ITM 350 finial study guide (chapters 7-12)
What file type is least likely to be impacted by a file infector virus?
.docx
Susan performs a full backup of her server every Sunday at 1:00 a.m. and differential backups on Mondays through Fridays at 1:00 a.m. Her server fails at 9:00 a.m. on Wednesday. How many backups does Susan need to restore?
2
Rylie is a newly hired cybersecurity expert for a government agency. Rylie used to work in the private sector. She has discovered that, whereas private sector companies often had confusing hierarchies for data classification, the government's classifications are well known and standardized. As part of her training, she is researching data that requires special authorization beyond normal classification. What is this type of data called?
A. Compartmentalized
Antivirus, firewall, and email use policies belong to what part of a security policy hierarchy?
A. Functional policies in support of organization policy
Hajar is a network engineer. She is creating a system of access involving clearance and classification based on users and the objects they need in a secure network. She is restricting access to secure objects by users based on least privilege and which of the following?
A. Need to know
Janette is the director of her company's network infrastructure group. She is explaining to the business owners the advantages and disadvantages of outsourcing network security. One consideration she presents is the question of who would be responsible for the data, media, and infrastructure. What consideration is she describing?
A. Ownership
Mia is her company's network security professional. She is developing access policies based on personnel security principles. As part of this effort, she is devising a method of taking high-security tasks and splitting them among several different employees so that no one person is responsible for knowing and performing the entire task. What practice is she developing?
A. Separation of duties
Juan is a wireless security professional. He is selecting a standard for wireless encryption protocols for access points and devices for his agency. For the highest security, which protocol should Juan choose?
A. Wi-Fi Protected Access version 3 (WPA3)
What is the determination that evidence is either acceptable or unacceptable to a court of law?
Admissibility
Hajar is responsible for keeping her banking institution's servers operating 24/7/365. Her recovery strategy is to have fully redundant or duplicate operations and synchronized data and to operate the site continuously. Which strategy has she selected?
Alternate processing center or mirrored site
What is not a privacy principle created by the Organisation for Economic Co-operation and Development (OECD)?
An organization should share its information.
Security objectives add value to relationships between businesses or between businesses and their customers. Which objective binds a message or data to a specific entity?
B. Digital signature
Biyu is a network administrator. She is developing the compliance aspect of her company's security policy. Currently, she is focused on the records of actions that the organization's operating system or application software creates. What aspect of compliance is Biyu focusing on?
B. Event logs
Takako is a security engineer for her company's IT department. She has been tasked with developing a security monitoring system for the company's infrastructure to determine when any network activity occurs outside the norm. What essential technique does she start with?
Baselines
Alice would like to send a message to Bob securely and wishes to use asymmetric encryption to encrypt the contents of the message. What key does she use to encrypt this message?
Bob's public key
Lin is creating a template for the configuration of Windows servers in her organization. The configuration includes the basic security settings that should apply to all systems. What type of document should she create?
C. Baseline
Applications represent the most common avenue for users, customers, and attackers to access data, which means you must build the software to enforce the security policy and to ensure compliance with regulations, including the privacy and integrity of both data and system processes. Regardless of the development model, the application must validate all input. Certain attacks can take advantage of weak validation. One such attack provides script code that causes a trusted user who views the input script to send malicious commands to a web server. What is this called?
C. Cross-site request forgery (XSRF)
Omar is an infrastructure security professional. After reviewing a set of professional ethics issued by his company, he is learning and adopting ethical boundaries in an attempt to demonstrate them to others. What is this called?
C. Encouraging the adoption of ethical guidelines and standards
Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is not a good approach for destroying data?
C. Formatting
Rodrigo has just received an email at work from an unknown person. The sender claims to have incriminating evidence against Rodrigo and threatens to release it to his employer and his family unless he discloses certain confidential information about his employer's company. Rodrigo does not know that several other people in the organization received the same email. What form of social engineering has occurred?
C. Intimidation
Which method of fault tolerance connects two or more computers to act like a single computer in a highly coordinated manner?
Clustering
Which principle of effective digital forensic investigations helps to ensure data in memory is not lost?
Consider data volatility
Which of the following should you avoid during a disaster and recovery? If a number of systems are down, provide additional guidance or support to users Combine services that were on different hardware platforms onto common servers to speed up recovery While running at the alternate site, continue to make backups of data and systems Continue normal processes, such as separation of duties or spending limits
Continue normal processes, such as separation of duties or spending limits
What program, released in 2013, is an example of ransomware?
CryptoLocker
Which type of computer crime often involves nation-state attacks by well-funded cybercriminals?
Cyberterrorism
Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?
D. Access to a higher level of expertise
In an accreditation process, who has the authority to approve a system for implementation?
D. Authorizing official (AO)
Donnelly is an IT specialist. He is in charge of the server and network appliances inventory. The infrastructure roadmap calls for a network systems reconfiguration in the next six months. Adina, the security expert, asks Donnelly to prepare a standardized list of all current and proposed equipment and then to present it to her in a hardware configuration chart. What does Adina tell Donnelly that the chart should include?
D. Copies of all software configurations for routers and switches
Some ciphers, regardless of type, rely on the difficulty of solving certain mathematical problems, which is the basis for asymmetric key cryptography. Which of the following is a branch of mathematics that involves multiplicative inverses that these ciphers use?
D. Field theory
Marguerite is creating a budget for a software development project. What phase of the system life cycle is she undertaking?
D. Project initiation and planning
Maria receives a ciphertext message from her colleague Wen. What type of function does Maria need to use to read the plaintext message?
Decryption
Which type of evidence helps explain other evidence and includes visual aids such as charts and graphs?
Demonstrative
Alice and Bob would like to communicate with each other using a session key, but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?
Diffie-Hellman
What is not a symmetric encryption algorithm?
Diffie-Hellman
Which type of evidence is stored in a computer's memory, as well as on storage devices as in files, and must be accompanied by documentation that validates the evidence's authenticity?
Documentary
What is a goal of vulnerability testing?
Documenting the lack of security control or misconfiguration
Lin is conducting an audit of an identity management system. Which question is not likely to be in the scope of her audit?
Does the firewall properly block unsolicited network connection attempts?
Which of the following is not an objective of cryptanalysis, the process of breaking codes?
Encrypt the plaintext of a target message
Which of the following is least likely to be needed when rebuilding systems that were damaged during a disaster?
Ensuring there are adequate operating system licenses
Which of the following was developed by researchers at the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University?
Event-Based Digital Forensic Investigation Framework
An effective audit report gets right to the point and often begins with a summary followed by the details. Because the summary may find its way outside the organization's leadership, what should auditors take care not to do?
Expose security weaknesses
True or False? A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.
False
True or False? All types of disaster recovery sites are available in the cloud.
False
True or False? Change does not create risk for a business.
False
True or False? Clustering comprises multiple disk drives that appear as a single disk drive but actually store multiple copies of data in case a disk drive in the array fails.
False
True or False? Configuration changes can be made at any time during a system life cycle, and no process is required.
False
True or False? Cyberterrorism is the use of online media and assets to harass individuals.
False
True or False? During a simulation test of a contingency plan, you must shut down the original system at the primary site for the duration.
False
True or False? Mandatory vacations minimize risk by rotating employees among various systems or duties.
False
True or False? Operating systems remove data when a file is deleted.
False
True or False? Testimonial evidence is often the most important evidence in court because it provides relevance for other types of evidence.
False
True or False? The macOS operating system uses the ext3 or ext4 file systems.
False
True or False? The process of collecting evidence is called evidence preservation.
False
True or False? The term "firmware" indicates that software is stored on a separate storage unit within a file system, as opposed to directly in the hardware.
False
True or False? When outsourcing operations to a cloud service provider, the client is responsible for determining the best fault tolerance implementations to meet the service level-agreement (SLA) availability requirements.
False
True or False? You must always use the same algorithm to encrypt information and decrypt the same information.
False
Antonio is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?
False positive error
What is a set of concepts and policies for managing IT infrastructure, development, and operations? The information is published in a series of books, each covering a separate IT management topic.
IT Infrastructure Library (ITIL)
During which step of the incident-handling process does triage take place?
Identification
Oscar is a digital forensic specialist. He has been given a suspect hard disk that has been physically damaged. He wants to try to recover data. What is the first step he should take?
Install it in a test system
Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she filter?
Internet Control Message Protocol (ICMP)
Which of the following is not true of data backup options? An incremental backup starts with a full backup; successive backups back up only that day's changes. A full backup copies everything to backup media. A differential backup starts with making a full backup; successive backups back up changes made since the last full backup. It is faster to create differential weekday backups than incremental backups.
It is faster to create differential weekday backups than incremental backups.
Lin is a digital forensic specialist who works in a forensic lab. She is evaluating diagnostic forensic software to add to the lab's toolkit. She wants a tool that is open source that can also be used for penetration testing. Which tool should she choose?
Kali Linux
Which term describes a process that requires an organization to preserve and not alter evidence that may be used in court? This process can help ensure that normal data-handling procedures do not contaminate or even delete data that may be needed for a case.
Legal hold
Which of the following is a digital forensics specialist least likely to need in-depth knowledge of?
Mainframes
Isabella is a digital forensic specialist. She wants to recover deleted data from a computer disk. The computer is currently running. Which process should she take to do so without accidentally overwriting any deleted data?
Make an image of memory, shut down the computer, attach the disk drive to a forensic lab device, and read the data from the disk
When should an organization's managers have an opportunity to respond to the findings in an audit?
Managers have the opportunity to respond to a draft copy of the audit report. Auditors then put that response in the final report.
Isabella is an IT security manager for a state agency. The agency can survive for nine hours without a functioning data center. If the power goes out in her data center, Isabella estimates it will take six hours to move data center operations to an alternate site. Which of the following describes how long the agency can survive without a functioning data center?
Maximum tolerable downtime (MTD)
What is the average time a device will function before it fails?
Mean time to failure (MTTF)
Which agreement type is typically less formal than other agreements and expresses areas of common interest?
Memorandum of understanding (MOU)
Which of the following is not true of mobile devices and forensics?
Mobile devices do not need to follow ordinary chain of custody techniques.
Security controls place limits on activities that might pose a risk to an organization. Ricky, a security engineer for his company, is performing a review and measurement of all controls to capture changes to any environment component. What is this called?
Monitoring
When Alice receives a message from Bob, she wants to be able to demonstrate to Miriam that the message actually came from Bob. What goal of cryptography is Alice attempting to achieve?
Nonrepudiation
In which type of computer crime do cybercriminals engage in activities to either impersonate victims or to convince victims to carry out transactions that benefit the criminals, with a focus on extracting revenue from victims?
Online fraud
A computing device does not play which role in a crime?
Perpetrator
Which regulatory standard would not require audits of companies in the United States?
Personal Information Protection and Electronic Documents Act (PIPEDA)
Jermaine is a security administrator for his company. He is developing a defense against attacks based on network-mapping methods. He prevents the Internet Control Message Protocol (ICMP) from operating to stop attackers from using ping packets to discover the network layout, but he must also guard against operating system fingerprinting since many attacks are tailored to specific operating systems. What must Jermaine be concerned about?
Port mapping
During which step of the incident-handling process do you develop a formal communication plan and identify all key stakeholders?
Preparation
Christopher is designing a security policy for his mid-size company. He would like to use an approach that allows a reasonable list of activities but prohibits all other activities. Which level of permission is he planning to use?
Prudent
What is the least likely goal of an information security awareness program?
Punish users who violate policy
Which data source comes first in the order of volatility when conducting a forensic investigation?
Random access memory (RAM)
Which type of evidence is any physical object that you can touch or otherwise directly observe, such as a hard drive?
Real
Arturo is an IT manager for a school district. He is planning recovery options for a small data center that supports teacher and classroom activities for 5 of the 21 schools in his district. Many school districts in his state use similar classroom technology. Arturo is looking for a temporary alternate site that would be easy to cut over to and is affordable. Which option is most likely to fit Arturo's needs?
Reciprocal agreement with another school district
During which step of the incident-handling process should a lessons-learned review of the incident be conducted?
Recovery and follow-up
Isabella is an IT security manager for a state agency. The agency can survive for nine hours without a functioning data center. The power goes out in her data center. It takes six hours to move data center operations to an alternate site. Which of the following describes the time it takes for the move?
Recovery time objective (RTO)
Karen is a hacker. She wants to access a server and control it remotely. The tool she plans to use is a type of Trojan. What tool will Karen use for this purpose?
Remote access tool (RAT)
What is the correct order of change control procedures regarding changes to systems and networks?
Request, impact assessment, approval, build/test, implement, monitor
During which step of the incident-handling process is the goal to contain the incident?
Response
Bob is developing a web application that depends on a backend database. What type of attack could a malicious individual use to send commands through his web application to the database?
SQL injection
Which of the following is a type of denial of service (DoS) attack?
SYN (synchronize) flood
Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?
Security information and event management (SIEM) system
Aditya is a network technician. He is collecting system data for an upcoming internal system audit. He is currently performing vulnerability testing to determine what weaknesses may exist in the network's security. What form of assessment is he conducting?
Security testing
Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?
Service Organization Control (SOC) 3
What are bash and zsh?
Shells
Which intrusion detection system strategy relies on pattern matching?
Signature detection
Carl has assembled a team of representatives from each department to test a new business continuity plan (BCP). During the test, the representatives meet in a room and review many aspects of the plan, such as the goals, scope, assumptions, and the structure of the organization. They also conduct scenario-based exercises as though they are executing the plan for a certain type of incident to find errors, such as gaps or overlaps. What type of plan is being conducted?
Structured walk-through
Joe is responsible for the security of the systems that control and monitor devices for a power plant. What type of system does Joe likely administer?
Supervisory Control and Data Acquisition (SCADA)
Which set of characteristics describes the Caesar cipher accurately?
Symmetric, stream, substitution
Which type of virus targets computer hardware and software startup functions?
System infector
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
System integrity monitoring
Which type of evidence is information collected from individuals that supports and helps to interpret other types of evidence?
Testimonial
Susan is a digital forensic examiner. She is investigating a case in which a driver has been accused of vehicular homicide. She has the driver's mobile device and cellular records. What type of mobile device evidence is most likely to reveal whether the driver was actively using a mobile device when the incident occurred?
Text messages
Which of the following is not true of hash functions?
The hashes produced by a specific hash function may vary in size.
Which of the following is not true of contingency planning? The maximum tolerable downtime (MTD) is the maximum period of time that a business can survive a disabled critical function. The recovery point objective (RPO) is the point to which data must be recovered. The recovery time objective (RTO) is the amount of time needed to recover a business process. It is often made up of several interlinked RTOs. The mean time between failures (MTBF) is closely associated with the recovery time objectives (RTOs) of several integrated critical business functions (CBFs).
The mean time between failures (MTBF) is closely associated with the recovery time objectives (RTOs) of several integrated critical business functions (CBFs).
Alison is a security professional. A user reports that, after opening an email attachment, every document he saves is in a template format and other Microsoft Word documents will not open. After investigating the issue, Alison determines that the user's Microsoft Office normal.dot template has been damaged, as well as many Word files. What type of virus is the most likely cause?
Threat
What is the purpose of a disaster recovery plan (DRP)?
To enable an organization to make critical decisions ahead of time so personnel can manage and review decisions without the urgency of an actual disaster
True or False? A Faraday bag stops any electromagnetic emanations from passing into or out of the bag, preventing a mobile device from communicating with the outside world.
True
True or False? A functional policy declares an organization's management direction for security in such specific functional areas as email use, remote access, and Internet interaction (including social media).
True
True or False? A hash function is a mathematical function that takes arbitrary data as input and returns a fixed-length output (number).
True
True or False? A parallel test of a contingency plan is the same as a full-interruption test except that processing does not stop at the primary site.
True
True or False? A primary concern for collected evidence is the preservation of its collected state, which means assurance that evidence remains unchanged from its state when it was collected.
True
True or False? A security awareness program should address the requirements and expectations of an organization's security policy.
True
True or False? A successful business impact analysis (BIA) maps the context, the critical business functions (CBFs), and the processes on which they rely.
True
True or False? All types of evidence are subject to the chain of custody procedures.
True
True or False? An example of a nonaccess computer crime is crashing a target's critical functionality to prevent normal (revenue-creating) processes from occurring.
True
True or False? An organization can maintain a cloud-based disaster recovery site for a fraction of the cost of a physical site.
True
True or False? Any component that, if it fails, could interrupt business processing is called a single point of failure (SPOF).
True
True or False? Business continuity management includes business continuity planning, disaster recovery planning, crisis management, incident response management, and risk management.
True
True or False? Change control is the management of changes to the configuration of a system.
True
True or False? Classification scope determines what data to classify; classification process determines how to handle classified data.
True
True or False? Company-related classifications are not standard; therefore, there may be some differences of meaning between the terms "private" and "confidential" in different companies.
True
True or False? Digital forensics is the process of using well-defined analytical and investigative techniques to guide the processes of collecting and examining evidence related to a computer security incident.
True
True or False? E-discovery is an iterative process of examining storage media, searching for items of interest, identifying likely items that may have value as evidence, and then recovering those items.
True
True or False? Even if a mobile device is deemed not to be a direct part of a crime or incident, its ability to record the environment of an attacker during the incident could be material.
True
True or False? Examples of major disruptions include extreme weather, application failure, and criminal activity.
True
True or False? Fault-tolerance options are not replacements for data backups.
True
True or False? Forensic labs may use both open source and commercial software for digital analysis.
True
True or False? Generally, once evidence becomes inadmissible, it cannot be fixed.
True
True or False? In an incremental backup, you start with a full backup when network traffic is light. Then, each night, you back up only that day's changes.
True
True or False? In remote journaling, a system writes a log of online transactions to an offsite location.
True
True or False? Patching computers and devices with the latest security fixes makes them more resistant to many types of attacks.
True
True or False? Regarding disaster recovery, an alternate processing center or mirrored site is always ready and under the organization's control.
True
True or False? The U.S. Department of Defense (DoD) Cyber Crime Center (DC3) sets standards for digital evidence processing, analysis, and diagnostics.
True
True or False? The emergency operations center (EOC) is the place where an organization's recovery team will meet and work during a disruption.
True
True or False? The recovery point objective (RPO) can come from the business impact analysis (BIA) or sometimes from a government mandate, such as banking laws.
True
True or False? The term "computer crime" typically refers to crimes that target computer resources, either data that computers store or the services they provide (or both).
True
True or False? Time stamps correspond to computer log files to help coordinate a sequence of events and are accurate to at least the second.
True
True or False? Today's mobile devices almost all run with either iOS or Android.
True
True or False? Two common methods to protect evidence during imaging are to use forensic software that forces read-only mode or connect the evidence device using a hardware interface that blocks any write operations.
True
True or False? Whereas a cipher performs a particular task, a key gives specific directions for how to do it.
True
True or False? While running business operations at an alternate site, you must continue to make backups of data and systems.
True
True or False? With asymmetric key ciphers, it is computationally infeasible to derive the second algorithm from the first algorithm.
True
True or False? You can break a cipher by analyzing the ciphertext to find the plaintext or key or by analyzing the ciphertext and its associated plaintext to find the key.
True
What is not a typical sign of virus activity on a system?
Unexpected power failures
Log files can help provide evidence of normal and abnormal system activity, as well as valuable information on how well security controls are doing their jobs. Regulation, policy, or log volume might dictate how much log information to keep. If a log file is subject to litigation, how long must a company keep it?
Until the case is over
Wen is a network security professional. He wants to strengthen the security of his agency's network infrastructure defenses. Which control can he use to protect the network?
Use proxy services and bastion hosts to protect critical services
The FAT32 and NTFS file systems are associated with which of the following?
Windows
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?
XSS (cross site scripting )
Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?
alice's private key
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?
alice's public key
Tonya would like to protect her users and the network when users browse to known dangerous sites. She plans to maintain a list of those sites and drop messages from those websites. What type of approach is Tonya advocating?
blacklisting
Hacking groups create _______ to launch attacks whereby they infect vulnerable machines with agents that perform various functions at the command of the controller.
botnets
The ________ establishes that evidence was collected and handled using proper techniques and procedures, which is also a trusted method to determine the ________, or point of origin, of a piece of evidence.
chain of custody, provenance
Which cryptographic attack is relevant in only asymmetric key systems and hash functions?
chosen ciphertext
Bob is sending a message to Alice. He wants to ensure that nobody can read the content of the message while it is in transit. What goal of cryptography is Bob attempting to achieve?
confidentiality
What type of attack occurs in real time and is often conducted against a specific target?
direct
A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime (MTD).
disaster
True or False? A best practice is the standard collection of configuration settings or performance metrics to which a system is compared to determine whether it is securely configured.
false
True or False? A block cipher encrypts one byte (or bit) at a time, whereas a stream cipher encrypts an entire block of data at a time.
false
True or False? A digitized signature is a combination of a strong hash of a message and a secret key.
false
True or False? A port-scanning tool enables an attacker to escalate privileges on a network server.
false
True or False? A private key cipher is also called an asymmetric key cipher.
false
True or False? A product cipher is an encryption algorithm that has no corresponding decryption algorithm.
false
True or False? A report indicating that a system's disk is 80 percent full is a good indication that something is wrong with that system.
false
True or False? A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information.
false
True or False? Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management.
false
True or False? Hijacking refers to the use of social engineering to obtain access credentials, such as usernames and passwords.
false
True or False? In a known-plaintext attack (KPA), the cryptanalyst has access only to a segment of encrypted data and has no choice as to what that data might be.
false
True or False? Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.
false
True or False? Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid.
false
True or False? Regulatory compliance means complying with an organization's own policies, audits, culture, and standards.
false
True or False? Signature-based intrusion detection systems (IDSs) compare current activity with stored profiles of normal (expected) activity.
false
True or False? Spyware does not use cookies.
false
True or False? Stealth viruses attack countermeasures, such as antivirus signature files or integrity databases, by searching for these data files and deleting or altering them.
false
True or False? System infectors are viruses that attack document files containing embedded macro programming capabilities.
false
True or False? The U.S. government currently has no standard for creating cryptographic keys for classified applications.
false
True or False? The process of remediation makes sure all personnel are aware of and comply with an organization's policies.
false
True or False? The term "data owner" refers to the person or group that manages an IT infrastructure.
false
True or False? The term certificate authority (CA) refers to a trusted repository of all public keys.
false
True or False? The waterfall software development model works well in very dynamic environments where requirements change and are often revisited.
false
True or False? Worms operate by encrypting important files or even the entire storage device and making them inaccessible.
false
Cherilyn is a security consultant hired by a company to develop its system auditing protocols. She and the company's chief information officer (CIO) agree that audits are an important consideration. In her report to the CIO and other C-level officers of the corporation, she recommends that the security policy include audit categories and ______________ for conducting audits.
frequency requirements
What type of system is intentionally exposed to attackers in an attempt to lure them out?
honeypot
Bob is sending a message to Alice. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Bob attempting to achieve?
integrity
Because __________, auditing every part of an organization and extending into all outsourcing partners may not be possible.
of resource contraints
Leola is a cybersecurity consultant hired by a company to test the effectiveness of its network's defenses. She has something in common with the malicious people who would perform the same tasks involved in _________________, except that, unlike Leola, they would not have consent to perform this action against the system.
penetration testing
Which approach to cryptography uses highly parallel algorithms that could solve problems in a fraction of the time needed by conventional computers?
quantum cryptography
Devaki is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Devaki's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?
session hijacking
Arturo discovers a virus on his system that resides only in the computer's memory and not in a file. What type of virus has he discovered?
slow virus
The chief executive officer (CEO) of a company recently fell victim to an attack. The attackers sent the CEO an email that appeared to come from the company's attorney. The email informed the CEO that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?
spear phishing
Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is not normally used to make these types of classification decisions?
threat
Which type of cipher works by rearranging the characters in a message?
transposition
Lin installed a time-management utility that she downloaded from the Internet. Now several applications are not responding to normal commands. What type of malware did she likely encounter?
trojan horse
True or False? A backdoor is a hidden way to bypass access controls and allow access to a system or resource.
true
True or False? A blanket purchase agreement (BPA) creates preapproved accounts with qualified suppliers to fulfill recurring orders for products or services.
true
True or False? A computer virus is an executable program that attaches to, or infects, other executable programs.
true
True or False? A host-based intrusion detection system (HIDS) can recognize an anomaly that is specific to a particular machine or user.
true
True or False? A keyword mixed alphabet cipher uses a cipher alphabet that consists of a keyword, minus duplicates, followed by the remaining letters of the alphabet.
true
True or False? A rootkit is a type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
true
True or False? A salt value is a set of random characters you can combine with an input key to create an encryption key.
true
True or False? After audit activities are completed, auditors perform data analysis.
true
True or False? American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 2 reports are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.
true
True or False? An American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
true
True or False? An American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 3 report is intended for public consumption.
true
True or False? An algorithm is a repeatable process that produces the same result when it receives the same input.
true
True or False? An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.
true
True or False? Attackers have established thousands of botnets, which they use to distribute malware and spam and to launch denial of service (DoS) attacks against organizations or even countries.
true
True or False? Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses.
true
True or False? Because people inside an organization generally have more detailed knowledge of the IT infrastructure than outsiders do, they can place logic bombs more easily.
true
True or False? Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.
true
True or False? Defense in depth is the practice of layering defenses to increase overall security and provide more reaction time to respond to incidents.
true
True or False? Digital signatures require asymmetric key cryptography.
true
True or False? During an IT audit, security controls are checked to ensure they are effective, reliable, and functioning as required and expected.
true
True or False? During the planning and execution phases of an audit, an auditor will most likely review risk analysis output.
true
True or False? Elliptic curve cryptography (ECC) relies on algebraic structures of elliptic curves over finite fields.
true
True or False? ISO 27002 is a best-practices document that gives guidelines for information security management.
true
True or False? In cryptography, a keyspace is the number of possible keys to a cipher.
true
True or False? One way to harden a system is to turn off or disable unnecessary services.
true
True or False? Policies that cover data management should cover transitions throughout the data's life cycle.
true
True or False? Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream, rather than just in individual packets.
true
True or False? Revocation is a security measure that stops authorization for access to data.
true
True or False? Security breaches perpetrated by current and former employees often go undetected due to weak personnel and security policies or ineffective countermeasures.
true
True or False? Standards are mandated requirements for hardware and software solutions used to address security risk throughout an organization.
true
True or False? Symmetric key ciphers require that both parties first exchange keys to be able to securely communicate.
true
True or False? The Common Criteria is a set of system procurement standards used by several countries.
true
True or False? The function of homepage hijacking is to change a browser's homepage to point to the attacker's site.
true
True or False? The goal of a command injection is to execute commands on a host operating system.
true
True or False? The idea that users should be granted only the levels of permissions they need to perform their duties is called the principle of least privilege.
true
True or False? The purpose of a security audit is to make sure computing environments and security controls work as expected.
true
True or False? The success of Trojans is due to their reliance on social engineering to spread and operate; they have to trick users into running them.
true
True or False? The term "web defacement" refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server.
true
True or False? Unlike viruses, worms do not require a host program to survive and replicate.
true
True or False? Using the names of superiors to convince another person that a higher authority has allowed access to information is a form of social engineering.
true
True or False? When planning an IT audit, one must ensure that the areas not reviewed in the current audit will be subject to another audit.
true
What is the only unbreakable cipher when it is used properly?
vernam
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?
whois
Which information security objective verifies the action to create an object or verifies an object's existence by an entity other than the creator?
witnessing