator. He would like to earn his first International Information Systems Security Certification Consortium (ISC)2 certification. Which certification is most appropriate for his needs? Systems Security Certified Practitioner (SSCP) Certified Information Systems Security Professional (CISSP) Certified Secure Software Lifecycle Professional (CSSLP) Certified Cloud Security Professional (CCSP)

SSCP

The chief executive officer (CEO) of a company recently fell victim to an attack. The attackers sent the CEO an email that appeared to come from the company's attorney. The email informed the CEO that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place? Spear phishing Pharming Ransomware Command injection

Spear phishing

Which attack method best describes a spam email campaign that targets the head of an organization? Clone phishing Keylogging Spear phishing Pharming

Spear phishing

Which of the following principles is not a component of the Biba integrity model? Subjects cannot read objects that have a lower level of integrity than the subject. Subjects cannot change objects that have a lower integrity level. Subjects at a given integrity level can call up only subjects at the same integrity level or lower. A subject may not ask for service from subjects that have a higher integrity level.

Subjects cannot change objects that have a lower integrity level

Which of the following tools is used to modify permissions on the TargetWindowsDC01 server to allow new users to use the remote desktop services? The Security Editor The Group Policy Object Editor The Remote Desktop Services Editor The Remote User Editor

The Remote User Editor

What does the Tripwire site passphrase protect? The Tripwire configuration and policy files The Tripwire database The administrative account The system log files

The Tripwire database

Log files can help provide evidence of normal and abnormal system activity, as well as valuable information on how well security controls are doing their jobs. Regulation, policy, or log volume might dictate how much log information to keep. If a log file is subject to litigation, how long must a company keep it? A minimum of seven years At least one year Until litigation starts Until the case is over

Until the case is over

What is the only unbreakable cipher when it is used properly? Rivest-Shamir-Adelman (RSA) Vernam Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) Blowfish

Vernam

Marco is in a web development program. He is studying various web-related standards that apply to Cascading Style Sheets (CSS) and HyperText Markup Language (HTML). What authoritative source should he consult? International Electrotechnical Commission (IEC) Internet Engineering Task Force (IETF) International Organization for Standardization (ISO) World Wide Web Consortium (W3C)

W3C

The FAT32 and NTFS file systems are associated with which of the following? Android Windows Linux macOS

Windows

Asymmetric cryptography provides ________ of the ________. confidentiality; sender confidentiality; recipient authentication; sender authentication; recipient

authentication; sender

Symmetric cryptography provides ________ and ________. confidentiality; integrity confidentiality; authentication integrity; non-repudiation authentication; non-repudiation

confidentiality; authentication

The malicious insertion of code to extract data or modify a website's code, application, or content is known as a ________ attack. denial-of-service reverse payload cross-site scripting phishing

cross-site scripting

A hash of data can be identified with ________ attacks, so it is customary to add ________ to a hash to ensure that the hash value appears to be different each time it is used. dictionary; a salt brute force; encryption dictionary; an RSA key brute force; a Diffie-Hellman key

dictionary; a salt

Cherilyn is a security consultant hired by a company to develop its system auditing protocols. She and the company's chief information officer (CIO) agree that audits are an important consideration. In her report to the CIO and other C-level officers of the corporation, she recommends that the security policy include audit categories and ______________ for conducting audits. appropriate security levels data security standards frequency requirements permissions protocols

frequency requirements

Which tool is helpful for finding entries that match a specified pattern in Linux system logs? sudo rsyslog PuTTY grep

grep

Leola is a cybersecurity consultant hired by a company to test the effectiveness of its network's defenses. She has something in common with the malicious people who would perform the same tasks involved in _________________, except that, unlike Leola, they would not have consent to perform this action against the system. stateful matching penetration testing network access control system hardening

penetration testing

In the Windows Group Policy Management Console, a forest is a collection of ________. domains policies user trees password trees

policies

Change control management should be focused on: federal government laws and regulations. the latest best practices and standards. training individual users to be vigilant in defending themselves against malware and viruses. the three core goals of confidentiality, integrity, and availability (C-I-A) of information.

the three core goals