IS 607 Final
What are bash and zsh?
Shells
True or False? A home user connecting to a website over the Internet is an example of a wide area network (WAN) connection.
True
True or False? Procedures help enforce the intent of a policy.
True
True or False? The ownership of Internet of Things (IoT) data, as well as the metadata of that data, is sometimes in question.
True
In which domain of a typical IT infrastructure is the first layer of defense for a layered security strategy?
User Domain
Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?
Access to a higher level of expertise
In the Open Systems Interconnection (OSI) Reference Model, which layer has the user interface that displays information to the user?
Application
What is the maximum value for any octet in an Internet Protocol version 4 (IPv4) address?
255
True or False? A degausser creates a magnetic field that erases data from magnetic storage media.
True
True or False? Cryptography is the practice of making data unreadable.
True
True or False? Symmetric key ciphers require that both parties first exchange keys to be able to securely communicate.
True
True or False? The Common Criteria is a set of system procurement standards used by several countries.
True
True or False? The United States does not have one comprehensive data protection law; instead, it has many laws that focus on different types of data found in different vertical industries.
True
Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross-site scripting attack against the server. What term describes the issue that Adam discovered?
Vulnerability
Maria is a freelance network consultant. She is setting up security for a small business client's wireless network. She is configuring a feature in the wireless access point (WAP) that will allow only computers with certain wireless network cards to connect to the network. This feature filters out the network cards of any wireless computer not on the list. What is this called?
Media Access Control (MAC) address filtering
Janette is the director of her company's network infrastructure group. She is explaining to the business owners the advantages and disadvantages of outsourcing network security. One consideration she presents is the question of who would be responsible for the data, media, and infrastructure. What consideration is she describing?
Ownership
A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?
Payment Card Industry Data Security Standard (PCI DSS)
Gwen's company is planning to accept credit cards over the Internet. What governs this type of activity and includes provisions that Gwen should implement before accepting credit card transactions?
Payment Card Industry Data Security Standard (PCI DSS)
Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?
Preventive
Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?
Procedure
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?
Whois
Which information security objective verifies the action to create an object or verifies an object's existence by an entity other than the creator?
Witnessing
Which type of evidence is any physical object that you can touch or otherwise directly observe, such as a hard drive?
Real
Which type of attack involves capturing data packets from a network and retransmitting them to produce an unauthorized effect? The receipt of duplicate, authenticated Internet Protocol (IP) packets may disrupt service or produce another undesired consequence.
Replay?
Which of the following principles is not a component of the Biba integrity model?
Subjects cannot change objects that have a lower integrity level.
Unauthorized access to data centers and downtime of servers are risks to which domain of an IT infrastructure?
System/Application Domain
Maria receives a ciphertext message from her colleague Wen. What type of function does Maria need to use to read the plaintext message?
Decryption
Which term best describes the sale of goods and services on the Internet, whereby online customers buy those goods and services from a vendor's website and enter private data and checking account or credit card information to pay for them?
E-commerce
True or False? A phishing attack "poisons" a domain name on a domain name server (DNS).
False
True or False? Internet of Things (IoT) devices are typically physically secure.
False
Erin is a system administrator for a U.S. federal government agency. What law contains guidance on how she may operate a federal information system?
Federal Information Security Management Act (FISMA)
Carrie is a network technician developing the Internet Protocol (IP) addressing roadmap for her company. While IP version 4 (IPv4) has been the standard for decades, IP version 6 (IPv6) can provide a much greater number of unique IP addresses. Which addressing system should she designate for primary use on her roadmap and why?
IPv6 is only slowly being adopted. She should make IPv4 the primary addressing scheme in her roadmap until IPv6 is more widely adopted.
Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management?
ISO 27002
What is a set of concepts and policies for managing IT infrastructure, development, and operations? The information is published in a series of books, each covering a separate IT management topic.
IT Infrastructure Library (ITIL)
During which step of the incident-handling process does triage take place?
Identification
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If that is correct, which one of the tenets of information security did this attack violate?
Integrity
Which organization promotes technology issues as an agency of the United Nations?
International Telecommunication Union (ITU)
Lin is a digital forensic specialist who works in a forensic lab. She is evaluating diagnostic forensic software to add to the lab's toolkit. She wants a tool that is open source that can also be used for penetration testing. Which tool should she choose?
Kali Linux
A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime (MTD).
disaster
Susan is a digital forensic examiner. She is investigating a case in which a driver has been accused of vehicular homicide. She has the driver's mobile device and cellular records. What type of mobile device evidence is most likely to reveal whether the driver was actively using a mobile device when the incident occurred?
Device information
True or False? A port-scanning tool enables an attacker to escalate privileges on a network server.
False
True or False? Clustering comprises multiple disk drives that appear as a single disk drive but actually store multiple copies of data in case a disk drive in the array fails.
False
True or False? Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management.
False
True or False? Passphrases are less secure than passwords.
False
True or False? Regarding data-center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time.
False
True or False? Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.
False
True or False? Spyware does not use cookies.
False
True or False? The Gramm-Leach-Bliley Act (GLBA) applies to the financial activities of both consumers and privately held companies.
False
True or False? The U.S. government currently has no standard for creating cryptographic keys for classified applications.
False
True or False? The main goal of the Gramm-Leach-Bliley Act (GLBA) is to protect investors from financial fraud.
False
True or False? The term "risk methodology" refers to a list of identified risks that results from the risk identification process.
False
Alison is a security professional. A user reports that, after opening an email attachment, every document he saves is in a template format and other Microsoft Word documents will not open. After investigating the issue, Alison determines that the user's Microsoft Office normal.dot template has been damaged, as well as many Word files. What type of virus is the most likely cause?
Macro virus
Christopher is designing a security policy for his mid-size company. He would like to use an approach that allows a reasonable list of activities but prohibits all other activities. Which level of permission is he planning to use?
Prudent
There are a large number of protocols and programs that use port numbers to make computer connections. Of the following, which ones do not use port numbers?
Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
True or False? A disaster recovery plan (DRP) is part of a business continuity plan (BCP) and is necessary to ensure the restoration of resources required by the BCP to an available state.
True
True or False? An alteration threat violates information integrity.
True
True or False? The term "web defacement" refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server.
True
True or False? Visa, MasterCard, and other payment card vendors helped to create the Payment Card Industry Data Security Standard (PCI DSS).
True
Arturo is an IT manager for a school district. He is planning recovery options for a small data center that supports teacher and classroom activities for 5 of the 21 schools in his district. Many school districts in his state use similar classroom technology. Arturo is looking for a temporary alternate site that would be easy to cut over to and is affordable. Which option is most likely to fit Arturo's needs?
Reciprocal agreement with another school district
True or False? Authentication by knowledge is based on something the user knows, such as a password, passphrase, or personal identification number (PIN).
True
True or False? Changes to external requirements, such as legislation, regulation, or industry standards, that require control changes can result in a security gap for an organization.
True
True or False? Common methods used to identify a user to a system include username, smart card, and biometrics.
True
True or False? During an IT audit, security controls are checked to ensure they are effective, reliable, and functioning as required and expected.
True
True or False? Even if a mobile device is deemed not to be a direct part of a crime or incident, its ability to record the environment of an attacker during the incident could be material.
True
True or False? In a masquerade attack, one user or computer pretends to be another user or computer.
True
True or False? In cryptography, a keyspace is the number of possible keys to a cipher.
True
True or False? Internet of Things (IoT) upgrades can be difficult to distribute and deploy, leaving gaps in the remediation of IoT devices or endpoints.
True
True or False? Patching computers and devices with the latest security fixes makes them more resistant to many types of attacks.
True
True or False? Standards are mandated requirements for hardware and software solutions used to address security risk throughout an organization.
True
True or False? The Federal Information Security Modernization Act (FISMA) of 2014 assigned the Department of Homeland Security (DHS) the responsibility for developing, implementing, and ensuring federal government-wide compliance as per FISMA information security policies, procedures, and security controls.
True
True or False? The International Electrotechnical Commission (IEC) was instrumental in the development of standards for electrical measurements, including gauss, hertz, and weber.
True
True or False? The success of Trojans is due to their reliance on social engineering to spread and operate; they have to trick users into running them.
True
True or False? The term "risk management" describes the process of identifying, assessing, prioritizing, and addressing risks.
True
True or False? When planning an IT audit, one must ensure that the areas not reviewed in the current audit will be subject to another audit.
True
True or False? While running business operations at an alternate site, you must continue to make backups of data and systems.
True
Lincoln is a network security specialist. He is updating the password policy for his company's computing infrastructure. His primary method of improving password policy involves lowering the chance that an attacker can compromise and use the password before it expires. What does he do?
Enables a 30-day password change policy
Omar is an infrastructure security professional. After reviewing a set of professional ethics issued by his company, he is learning and adopting ethical boundaries in an attempt to demonstrate them to others. What is this called?
Encouraging the adoption of ethical guidelines and standards
Which of the following was developed by researchers at the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University?
Event-Based Digital Forensic Investigation Framework
