IS 607 Final

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

What are bash and zsh?

Shells

True or False? A home user connecting to a website over the Internet is an example of a wide area network (WAN) connection.

True

True or False? Procedures help enforce the intent of a policy.

True

True or False? The ownership of Internet of Things (IoT) data, as well as the metadata of that data, is sometimes in question.

True

In which domain of a typical IT infrastructure is the first layer of defense for a layered security strategy?

User Domain

Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?

Access to a higher level of expertise

In the Open Systems Interconnection (OSI) Reference Model, which layer has the user interface that displays information to the user?

Application

What is the maximum value for any octet in an Internet Protocol version 4 (IPv4) address?

255

True or False? A degausser creates a magnetic field that erases data from magnetic storage media.

True

True or False? Cryptography is the practice of making data unreadable.

True

True or False? Symmetric key ciphers require that both parties first exchange keys to be able to securely communicate.

True

True or False? The Common Criteria is a set of system procurement standards used by several countries.

True

True or False? The United States does not have one comprehensive data protection law; instead, it has many laws that focus on different types of data found in different vertical industries.

True

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross-site scripting attack against the server. What term describes the issue that Adam discovered?

Vulnerability

Maria is a freelance network consultant. She is setting up security for a small business client's wireless network. She is configuring a feature in the wireless access point (WAP) that will allow only computers with certain wireless network cards to connect to the network. This feature filters out the network cards of any wireless computer not on the list. What is this called?

Media Access Control (MAC) address filtering

Janette is the director of her company's network infrastructure group. She is explaining to the business owners the advantages and disadvantages of outsourcing network security. One consideration she presents is the question of who would be responsible for the data, media, and infrastructure. What consideration is she describing?

Ownership

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?

Payment Card Industry Data Security Standard (PCI DSS)

Gwen's company is planning to accept credit cards over the Internet. What governs this type of activity and includes provisions that Gwen should implement before accepting credit card transactions?

Payment Card Industry Data Security Standard (PCI DSS)

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

Preventive

Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing?

Procedure

What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?

Whois

Which information security objective verifies the action to create an object or verifies an object's existence by an entity other than the creator?

Witnessing

Which type of evidence is any physical object that you can touch or otherwise directly observe, such as a hard drive?

Real

Which type of attack involves capturing data packets from a network and retransmitting them to produce an unauthorized effect? The receipt of duplicate, authenticated Internet Protocol (IP) packets may disrupt service or produce another undesired consequence.

Replay?

Which of the following principles is not a component of the Biba integrity model?

Subjects cannot change objects that have a lower integrity level.

Unauthorized access to data centers and downtime of servers are risks to which domain of an IT infrastructure?

System/Application Domain

Maria receives a ciphertext message from her colleague Wen. What type of function does Maria need to use to read the plaintext message?

Decryption

Which term best describes the sale of goods and services on the Internet, whereby online customers buy those goods and services from a vendor's website and enter private data and checking account or credit card information to pay for them?

E-commerce

True or False? A phishing attack "poisons" a domain name on a domain name server (DNS).

False

True or False? Internet of Things (IoT) devices are typically physically secure.

False

Erin is a system administrator for a U.S. federal government agency. What law contains guidance on how she may operate a federal information system?

Federal Information Security Management Act (FISMA)

Carrie is a network technician developing the Internet Protocol (IP) addressing roadmap for her company. While IP version 4 (IPv4) has been the standard for decades, IP version 6 (IPv6) can provide a much greater number of unique IP addresses. Which addressing system should she designate for primary use on her roadmap and why?

IPv6 is only slowly being adopted. She should make IPv4 the primary addressing scheme in her roadmap until IPv6 is more widely adopted.

Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management?

ISO 27002

What is a set of concepts and policies for managing IT infrastructure, development, and operations? The information is published in a series of books, each covering a separate IT management topic.

IT Infrastructure Library (ITIL)

During which step of the incident-handling process does triage take place?

Identification

Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If that is correct, which one of the tenets of information security did this attack violate?

Integrity

Which organization promotes technology issues as an agency of the United Nations?

International Telecommunication Union (ITU)

Lin is a digital forensic specialist who works in a forensic lab. She is evaluating diagnostic forensic software to add to the lab's toolkit. She wants a tool that is open source that can also be used for penetration testing. Which tool should she choose?

Kali Linux

A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime (MTD).

disaster

Susan is a digital forensic examiner. She is investigating a case in which a driver has been accused of vehicular homicide. She has the driver's mobile device and cellular records. What type of mobile device evidence is most likely to reveal whether the driver was actively using a mobile device when the incident occurred?

Device information

True or False? A port-scanning tool enables an attacker to escalate privileges on a network server.

False

True or False? Clustering comprises multiple disk drives that appear as a single disk drive but actually store multiple copies of data in case a disk drive in the array fails.

False

True or False? Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management.

False

True or False? Passphrases are less secure than passwords.

False

True or False? Regarding data-center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time.

False

True or False? Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.

False

True or False? Spyware does not use cookies.

False

True or False? The Gramm-Leach-Bliley Act (GLBA) applies to the financial activities of both consumers and privately held companies.

False

True or False? The U.S. government currently has no standard for creating cryptographic keys for classified applications.

False

True or False? The main goal of the Gramm-Leach-Bliley Act (GLBA) is to protect investors from financial fraud.

False

True or False? The term "risk methodology" refers to a list of identified risks that results from the risk identification process.

False

Alison is a security professional. A user reports that, after opening an email attachment, every document he saves is in a template format and other Microsoft Word documents will not open. After investigating the issue, Alison determines that the user's Microsoft Office normal.dot template has been damaged, as well as many Word files. What type of virus is the most likely cause?

Macro virus

Christopher is designing a security policy for his mid-size company. He would like to use an approach that allows a reasonable list of activities but prohibits all other activities. Which level of permission is he planning to use?

Prudent

There are a large number of protocols and programs that use port numbers to make computer connections. Of the following, which ones do not use port numbers?

Secure Sockets Layer (SSL) or Transport Layer Security (TLS)

True or False? A disaster recovery plan (DRP) is part of a business continuity plan (BCP) and is necessary to ensure the restoration of resources required by the BCP to an available state.

True

True or False? An alteration threat violates information integrity.

True

True or False? The term "web defacement" refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server.

True

True or False? Visa, MasterCard, and other payment card vendors helped to create the Payment Card Industry Data Security Standard (PCI DSS).

True

Arturo is an IT manager for a school district. He is planning recovery options for a small data center that supports teacher and classroom activities for 5 of the 21 schools in his district. Many school districts in his state use similar classroom technology. Arturo is looking for a temporary alternate site that would be easy to cut over to and is affordable. Which option is most likely to fit Arturo's needs?

Reciprocal agreement with another school district

True or False? Authentication by knowledge is based on something the user knows, such as a password, passphrase, or personal identification number (PIN).

True

True or False? Changes to external requirements, such as legislation, regulation, or industry standards, that require control changes can result in a security gap for an organization.

True

True or False? Common methods used to identify a user to a system include username, smart card, and biometrics.

True

True or False? During an IT audit, security controls are checked to ensure they are effective, reliable, and functioning as required and expected.

True

True or False? Even if a mobile device is deemed not to be a direct part of a crime or incident, its ability to record the environment of an attacker during the incident could be material.

True

True or False? In a masquerade attack, one user or computer pretends to be another user or computer.

True

True or False? In cryptography, a keyspace is the number of possible keys to a cipher.

True

True or False? Internet of Things (IoT) upgrades can be difficult to distribute and deploy, leaving gaps in the remediation of IoT devices or endpoints.

True

True or False? Patching computers and devices with the latest security fixes makes them more resistant to many types of attacks.

True

True or False? Standards are mandated requirements for hardware and software solutions used to address security risk throughout an organization.

True

True or False? The Federal Information Security Modernization Act (FISMA) of 2014 assigned the Department of Homeland Security (DHS) the responsibility for developing, implementing, and ensuring federal government-wide compliance as per FISMA information security policies, procedures, and security controls.

True

True or False? The International Electrotechnical Commission (IEC) was instrumental in the development of standards for electrical measurements, including gauss, hertz, and weber.

True

True or False? The success of Trojans is due to their reliance on social engineering to spread and operate; they have to trick users into running them.

True

True or False? The term "risk management" describes the process of identifying, assessing, prioritizing, and addressing risks.

True

True or False? When planning an IT audit, one must ensure that the areas not reviewed in the current audit will be subject to another audit.

True

True or False? While running business operations at an alternate site, you must continue to make backups of data and systems.

True

Lincoln is a network security specialist. He is updating the password policy for his company's computing infrastructure. His primary method of improving password policy involves lowering the chance that an attacker can compromise and use the password before it expires. What does he do?

Enables a 30-day password change policy

Omar is an infrastructure security professional. After reviewing a set of professional ethics issued by his company, he is learning and adopting ethical boundaries in an attempt to demonstrate them to others. What is this called?

Encouraging the adoption of ethical guidelines and standards

Which of the following was developed by researchers at the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University?

Event-Based Digital Forensic Investigation Framework


संबंधित स्टडी सेट्स

Module 4: SAP SuccessFactors HCM - Employee Profile

View Set

Compare the structure and function of arteries, Veins and capillaries

View Set

Tx Politics and Society-Chapter 8-SmartBook

View Set

Peds Test 1 (Chapters 2, 3, 4, 5, 6, 9, 10, 11, 12, 13, 14, 15, 17, 18, 20)

View Set

Community and public health final exam

View Set