Security Chp3&4 Study Set
A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks. (T/F)
True
A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier. (T/F)
True
A man-in-the-middle attack takes advantage of the multihop process used by many types of networks. (T/F)
True
The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?
13
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?
80
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?
Address Resolution Protocol (ARP) poisoning
Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?
Business continuity plan (BCP)
What is the first step in a disaster recovery effort?
Ensure that everyone is safe
Which one of the following is an example of a disclosure threat?
Espionage
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?
Evil Twin
Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks. (T/F)
False
What compliance regulation applies specifically to the educational records maintained by schools about students?
Family Education Rights and Privacy Act (FERPA)
Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers?
HIPAA
A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which governs the privacy of information handled by those point-of-sale terminals?
Payment Card Industry Data Security Standard (PCI DSS)
What is NOT one of the three tenets of information security?
Safety
As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?
Simulation test
An attacker attempting to break into a facility pulls the alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using?
Urgency
Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation?
Warm site
The term risk methodology refers to a list of identified risks that results from the risk-identification process. (T/F)
False
What level of technology infrastructure should you expect to find in a cold site alternative data center facility?
No technology infrastructure
