Sleigh------------------------

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Steps of the System Life Cycle

1. Project initiation and planning

2.3 convergence is the combination of voice, video, and data communications using TCP/IP.

B.Protocol

4.4 plan for a structured response to any events that result in an interruption to critical business.

BCP

What are the components of a business continuity plan?

BCP &DRP

What are the components of a business continuity plan?

BCP and DRP

____ is the routing protocol of Internet backbones and is not used to route between nodes on an autonomous LAN - that is, it is used on border and exterior routers.

BGP

4.3 the first step indeveloping plans to address interruptions is to identify those business functions crucial to your organization.

BIA

Software code that gives access to a program or a service that circumvents normal security protections.​

Backdoor​

A structure designed to block the passage of traffic​

Barricade​

_____ are digital signals sent through DC with exclusive use.

Baseband

Only if this action by the application is different from other applications.

Behavior-based monitoring

The ________ in analog communications is one error for every 1,000 bits sent; in digital communications, the __________ is one error for every 1,000,000 bits sent.

Bit error rate

3.4 tries to break IT security and gain access to system with no authorization, prove technical prowess. special software tools to explois vulnerbilities. poke holes.

Black-hat

Types of hackers

Black-hat Hackers, Gray-hat Hackers, and White-hat Hackers

vulnerabilities

Black-hat hackers generally poke holes in systems, but do not attempt to disclose __________ they find to the administrators of those systems.

A cipher that manipulates an entire block of plaintext at one time.​

Block cipher​

1.15 Organizations that require customer-service representatives to access.

Blocking out

Organizations that require customer-service representatives to access private customer data can best protect customer privacy and make it easy to access other customer data by using which of the following security controls?

Blocking out customer private data details and allowing access only to the last four digits of Social Security numbers or account numbers.

True

A physically constrained user interface is a user interface that does not provide a physical means of entering unauthorized information.

Which of the following is the definition of guideline?

A recommendation to purchase or how to used a product or system

________ is a document produced by the IETF thatcontains standards as well as other specifications or descriptive contents.

A request for comments (RFC)

What is a security audit?

A security audit is to make sure your system and security controls work as expected.

Firewall

A software program or hardware device designed to prevent unauthorized access to computers or networks.

adware

A software program that collects information about Internet usage and uses it to present targeted advertisements to users is the definition of ________.

Which of the following is the definition of continuing professional education (CPE)?

A standard unit of credit that equals 50 minutes of instruction.

What is the block cipher algorithm that operates on 64-bit blocks and can have a key length from 32 to 448 bits known as?

Blowfish

The SSCP profession certification is geared toward which of the following information systems security positions?

A) IT security practitioner

A wireless technology that uses short-range radio frequency (RF) transmissions and provides rapid ad hoc device pairings.

Bluetooth

Name two of the earliest viruses on PCs?

Brain, Lehigh and Jeruselum

____ are devices that connect two network segments by analyzing incoming frames and making decisions about where to direct them based on each frame's MAC address.

Bridges

Remote Access Domain Vulnerabilty

Brute-force attacks on access and private data, Unauthorized remote access to resources, and Data leakage from remote access or lost storage devices.

______ is a method that black-hat hackers use to attempt to compromise logon and password access controls, usually following a specific attack plan, including the use of social engineering to obtain user information.

Brute-force password atack

Gives priorities to the functions an organization needs to keep going

Businees Continuity Plan

4.1 BIA

Business Impact Analysis

4.2 BCP

Business continuity Plan

A ___________ gives priorities to the functions an organization needs to keep going.

Business continuity plan (BCP)

BCP

Business continuity plan. A plan that helps an organization predict and plan for potential outages of critical services or functions. It includes disaster recovery elements that provide the steps used to return critical functions to operation after an outage.

What SSID beaconing and why is it considered a weakness of Wireless LANs?

By default, wireless networks brodcast their presence to the public sending out announcements containing the network's service identifier (SSID).

2.4 Unified communications solves the_____ Communication challenge.

A.Human Latency

Select below the standard that is based on the Rijndael algorithm, and was approved by NIST in late 2000 as a replacement for DES:

AES

A U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.

ANSI

____ is an organization composed of more than a thousand representatives from industry and government who together determine standards for the electronics industry and other fields, such as chemical and nuclear engineering, health and safety, and construction.

ANSI (American National Standards Institute)

____ is a Network layer protocol that obtains the MAC (physical) address of a host, or node, and then creates a database that maps the MAC address to the host's IP (logical) address.

ARP (Address Resolution Protocol)

An attack that corrupts the ARP cache​

ARP Poisoning​

3.10 Which type of document defines

AUP

business continuity plan (BCP)

A___________ primarily addresses the processes, resources, equipment, and devices needed to continue conducting critical business activities when an interruption occurs that affects the business's viability.

False

Access control is the process of proving you are the person or entity you claim to be.

Process of setting a user's account to expire

Account expiration

​A symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES

Advanced Encryption Standard (AES)

A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.

Adware

What kind of software program delivers advertising content in a manner that is unexpected and unwanted by the user, and is typically included in malware?

Adware

In information security, an example of a threat agent can be ____.

All of the above

Which of the following security controls can help mitigate malicious e-mail attachments?

All of the above

Risk Assignment

Allows the organization to transfer the risk to another entity.

The ________ is aU.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.

American National Standards Institute

attack

An attempt to exploit a vulnerability of a computer or network component is the definition of ________.

secure shell (SSH)

An encrypted channel used for remote access to a server or system, commonly used in Linux and UNIX servers and applications, is the definition of __________.

Which of the following is the definition of Vigenerecipher?

An encryption cipher that uses multiple encrytpion cschemes in succession.

The Google operating system for mobile devices that is not proprietary.

Android

Name the monitoring methodology. Only if this application has tried to scan previously and a baseline has been established.

Anomaly-based monitoring

attacks against productivity and performance

Another way that malicious code can threaten businesses is by using mass bulk e-mail (spam), spyware, persistence cookies, and the like,consuming computing resources and reducing user productivity. These are known as ________.

A spiked collar that extends horizontally for up to 3 feet from the pole is an example of what kind of technology?

Anti-climb

risk management

Any organization that is serious about security will view ___________ as an ongoing process.

Which OSI Reference Model layer includes all programs on a computer that interact with the network?

Application Layer

What are the activities/responsibilities happening on each layer of the OSI Model?

Application Layer, Presentation Layer, Session Layer, Transport Layer, Network Layer, Data Link Layer, and Physical Layer.

Confidential

Applies to information that the classifying authority finds would cause damage to national security.

Top Secret

Applies to information that the classifying authority finds would cause grave damage to national security if it were disclosed.

Secret

Applies to information that the classifying authority finds would cause serious damage to national security if it were disclosed.

Authorization

Approving someone to do a specific task or access certain data.

7 billion

As of 2013, Cisco estimated that there were more than________ devices connected to the Internet.

A data classification standard is usually part of which policy definition?

Asset protection policy

What type of cryptography uses two keys instead of just one, generating both a private and a public key?

Asymmetric

What could be proved by an asymmetric digital signature vs a symmetric digital signature and what is the fancy name for the thing that can be proved?

Asymmetric Digital Signature - Data encrypted with one key can be decrypted only with the other key. Symmetric Digital Signature -uses the same key to encrypt and decrypt.

Using what mechanism below can the non-repudiation of an e-mail and it's content be enforced?

Asymmetric encryption

Asymmetric Encryption

Asymmetric meaning different, uses both a public and private key. Public key encrypts and Private Key decrypts.

Direct Attacks

Attacks against a specific target, such as a specific organizations through remote log on exploits.

Quantitative Risk Analysis

Attempts to describe risk in financial terms and put a dollar value on all the elements of a risk.

VoIP

Audio conferencing is a software-based, real-time audio conference solution for ________ callers.

What is necessary because of potential liability, negligence, mandatory regulatory complicance?

Audits

5.7 subject requesting access is the same subject who has been granted access

Authentication

The security protection item that ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter is known as?

Authentication

---- is an authorization method in which access to resources is decided by the user's formal status.

Authority - level policy

5.6 higher degree of authority to access certain resources.

Authority-level policy

5.4 Create a policy to define authorization rules. Process of deciding access to which computer.

Authorization

The ___ tenet of information systems security is concerned with the recovery time objective.

Availability

procrastination

"There are so many demands on your time, it is often difficult to justify setting aside time to study. Also, you may find that self-study takes more time than you planned."This is a disadvantage to choosing the self-study option that can be labeled ________.

Those who wrongfully disclose individually identifiable health information can be fined up to what amount per calendar year?

$1,500,000

1.9 ISS

( Intergrity, Avaibility, Confident)

This appliance examines IP data streams for common attack and malicious intent patterns

(IDS)

Systems Security Certified Practitioner

(ISC)2 offers the ________ credential, which is ideal for those who are working toward or already hold positions as senior network security engineers, senior security systems analysts, or senior security administrators. It covers the seven domains of best practices for information security.

Certified Secure Software Lifecycle Professional

(ISC)2 offers the ________________ credential, which is one of the few credentials that address developing secure software. It evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications.

Physical layer

(Layer 1) This layer converts data into transmitted bits over the physical network medium.

Data link layer

(Layer 2) This layer manages physical addressing (MAC addresses) and supports the network topology, such as Ethernet.

Network layer

(Layer 3) This layer handles logical addressing (IP addresses)

Transport layer

(Layer 4) This layer formats and handles data transportation. This transportation is independent of and transparent to the application.

Session layer

(Layer 5)This layer manages the communication channel, known as a session, between the endpoints of the network communication. A single transport layer connection between two systems can support multiple, simultaneous sessions.

Presentation layer

(Layer 6) This layer translates the data received from the host software into a format acceptable to the network. This layer also performs this task in reverse for data going from the network to the host software.

Application layer

(Layer 7) This layer enables communications with the host software, including the operating system. The application layer is the interface between host software and the network protocol stack. The sub-protocols of this layer support specific applications or types of data. the program being executed and requests a service from the OS. HIDS can monitor _____ _____ based on the process, mode, and action being requested.|System call

The tunnel can be created between a remote workstation using the public internet and VPN router and a --- web site

(SSL - VPN)

Intrusion Prevention System is a (Active Control Tool)

) in that when it sees a problem it goes out and corrects it by either eliminating a protocol or shutting down ports for example. It can also be network based or host based but is generally deployed on a network basis.

14. Authentication

, perhaps the most important thing we do, is where we verify a user's identity.

After the DES cipher was broken and no longer considered secure, what encryption algorithm was made as its successor?

3DES

The current version is Bluetooth v_____, yet all Bluetooth devices are backward compatible with previous versions. Most Bluetooth devices have a range of _____ feet and can transmit _____ million bits per second (Mbps).

4.0, 33, 1

If using the MD5 hashing algorithm, what is the length to which each message is padded?

512 bits

Which of the following is not a type of authentication?

...

Select below the string of characters that can be used to traverse up one directory level from the root directory:

../

How many different Microsoft Windows file types can be infected with a virus?

70

In classful addressing, the network information portion of an IP address (the network ID) is limited to the first ____ bits in a Class A address.

8

A 128-bit key performs _____ rounds, a 192-bit key performs _____ rounds, a 256-bit key performs _____ rounds

9, 11, 13

system infector

A ________ enables the virus to take control and execute before the computer can load most protective measures.

Local area network (LAN)

A ________ is a collection of computers connected to one another or to a common connection medium.

file infector

A ________ is a type of virus that primarily infects executable programs.

file infector

A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files).

cracker

A _________ has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. They represent the greatest threat to networks and information resources.

black-hat hacker

A __________ tries to break IT security and gain access to systems with no authorization, in order to prove technical prowess.

firewall

A ___________ controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network.

Disaster recovery plan (DRP)

A ___________ defines how a business gets back on its feet after a major disaster like a fire or hurricane.

operating system (OS)

A ___________ fingerprint scanner is a software program that allows an attacker to send log-on packets to an IP host device.

Business continuity plan (BCP)

A ___________ gives priorities to the functions an organization needs to keep going.

business impact analysis (BIA)

A ___________ is a formal analysis of an organization's functions and activities that classifies them as critical or noncritical.

logic bomb

A ___________ is a program that executes a malicious function of some kind when it detects certain conditions.

password cracker

A ___________ is a software program that performs one of two functions: brute-force password attack to gain unauthorized access to a system, or recovery of passwords stored in a computer system.

port scanner

A ___________ is a tool used to scan IP host devices for open ports that have been enabled.

phishing attack

A ____________ tricks users into providing log-on information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.

firewall

A _____________ contains rules that define the types of traffic that can come and go through a network.

What is the project Management Body of Knowledge ?

A collection of the knowledge and best practices of the project management profession

RSA

A commonly used encryption and authentication algorithm named for MIT students, An asymmetric algorithm used to encrypt data and digitally sign transmissions. It is named after its creators, Rivest, Shamir, and Adleman, and RSA is also the name of the company they founded together. RSA relies on the mathematical properties of prime numbers when creating public and private keys.

Risk Methodology

A description of how you will manage risks. Includes the approach, required information, and the techniques to address each risk.

Switch

A device for transmitting data on a network. A switch makes decisions, based on the media access control (MAC) address of the data, as to where the data is to be sent.

Router

A device that forwards data packets between computer networks

Hub

A device that is the central connecting point of a LAN. A hub is little more than a multi-port repeater taking incoming signals on one port and repeating them to all other ports. Ethernet hubs have been largely replaced by Ethernet switches.

packet-filtering firewall

A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator is the definition of ________.

What is the difference between a Standard and a Compliance Law?

A law can actually enforce a standard.

What is meant by risk register?

A list of identified risks that results from the risk-identification process

What is meant by risk register?

A list of identified risks that results from the risk-identification process.

A series of instructions that can be grouped together as a single command and are often used to automate a complex set of tasks or a repeated series of tasks are known as:

A macro

two

A master's degree program goes beyond the level of a bachelor's degree program and generally consists of ___________ year(s) of study beyond a bachelor's degree.

logical access control

A mechanism that limits access to computer systems and network resources is ________,

Which of the following is the definition of network address translation ?

A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.

network access control (NAC)

A method to restrict access to a network based on identity or other rules is the definition of ________.

Select the tool below that consists of a system of security tools that is used to recognize and identify data that is critical to an organization and ensure that it is protected:

Data Loss Prevention

The goal and objective of a __________ is to provide a consistent definition for how an organization should handle and secure different types of data.

Data classification standard

What name is given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation?

Data encryption standard

Which OSI Reference Model layer uses Media Access Control (MAC) addresses?Device manufacturers assign each hardware device a unique MAC address.

DataLink Layer

Risk Avoidance

Deciding not to take the risk by discontinuing use because the potential loss to the company exceeds the potential value gained.

What name is given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video, or data communications?

Dense wavelength division multiplexing (DWDM)

________ is a technique where multiple light streams can transmit data through a single strand of fiber.

Dense wavelength division multiplexing (DWDM)

Network Infrastructure Defense

Deploys controls to protect your network by creating choke points in the network, Using proxy services and bastion hosts to protect critical services, using content filtering at choke poi to screen traffic, disabling any unnecessary network services and processes that may pose a security vulnerability, maintaining up-to-date IDS signature databases, and applying security patches to network devices to ensure protection against new threats and to reduce vulnerabilities.

Qualitative Risk Analysis

Describes a risk scenario and then figures out what impact the event would have on business operations.

This is the address the connection is attempting to reach. These addresses can be indicated in the same way as the source address.

Destination address

This setting gives the port on the remote computer or device that the packets will use.

Destination port

What does a business impact analysis determine?

Determines the impact that a particular incident would have on business operations over time and drives the choice of the recovery strategy and the critical business functions.

____ signals are composed of pulses of precise, positive voltages and zero voltages.

Digital

DSA

Digital Signature Algorithm. A digital signature is an encrypted hash of a message. The sender's private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender's public key, and, if successful, it provides authentication, non-repudiation, and integrity. Authentication identifies the sender. Integrity verifies the message has not been modified. Non-repudiation is used with online transactions and prevents the sender from later denying they sent the e-mail.

This defines how a business gets back on its feet after a major disaster like a hurricane

Disaster Recovery Pla (DRP)

A ___________ defines how a business gets back on its feet after a major disaster like a fire or hurricane.

Disaster recovery plan (DRP)

DRP

Disaster recovery plan. A document designed to help a company respond to disasters, such as hurricanes, floods, and fires. It includes a hierarchical list of critical systems and often prioritizes services to restore after an outage. Testing validates the plan. Recovered systems are tested before returning them to operation, and this can include a comparison to baselines. The final phase of disaster recovery includes a review to identify any lessons learned and may include an update of the plan.

Subject has total control over objects; Least restrictive model

Discretionary Access Control (DAC)

The least restrictive access control model in which the owner of the object has total control over it.

Discretionary Access Control (DAC)

5.8 Owner of the resource decides who gets in and changes permissions as needed. The owner can give that job to others

Discretionary access control

What are the formal models of access control?

Discretionary access control (DAC) - the owner of the resource decides who gets in. The owner can give that job to others.

3.1 Attack result in downtime or inability of a user

DoS

3.9 Which type of attack result in legitimate user mot having access to a system resource?

DoS

Accounts not accessed for lengthy period of time

Dormant accounts

The most common way of expressing IP addresses.

Dotted decimal notation

____ are created when a client makes an ARP request that cannot be satisfied by data already in the ARP table.

Dynamic ARP table entries

____ automatically calculates the best path between two nodes and accumulates this information in a routing table.

Dynamic routing

Maximizing availability primarily involves minimizing ___.

E) All of the above

Internet

E-commerce changed how businesses sell, and the ________ changed how they market.

What cryptographic method, first proposed in the mid-1980s, makes use of sloping curves instead of large prime numbers?

ECC

The ____ is a trade organization composed of representatives from electronics manufacturing firms across the United States.

EIA (Electronic Industries Alliance)

Any device that gives off a spark is also probably emitting ___.

EMI (electro-magnetic interference)

_____ causes noise.

EMI (electro-magnetic interference)

On what principle did Julius Caesar's cyptographic messages function?

Each alphabetic letter was shifted three places down in the alphabet

What type of undocumented yet benign hidden feature launches after a special set of commands, key combinations, or mouse clicks, and was no longer included in Microsoft software after the start of their Trustworthy Computing initiative?

Easter egg

​An algorithm that uses elliptic curves instead of prime numbers to compute keys

Elliptic curve cryptography (ECC)​

True

Employers do use certifications to help assess prospects, but the best assessment is the prospect's actual performance.

Non-replication

Enables you to prevent a party from denying a previous statement or action.

___________ is the process of transforming data from cleartext into ciphertext

Encryption

Software vendors must protect themselves from liabilities of their own vulnerabilities with a

End-User License Agreement (

Software manufacturers limit their liability when selling software using which of the following?

End-User License Agreement (EULA)

Integrity

Ensures no one, even the sender, changes information after transmitting it.

Integrity

Ensures that no one has changed or deleted data.

A temporary key that is used only once before it is discarded.​

Ephemeral key

Script kiddies acquire which item below from other attackers to easily craft an attack

Exploit kit

LAN-to-WAN Domain Vulnerability

Exposure and unauthorized access of internal resources to the public, Introduction of malicious software, and Loss of productivity due to internet access.

The second version of the Terminal Access Control Access Control System (TACACS) authentication service.

Extended TACACS (XTACACS)

A framework for transporting authentication protocols that defines the format of the messages.

Extensible Authentication Protocol (EAP)

TRUE or FALSE: A device without an IP address, can get one with ARP.

FALSE

TRUE or FALSE: A full-duplex channel is like a river.

FALSE

TRUE or FALSE: A pulse of positive voltage represents a 0.

FALSE

TRUE or FALSE: A repeater typically contains multiple data ports into which the patch cables for network nodes are connected.

FALSE

TRUE or FALSE: Clients on a client/server network share their resources directly with each other.

FALSE

TRUE or FALSE: Connectivity devices such as hubs and repeaters operate at the Presentation layer of the OSI Model.

FALSE

TRUE or FALSE: Hubs operate at the Network layer of the OSI model.

FALSE

TRUE or FALSE: Networks are usually only arranged in a ring, bus, or star formation and hybrid combinations of these patterns are not possible.

FALSE

TRUE or FALSE: Resource sharing is controlled by a central computer or authority.

FALSE

TRUE or FALSE: Routers use DHCP to determine which nodes belong to a certain multicast group and to transmit data to all nodes in that group.

FALSE

TRUE or FALSE: Seven bits form a byte

FALSE

TRUE or FALSE: The "0" bits in a subnet mask indicate that corresponding bits in an IP address contain network information.

FALSE

The primary function of protocols at the session layer is to translate network addresses into their physical counterparts and decide how to route data from the sender to the receiver.

FALSE

TRUE or FALSE: An IP whose first octet is in the range of 128-191 belongs to a Class C network.

FALSE, it belongs to a Class B network

Which regulating agency has oversight for the Children's Internet Protection ACt?

FCC

A(n) ____ allows 24 multiplexed voice signals over a single neighborhood line.

FDM (frequency-division multiplex)

Most educational institutions offer accelerated programs to complete PhD degree requirements in less than one year.

False

Students who have had their FERPA rights violated are allowed to sue a school for that violation.

False

A software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a computer program.

Fuzz testing

What is the name of the open source asymmetric cryptography system that runs on Windows, UNIX, and Linux systems, and is compatible with PGP?

GPG

____ are a combination of software and hardware that enable two different network segments to exchange data.

Gateways

____ are combinations of networking hardware and software that connect two dissimilar kinds of networks.

Gateways

The ____ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.

Gramm-Leach-Bliley

GLBA

Gramm-Leach-Bliley Act includes provisions to protect consumers personal financial information held by financial institutions.

3.6 Wannabe, average abilities, one day become a black-hat hacker, could alse opt to become a white-hat

Gray-hat

A Microsoft Windows feature that provides centralized management and configuration of computers and remote users.

Group Policy

Under which law are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format?

HIPAA

What language below is designed to display data, with a primary focus on how the data looks?

HTML

What portion of the HTTP packet consists of fields that contain information about the characteristics of the data being transmitted?

HTTP header

231. In popular usage and in the media, the term ________ often describes someone who breaks into a computer system without authorization

Hacker

What type of cryptographic algorithm can be used to ensure the integrity of a file's contents?

Hashing

What is HIPAA and what is the minimum necessary rule?

Health Insurance Portability and Accountability Act - Requires covered entities to protect all EPHI (Electronic Protected Health Information) they create, receive , maintain or transmit.

IDS is triggered if any application tries to scan multiple ports.

Heuristic monitoring

____ is type of attack in which the attacker takes control of a session between two machines and masquerades as one of them.

Hijacking

A false warning designed to trick users into changing security settings on their computer​

Hoax

A system that puts access control into the hands of people such as department managers who are closest to system users; there is no one centralized entity to process access requests in this system.

How is decentralized access control defined?

Identify and define router, switch, hub and firewalls? Which one would you not see on a corporate network?

Hub - because it broadcasts to everyone, increasing traffic.

The ____ is responsible for Internet growth and management strategy, resolution of technical disputes, and standards oversight.

IAB (Internet Architecture Board)

____ is a technical advisory group of researchers and technical professionals interested in overseeing the Internet's design and management.

IAB (Internet Architecture Board)

How does identification and authorization work together in the access control process?

Identification is the method a subject uses to request access to a system or resource. Authorization is the process of deciding who has access to which computer and network resources.

What type of theft involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain?

Identity theft

SYNflood

In a ________, the attacker sends a large number of packets requesting connections to the victim computer.

smurf attack

In a _________, attackers direct forged Internet Control Message Protocol (ICMP) echo-request packets to IP broadcast addresses from remote locations to generate denial of service attacks.

SYN flood attack

In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.

What is a baseline and how does it pertain to security monitoring?

In order to recognize something as abnormal, you first must know what normal looks like. The baseline is the normal state of the system.

What country is now the number one source of attack traffic?

Indonesia

Select below the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data.

Integrity

The ________ is the main United Nations agency responsible for managing and promoting information and technology issues.

Internation Telecommunication Union

The _____________ is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.

International Electrotechnical Commission

Connecting your computers or devices to the ________ immediately exposes them to attack.

Internet

E-commerce changed how businesses sell, and the ________ changed how they market.

Internet

A standards organization that develops and promotes Internet standards.

Internet Engineering Task Force

________ is asuite of protocols designed to connect sites securely using IP networks.

Internet Protocol Security (IPSec)

To traverse more than one LAN segment and more than one type of network through a router.

Internetwork

IDS

Intrusion detection system. A detective control used to detect attacks after they occur. A signature-based IDS (also called definition-based) uses a database of predefined traffic patterns.

Privacy

Keeps information readable only by authorized people.

Confidentiality

Keeps information secret from all but authorized people.

An authentication system developed by the MIT and used to verify the identity of networked users.

Kerberos

_____ is typically used when a user attempts to access a network service and that service requires authentication.

Kerberos

The process by which keys are managed by a third party, such as a trusted CA, is known as?

Key escrow

Software or a hardware device that captures and stores each keystroke that a user types on the computer's keyboard.​

Keylogger​

In a --- , the cryptanalyst possesses certain pieces of information before and after encryption

Known plaintext attack

A(n) ____ is a network of computers and other devices that is confined to a relatively small space, such as one building or even one office.

LAN

This represents the fourth layer of defense for a typical IT infrastructure

LAN - to - WAN Domain

1.3 A local area network (LAN) is a collection of computers connected to one another or to optic cables, or radio waves. The third the third layers defend required.

LAN Domain

The ________ is where the fourth layer of defense is required.

LAN-to-WAN Domain

1.5 where the IT infrastructure links to a wide area network and the Internet. Connecting to the Internet is like rolling out. Strict security controls given the risks and threats of connecting to the internet.

LAN-to-WAN domain

An attack that constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content.

LDAP injection attack

User Domain Vulnerability

Lack of awareness or concern for security policy, Accidental acceptable use policy violation, Intentional malicious activity, and Social engineering

The ____________ represents the fourth layer of defense for a typical IT infrastructure

Lan-to-wan

A hub works at what layer of the OSI model?

Layer 1

A bit works at what layer of the OSI model?

Layer 1 - Physical

The job of this layer is to send the signal to the network or receive the signal from the network. Involved with encoding and signaling, and data transmission and reception.

Layer 1 - Physical Layer

A switch works at what layer of the OSI model?

Layer 2

A bit/frame works at what layer of the OSI model?

Layer 2 - Data Link

This layer is responsible for dividing the data into frames. Some additional duties include error detection. Performs physical addressing, data framing, and error detection.

Layer 2 - Data Link Layer

A router works at what layer of the OSI model?

Layer 3

A packet/datagram works at what layer of the OSI model?

Layer 3 - Network

This layer picks the route the packet is to take, and handles the addressing of the packets for delivery. Makes logical addressing, routing, fragmentation, and reassembly available.

Layer 3 - Network Layer

_____ _____ load balancers act upon data found in Network and Transport layer protocols such as IP, TCP, FTP, and UDP.

Layer 4

A segment works at what layer of the OSI model?

Layer 4 - Transport

This layer is responsible for ensuring that error-free data is given to the user. Provides connection establishment, management, and termination as well as acknowledgments and retransmissions.

Layer 4 - Transport Layer

This layer has the responsibility of permitting the two parties on the network to hold ongoing communications across the network. Allows devices to establish and manage sessions.

Layer 5 - Session Layer

This layer is concerned with how the data is represented and formatted for the user. Is used for translation, compression, and encryption.

Layer 6 - Presentation Layer

_____ _____ load balancers distribute requests based on data found in Application layer protocols such as HTTP.

Layer 7

This layer provides the user interface to allow network services. Provides services for user applications.

Layer 7 - Application Layer

Data works at what layers of the OSI model?

Layers 5, 6, and 7

A protocol for a client application to access an X.500 directory

Lightweight Directory Access Protocol (LDAP)

A proprietary EAP method developed by Cisco Systems requiring mutual authentication used for WLAN encryption using Cisco client software.

Lightweight EAP (LEAP)

_____ _____ is a technology that can help to evenly distribute work across a network.

Load balancing

A ________ is a collection of computers connected to one another or to a common connection medium.

Local area network (LAN)

What are monitoring issues for logging?

Logging produces too much information and takes up disk space.

5.17 when you log on to a network, you are presented with

Logical access control

5.2 Access to a computer system or network. Requires that you enter a unique username and password to log to your company

Logical access controls

To date, the single most expensive malicious attack occurred in 2000, which cost an estimated $8.7 billion. What was the name of this attack?

Love Bug

___ addresses contain two parts: a Block ID and a Device ID.

MAC

A network that is larger than a LAN and connects clients and servers from multiple buildings is known as a(n) ____.

MAN (metropolitan area network)

Select below the hashing algorithm that takes plaintext of any length and generates a digest 128 bits in length:

MD2

_____ identifies each element of a mail message according to content type.

MIME (Multipurpose Internet Mail Extensions)

____ coordinate the storage and transfer of e-mail between users on a network.

Mail services

availability

Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.

5.9 determined by the sensitivity of the resource and the security level of the subject.

Mandatory AC

End-user cannot set controls; Most restrictive model

Mandatory Access Control (MAC)

The most restrictive access control model, typically found in military settings in which security is of supreme importance.

Mandatory Access Control (MAC)

Requiring that all employees take vacations.

Mandatory vacations

The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at which directory below?

C:\Inetpub\ wwwroot

What type of video surveillance is typically used by banks, casinos, airports, and military installations, and commonly employs guards who actively monitor the surveillance?

CCTV

_____ takes the form of the network ID followed by a forward slash (/), followed by the number of bits that are used for the extended network prefix.

CIDR (Classless InterDomain Routing) notation

A weak authentication protocol that has been replaced by the Extensible Authentication Protocol (EAP).

Challenge-Handshake Authentication Protocol (CHAP)

In a ________, the cryptanalyst can encrypt any information and observe the output. This is best for the cryptanalyst.

Chosen-plaintext attack

Internet IP packets are to cleartext what ecnrypted IP packets are to___.

Ciphertext

A sensitive connection between a client and a web server uses what class of certificate?

Class 2

Data that is in an unencrypted form is referred to as which of the following?

Cleartext

Injecting and executing commands to execute on a server​

Command injection​

entry-level information security certification of choice for IT professionals

Comp TIA's Security+ certification provides ________.

5.19 physic access, security bypass, eavesdropping

Compromised

The requirement to keep information private or secret is the definition of __________.

Confidentiality

Which of the three protections ensures that only authorized parties can view information?

Confidentiality

In the change management process, what are the configuration control and change control?

Configuration control is the management of the baseline settings for a system device. The baseline settings meet security requirements. They require that you implement them carefully and only with prior approval.

Authentication

Confirms the identity of an entity.

Internet

Connecting your computers or devices to the ________ immediately exposes them to attack.

Most DLP systems make use of what method of security analysis below?

Content inspection

A method for controlling access to a WLAN based on the device's MAC address.

Media Access Control (MAC) address filtering

mobile devices

Medical practices and hospitals realized early on that ________ provide(s) the ability to provide access to the necessary information without having to invest in many computers and network infrastructure.

Penetration Testing

Method of evaluating the security of a computer system or network, by simulating a malicious attack instead of just scanning for vulnerabilities

What are the primary components of Risk Management?

Mitigation, assignment, acceptance and avoidance.

Unstructured Attacks

Moderately skilled attackers initially attack simply for personal gratification. Can lead to more malicious attacks.

What is an advantage of IPv6 over IPv4

More host addresses

____ is a transmission method that allows one node to send data to a defined group of nodes.

Multicasting

The device inside a computer that connects a computer to the network media and allows it to communicate with other computers is known as a(n) ____.

NIC (Network Interface Card)

1.4 The interface between the computer an the LAN physical media.

NIC(Network interface card)

____ are connectivity devices that enable a workstation, server, printer, or other node to receive and transmit data over the network media.

NICs

A federal agency within the U.S. Department of Commerce whose mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life."

NIST

The encryption protocol used for WPA2 that specifies the use of a general-purpose cipher mode algorithm providing data privacy with AES.

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

An attack that uses the user's web browser settings to impersonate the user

Cross-site request forgery (XSRF)

What term is used to describe a loose network of attackers, identity thieves, and financial fraudsters?

Cybercriminals

Which of the following is not a U.S. compliance law or act?

D) PCI DSS

5.20 when the owner of the resource determines the access and changes permissions as needed

DAC

3.2 A type of DoS attack that also impacts availability. Overloads the computer and prevents legitimate users.

DDoS

________ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job.

DHCP

____ is an automated means of assigning a unique IP address to every device on a network.

DHCP (Dynamic Host Configuration Protocol)

When TCP/IP was developed, the host table concept was expanded into a hierarchical name system for matching computer names and numbers using this service:

DNS

How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?

DNS poisoning

​A symmetric block cipher that uses a 56-bit key and encrypts data in 64-bit blocks

Data Encryption Standard (DES)​

There are two types of Bluetooth network topologies. The first is a _____. When two Bluetooth devices come within range of each other, they automatically connect with one another.

piconet

When a data transmission involves only one transmitter and one receiver, it is considered a(n) ____ transmission.

point-to-point

What term is used to describe a type of virus that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus?

polymorphic virus

A --- is a tool used to scan IP host devices for open ports that have been enabled

port scanner

A ___________ is a tool used to scan IP host devices for open ports that have been enabled.

port scanner

What term is used to describe a strategy that uses a device to provide electrical power for IP phones from the RJ-45 8-pin jacks directly to the workstation outlet?

power over Ethernet (Poe)

The authentication model used in WPA that requires a secret key value to be entered into the AP and all wireless devices prior to communicating.

preshared key (PSK)

____________ is a person's right to control the use and disclosure of his or her own personal information.

privacy

A key that is generated by a symmetric cryptographic algorithm is said to be a:

private key

Risks apply to specific assets. If you multiply the risk __________ by the cost of the asset, the result is the exposure to a specific risk.

probability

What term is used to describe a set of step-by-step actions to be performed to accomplish a security requirement, process, or objective?

procedure

The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.

profesisonal development

A virus that infects an executable program file is known as?

program virus

The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.

promiscuous mode

Hardware or software that captures packets to decode and analyze their contents.

protocol analyzer

The Application layer separates data into ____ or discrete amounts of data.

protocol data units

What defines the standards for communication between network devices?

protocols

A computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf of the users.

proxy server

A panel of data receptors into which horizontal cabling from the workstations is inserted is called a _____ .

punch-down block

What name is given to a risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them?

qualitative risk analysis

If VoIP traffic needs to traverse through a WAN with congestion, you need

quality of service (QOS)

The goal of --- is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high impact risks and develop plans based on risks

quantitative risk analysis

Enacting changes in response to reported problems is called

reactive change managment

In addition, the UAC prompt includes a description of the requested action to inform the user of the requested action. The UAC prompts are color-coded to indicate the level of risk, from _____ (highest risk) to _____ (lowest risk).

red, gray

Backups

refer to copying and storing data in a secondary location to preserve the data in case it's destroyed or corrupted

33. Layered Security

refers to the arrangement of multiple layers of defense, a form of defense in depth and is considered by most Cyber Security Professionals to one of the only ways to truly protect a network.

Any combination of hardware and software that enables remote users to access a local internal network.

remote access

The ability to remotely erase sensitive data stored on a mobile device.

remote wiping

A device that regenerates a digital signal is called a(n) ____.

repeater

Which type of attack below is similar to a passive man-in-the-middle attack?

replay

12. Integrity

requires that the information is not changed or modified except by individuals authorized to do so.

What name is given to any risk that exists but has a defined response?

residual risk

________ attack countermeasures such as antivirus signature files or integrity databases.

retro virus

A computer or an application program that routes incoming requests to the correct server.

reverse proxy

A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost.

risk

A situation that involves exposure to danger

risk

___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization.

risk

Anorganization knows that arisk exists and has decided that the cost of reducing it is higher than the loss would be. This can include self-insuring or using a deductible. This is categorized as ________.

risk acceptance

________ is arisk management phase that includes assessment of various types of controls to mitigate the identified risks, selection of a control strategy, and justification of choice of controls.

risk assessment

________ allows anorganization to transfer risk to another entity. Insurance is a common way to reduce risk.

risk assignment

A company can discontinue or decide not to enter a line of business if the risk level is too high. This is categorized as ________.

risk avoidance

Any organization that is serious about security will view ___________ as an ongoing process.

risk management

________ uses various controls to reduce identified risks. These controls might be administrative, technical, or physical.

risk mitigation

An unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its users to attacks.

rogue access point

What name is given to an access control method that bases access control approvals on the jobs the user is assigned?

role-based access control

An independently rotating large cup affixed to the top of a fence prevents the hands of intruders from gripping the top of a fence to climb over it. What is the name for this technology?

roller barrier

To what specific directory are users generally restricted to on a web server?

root

A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compormised

rootkit

What type of malware consists of a set of software tools used by an attacker to hide the actions or presence of other types of malicious software, such as Trojans, viruses, or worms?

rootkit

A device that can forward packets across computer networks

router

A device that connects network segments and direct data is known as a(n) _____.

router

What name is given to random characters that you can combine with an actual input key to create the encryption key?

salt key

If multiple piconets cover the same area, a Bluetooth device can be a member in two or more overlaying piconets. A group of piconets in which connections exists between different piconets is called a _____.

scatternet

An encrypted channel used for remote access to a server or system, commonly used in Linux and UNIX servers and applications, is the definition of __________.

secure shell (SSH)

The world needs people who understand computer-systems ________ and who can protect computers and networks from criminals and terrorists.

security

The--- team's responsibilities include handling events that affect your computers and networks and ultimately can respond rapidly and effectively to any event.

security administration

________ is the difference between the security controls you have in place and the controls you'd to have in place in order to address all vulnerabilities.

security gap

The --- is the central part of a computing environment's hardware, software, and firmware that enforces access control for computer systems

security kernel

Which position below is considered an entry-level position for a person who has the necessary technical skills?

security technician

A ____ is usually composed of a group of nodes that use the same communications channel for all their traffic.

segment

Ping

sends a ping (ICMP Echo Request) to the target machine.

19. Switches

separate collision domains yet extend broadcast domains.

The practice of requiring that processes should be divided between two or more individuals.

separation of duties

Attacks that take place against web based services are considered to be what type of attack?

server-side

What is the name for a cumulative package of all patches and hotfixes as well as additional features up to a given point?

service pack

The Windows UAC interface also provides extended information . A _____ icon warns users if they attempt to access any feature that requires UAC permission.

shield

A monitoring technique used by an intrusion detection system (IDS) that examines network traffic to look for well-known patterns and compares the activities against a predefined signature.

signature-based monitoring

What name is given to an encryption cipher that uniquely maps any letter to any other letter?

simple substitution cipher

A(n) ____ is a device or connection on a network that,were it to fail, could cause the entire network or portion of the network to stop functioning.

single point of failure

An in-depth examination and analysis of a wireless LAN site.

site survey

A mobile cell phone that has an operating system for running apps and accessing the Internet

smartphone

A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization

standard

What defines the minimum acceptable performance of a product or service?

standards

What is the technique of matching network traffic with rules or signatures based on the apprearance of the traffic and its relationship to other packets?

stateful matching

What name is given to a type of virus that uses a number of techniques to conceal itself from the user or detection software?

stealth virus

What term is used to describe communication that doesn't happen in real time but rather consists of messages that are stored on a server and downloaded to endpoint devices?

store-and-forward communications

A 568 standard is for __.

structured cabling

A _____ is a user or a process functioning on behalf of the user that attempts to access an object.

subject

A(n) ____ indicates where network information is located in an IP address.

subnet mask

A technique that uses IP addresses to divide a network into network, subnet, and host.

subnetting

The process of separating a network into multiple logically defined segments, or subnets is known as ______.

subnetting

The simplest type of stream cipher, one in which one letter or character is exchanged for another, is known as what?

substitution

A subnet created by moving the subnet boundary to the left is known as a(n) ____.

supernet

A wireless device, called the _____, sends a request to an AP requesting permission to join the WLAN. The AP prompts the user for the user ID and password. Name the step.

supplicant

A _____ is a device that connects network devices together. It can learn which device is connected to each of its ports, and then forward only frames intended for a specific device or frames sent to all devices.

switch

A device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices.

switch

What term is used to describe a device used as a log on authenticator for remote users of a network?

synchronous token

Portable computing device that is generally larger than smartphones and smaller than notebooks, and is focused on ease of use.

tablet

If VLAN members on one switch need to communicate with members connected to another switch, a special _____ protocol must be used, either a proprietary protocol or the vendor-neutral IEEE 802.1Q

tagging

HTML uses which option below within embedded brackets (< >) causing a web browser to display text in a specific format?

tags

A control that is carried out or managed by a computer system is the definition of ________.

technical control

A method of restricting resource access to specific periods of time is called ---

temporal isolation

59. Convergence

the ability to have or use voice, data or video over a network.

Risks

the likelihood that something bad will happen to an asset. The exposure to some event that has an effect on an asset.

Star Topology

the most often used topology today is one whose components are connected to a central connection point.

When two individuals trust each other because of the trust that exists between the individuals and a separate entity, what type of trust has been established?

third-party

A --- is any action that could damage an asset that can be natural and or human iduced

threat

A type of action that has the potential to cause harm.

threat

A person or element that has the power to carry out a threat

threat agent

A --- is an intent and method to exploit a vulnerability

threat source

When you apply an account-lockout policy, set the __________ to a high enough number that authorized users aren't locked out due to mis-typed passwords.

threshold

Limitation imposed as to when a user can log into a system or access resources.

time-of-day restriction

5.15 which are the best describes the identification component of access control?

to an system

The ____ utility uses ICMP to trace the path from one networked node to another, identifying all intermediate hops between the two nodes.

traceroute

Network devices can implement ___________ to better support VoIP and SIP IP packets and reduce dropped calls and delays.

traffic prioritization

Because personnel are so important to solid security, one of the best security controls you can develop is a strong security --- and awareness program

training

What name is given to an encryption cipher that rearranges characters or bits of data?

transposition cipher

Black-hat Hackers

tries to break IT security for the challenge and to prove technical prowess. They tend to poke holes in a system but do not attempt to disclose vulnerabilities they find to the administration.

Unrecognized new processes running, startup messages indicating that new software has been (or is being) installed (registry updating), unresponsiveness of applications to normal commands, and unusual redirection of normal Web requests to unknown sites are all telltale symptoms of a ________.

trojan

A DoS attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task.

true

A certificate of completion is a document that is given to a student upon completion of the program and is signed by the instructor.

true

A way to protect your organization from personnel - related security violations is to use job rotation.

true

An auditing bechmark is the standard by which asystem is compared to determine whether it is securely configured

true

An information security safeguard is also called in informaiton security control

true

An organization must comply with rules on two levels. regulatory compliance and organizational compliance.

true

An organization seeks a balance between an acceptable level of a risk and the cost of reducing it.

true

AnSOC 1 report is commonly implemented for organizations that must complywith Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).

true

Anomaly detection involves developing a network baseline profile of normal or acceptable activity, such as services or traffic patterns, and then measuring actual network traffic againstthis baseline.

true

Border firewalls simply seperate the protected network from the internet

true

Certifications that require additional education generally specity the number of credits each certificate requires

true

Defense in depth combines the capabilities of people, operations, and security technologies to establish multiple layers of protection, eliminating single lines of defense and effectively raising the cost of an attack.

true

ISO 17799 is an international security standard.

true

Information systems security is about ensuring the confidentiality, integrity, and availability of IT infrastructures and the systems they comprise.

true

Ininformation technology, perhaps the best-known ISO standard is the Open Systems Interconnection (OSI) Reference Model. This internationally accepted framework of standards governs how separate computer systems communicate using networks.

true

Initiating changes to avoid expected problems is the definition of proactive change managment

true

Mandatory access control (MAC) isa means of restricting access to an object based on the object's classification and the user's security clearance.

true

One of the OSI Reference Model layers, the Network Layer, is responsible for the logical implementation of the network.

true

One of the most important parts of a FISMA information security program is that agencies test and evaluate it.

true

Residual risk is the risk that remains after you have installed countermeasures and controls.

true

Singe loss expectancy(SLE) means the expected loss for a single threat occurrence. The formula to calculate SLE is SLE = Resource Value x EF

true

Symmetric key cryptography is a type of cryptography that cannot secure correspondence until after the two parties exchange keys.

true

Telephony denial of service (TDoS) is a variation of a denial of service (DoS) attack, but is launched against traditional and packet-based telephone systems. A TDoS attack disrupts an organization's use of its telephone system through a variety of methods.

true

The ANSI produces standards that affect nearly all aspects of IT.

true

The FTC Safeguards Rule requires a financial institution to create a written information security program that must state how the institution collects and uses customer data. It also must describe the controls used to protect that data.

true

The Family Educational Rights and Privacy Act (FERPA) is the main federal law protecting the privacy of student information.

true

The Internet Architecture Board (IAB) is a subcommittee of the IETF composed of independent researchers and professionals who have a technical interest the overall well-being of the Internet.

true

The Office of Personnel Management (OPM) requires that federal agencies provide the training suggested by the NIST guidelines.

true

The Payment Card Industry Data Security Standard (PCI DSS) is an international standard for handling transactions involving payment cards.

true

The best-known standard that relates to information security is the IEEE 802 LAN/MAN standard family.

true

The current term for online study is distance learning

true

The following are al methods of collecting data: questionnaires, interviews, observation, and checklists.

true

The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas.

true

The primary characteristic of a virus is that it replicates and generally involves user action of some type

true

The term Bring Your Own Device (BYOD) refers to an organizational policy of allowing or even encouraging employees, contractors, and others to connect their own personal equipment to the corporate network; this offers cost savings and other benefits but also presents security risks.

true

The term detective control refers to a control that determines that a threat has landed in your system.

true

The term remediation refers to fixing something before it is broken, defective, of vulnerable.

true

The term risk management describes the process of identifying, assessing, prioritizing and addressing risks

true

The traceroute command displays the path that a particular packet follows so you can identify the source of potential network problems.

true

Under CIPA, a technology protection measure is any technology that can block or filter the objectionable content.

true

Unlike viruses, worms do not require a host program in order to survive and replicate.

true

Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security.

true

spoofing means a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.

true

A(n) ____ segment does not contain end nodes.

unpopulated

Most hubs also contain one port, called a(n) ____, that allows the hub to connect to another hub or other connectivity device.

uplink port

28. Radius Servers

use UDP port 1812 for authentication and port 1813 for accounting.

White-hat Hackers

uses different penetration-test tools to uncover vulnerabilities so that they can be fixed.

A technology that allows scattered users to be logically grouped together even though they may be attached to different switches.

virtual LAN (VLAN)

A technology that enables use of an unsecured public network as if it were a secure private network.

virtual private network (VPN)

What type of malware is heavily dependent on a user in order to spread?

virus

Which of the following is malicious computer code that reproduces itself on the same computer?

virus

Black-hat hackers generally poke holes in systems, but do not attempt to disclose __________ they find to the administrators of those systems.

vulnerabilities

A --- is a weakness that allows a threat to be realized

vulnerability

A flaw or weakness that allows a threat agent to bypass security

vulnerability

A threate source can be a situation or a method that might accidentally trigger a

vulnerability

The process of documenting and then advertising the location of wireless LANs for others to use.

war chalking

Searching for wireless signals from an automobile or on foot using a portable computing device.

war driving

The distance between corresponding points on a wave's cycle is called its _____.

wavelength

A special type of application-aware firewall that looks at the applications using HTTP.

web application firewall

A device that can block malicious content in real time as it appears (without first knowing the URL of a dangerous site).

web security gateway

A(n) ____ is a computer installed with the appropriate software to supply Web pages to many different clients upon demand.

web server

22. Stream Ciphers

were at one time used by AES, and it is done one character at a time but has since been replaced by block cipher.

Which SQL injection statement example below could be used to discover the name of the table?

whatever' AND 1=(SELECT COUNT(*) FROM tabname); --

Which SQL statement represents a SQL injection attempt to determine the names of different fields in a database?

whatever' AND email IS NULL; --

Choose the SQL injection statement example below that could be used to find specific users:

whatever' OR full_name LIKE '%Mia%'

Which SQL injection statement can be used to erase an entire database table?

whatever'; DROP TABLE members; --

Security testing that is based on knowledge of the application's design and source code.

white box testing

4. Hackers are individuals

who deliberately access computer systems and networks without authorization.

The utility that allows you to query the DNS registration database and obtain information about a domain is called ____.

whois

port scan

will help identify which ports are open thereby giving an indication of which services may be running on the targeted machine.

A wireless network designed to replace or supplement a wired local area network (LAN).

wireless local area network (WLAN)

A passive attack in which the attacker captures transmitted wireless data, records it, and then sends it on to the original recipient without the attacker's presence being detected.

wireless replay

A personal computer which may or may not be connected to a network is a(n) ____.

workstation

Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarmthresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________.

worm

The exchange of information among DNS servers regarding configured zones is known as:

zone transfer

The SHA-1 hashing algorithm creates a digest that is how many bits in length?

​160 bits

​SSL and TLS keys of what length are generally considered to be strong?

​4096

​A paper or electronic record of individuals who have permission to enter a secure area, the time that they entered, and the time they left the area

​Access list

Subtypes of security controls, classified as deterrent, preventive, detective, compensation, or corrective.​

​Activity phase controls

​Part of the TCP/IP protocol for determining the MAC address based on the IP address.

​Address Resolution Protocol (ARP)

​An operating system for Google Android smartphones and other devices.

​Android

​What type of system security malware allows for access to a computer, program, or service without authorization?

​Backdoor

Spam filtering software that analyzes every word in an email and determines how frequently a word occurs in order to determine if it is spam.​

​Bayesian filtering

​What type of filtering utilizes a an analysis of the content of spam messages in comparison to neutral / non-spam messages in order to make intelligent decisions as to what should be considered spam?

​Bayesian filtering

A logical computer network of zombies under the control of an attacker.​

​Botnet

A trust model with one CA that acts as a facilitator to interconnect all other CAs

​Bridge trust model

An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer​

​Buffer overflow attack

Data that has been encrypted.​

​Ciphertext

Malicious computer code that, like its biological counterpart, reproduces itself on the same computer.​

​Computer virus

​An attack that injects scripts into a web application server to direct attacks at clients.

​Cross-site scripting (XSS)

​An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.

​DNS poisoning

A key exchange that requires all parties to agree upon a large prime number and related integer so that the same key can be separately created.​

​Diffie-Hellman (DH)

A technology used to associate a user's identity to a public key, in which the user's public key is digitally signed by trusted third party.​

​Digital certificate

​A trust model that has multiple CAs that sign digital certificates

​Distributed trust model

A system such as a printer, smart TV, or HVAC controller, typically uses an operating system on what is called a:

​Embedded system

What is the best way to prevent data input by a user from having potentially malicious effects on software?​

​Escaping user responses

Another name for locally shared object (LSO)

​Flash cookie

The Authentication Header (AH) protocol is a part of what encryption protocol suite below?​

​IPSec

Why is IPsec considered to be a transparent security protocol?​

​IPsec is designed to not require modifications of programs, or additional training, or additional client setup

Computer code that lies dormant until it is triggered by a specific logical event​

​Logic bomb​

​A computer virus that is written in a script known as a macro

​Macro virus

A nonrelational database that is better tuned for accessing large data sets.

​NoSQL

An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.

​Ping flood

​An asymmetric encryption key that does have to be protected.

​Private key

On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?​

​Privilege escalation

A framework for managing all of the entities involved in creating, storing, distributing, and revoking digital certificates

​Public key Infrastructure (PKI)

Malware that locks or prevents a device from functioning properly until a fee has been paid is known as:​

​Ransomware

Select below the secure alternative to the telnet protocol:

​SSH

​Symmetric keys to encrypt and decrypt information exchanged during a handshake session between a web browser and web server

​Session keys

A form of verification used when accessing a secure web application

​Session token

Which of the following is not one of the four methods for classifying the various types of malware?​

​Source

​A phishing attack that targets only specific users

​Spear phishing

​A trust model in which two individuals trust each other because each individually trusts a third party.

​Third-party trust

What type of attack is targeted against a smaller group of specific individuals, such as the major executives working for a manufacturing company?​

​Watering Hole

A mobile operating system for Apple iPhones​

​iOS

A process in which keys are managed by a third party, such as a trusted CA​

​key escrow

The means by which an attack could occur​

​threat vector

Social Security numbers, financial account numbers, credit card numbers, and date of birthare examples of __________ as stipulated under GLBA.

NPI

Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.

NSA

Used to synchronize the clocks of computers on a network.

NTP (Network Time Protocol)

The database of Internet IP addresses and their associated names.

Name Space

________ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object's classification.

Need-to-know

reconnaissance

Network ________ is gathering information about a network for use in a future attack.

5.10 closely monitored by the security adminitrator, an not the system administrator.

Non-Discretion AC

What is a backdoor?

Obtaining admin access to a computer system while attempting to remain undetected

NSA

Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.

Of the three types of mutating malware, what type changes its internal code to one of a set number of predefined mutations whenever it is executed?​

Oligomorphic malware

Accounts that remain active after employee has left organization.

Orphaned accounts

_______ is the nondata information that must accompany data for a signal to be properly routed and interpreted by the network.

Overhead

What are the standards set by PCI DCS and what are the principles on this requirement?

PCI DCS (Payment Card Industry Data Security Standard) -Build and maintain a secure network, protect cardholder data, maintain a vulnerability-management program, implement strong access control measures, regularly monitor and test networks and maintain an information security policy.

ICMP services are used by ______ to send echo requests.

PING (Packet INternet Groper)

____ is an Application layer protocol used to retrieve messages from a mail server.

POP (Post Office Protocol)

How does Risk Management affect security roles?

Pages 252-253

What is the difference between a broad firewall and a multi-layered firewall and when is i appropriate to use each type?

Pages 330-332

Health Insurance Portability and Accountability Act (HIPPA)

Passed in 1996, requires health care organizations to secure to secure patient information.

Compliance Laws - Gramm-Leach-Bliley Act

Passed in 1999, requires all types of financial institutions to protect customers' private financial information.

Children's Internet Protection Act (CIPA)

Passed in 2000, requires public schools and public libraries to use an Internet safety policy. The policy must address the following: Children's access to inappropriate matter on the Internet, Children's security when using e-mail, chat rooms, and other electronic communications, restricting hacking and other unlawful activities by children online, disclosing and distributing personal information about children without permission, and restricting children's access to harmful materials.

Compliance Laws - Sarbanes Oxley Act

Passed in 2002, it requires publicly traded companies to submit accurate financial reporting. It does not require securing private information, but it does require security controls to protect the confidentiality and integrity of the reporting itself.

A weak authentication protocol that has ben replaced by the Extensible Authentication Protocol (EAP).

Password Authentication Protocol (PAP)

What are the four security objectives for internal security and what do they mean?

Privacy, Integrity, Authorization and Access Control

Data classification standards, know the types of data and how they are classified.

Private data,Confidential, Internal use only, and public domain data.

Which of the following is not one of the functions of a digital signature?

Protect the public key

An EAP method desgned to simplify the deployment of 802.1x by using Microsoft Windows logins and passwords.

Protected EAP (PEAP)

A framework for all of the entities involved in digital certificates for digital certificate management is known as:

Public key infrastructure

An asymmetric encryption key that does not have to be protected.​

Public key​

Cryptography that attempts to use the microscopic behaviors of objects to develop and share keys while also detecting eavesdropping is known as what type of cryptography?

Quantum cryptography

_____, or _____ _____ _____ _____ _____ _____, was developed in 1992 and quickly became the industry standard with widespread support across nearly all vendors of networking equipment. _____ was originally designed for remote dial-in access to a corporate network.

RADIUS, Remote Authentication Dial In User Service

Intentionally flooding the radio frequency (RF) spectrum with extraneous RF signal "noise" that creates interference and prevents communications from occurring.

RF jamming

The asymmetric cryptography algorithm most commonly used is:

RSA

Identify the different Asymmetric Cryptographic Applications?

RSA, DSA & SHA

Proximity readers utilize a special type of tag that can be affixed to the inside of an ID badge. What is the name for this type of tag?

Radio Frequency Identification tag (RFID)

2.2 VoIP

Real-Time, voice communication

________ provides information on what is happening as it happens.

Real-time monitoring

Transposition Cipher

Rearranges characters or bits of data.

____________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage.

Recover time objective

What is the name for an organization that receives, authenticates, and processes certificate revocation requests?

Registration Authority

When developing, implementing and designing and organization you often must comply with the rules on what level?

Regulatory Compliance

An industry standard authentication service with widespread support across nearly all vendors of networking equipment.

Remote Authentication Dial in User Service (RADIUS)

1.7 Organization's IT infrastructure. Critical for staff member. dangerous yet necessary for mobile worker.

Remote acess domain

Substitution Cipher

Replaces bits, characters, or blocks of information with other bits, characters, or blocks.

_____ packets are issued by the authenticator and ask for a _____ packet from the supplicant.

Request, response

Which of the following is not one of the types of settings that would be included in a Microsoft Windows security template?

Resolution settings

Access Control

Restricting information to the right people.

Indirect Attacks

Result of a preprogramed hostile code exploits, such as Internet worms or viruses. The attacks are unleashed indiscriminately.

the likelyhood that something bad happens to an asset is

Risk

What are the primary components of Risk Management?

Risk Mitigation (reduction), Risk assignment (transference), Risk Acceptance, and Risk Avoidance.

probability

Risks apply to specific assets. If you multiply the risk __________ by the cost of the asset, the result is the exposure to a specific risk.

A "real-world" access control model in which access is based on a user's job function within the organization.

Role Based Access Control (RBAC)

Assigns permissions to particular roles in the organization and then users are assigned to roles; Considered a more "real-world" approach

Role Based Access Control (RBAC)

What name is given to an access control method that bases access control approvals on the jobs the user is assigned?

Role-based access control (RBAC)

Protocols that can span more than one LAN.

Routable

An access control model that can dynamically assign roles to subjects based on a set of rules defined by a custodian.

Rule Based Access Control (RBAC)

Dynamically assigns roles to subjects based on a set of rules defined by a custodian; Used for managing user access to one or more systems

Rule Based Access Control (RBAC)

5.11 A list of rules, maintained by the data owner.

Rule-based AC

Application Defenses

Software applications provide end users with access to shared data. Some common controls include the following: Implementing regular antivirus screening on all host systems, ensuring that virus definition files are up to date, requiring scanning of all removable media, installing personal firewall and IDS software on hosts as an additional security layer, deploying change detection software and integrity checking software and maintaining logs, implementing e-mail usage controls and ensuring that e-mail attachments are scanned, establishing a clear policy regarding software installations and upgrades, ensuring that only trusted sources are used when obtaining, installing, and upgrading software through digital signatures and other validations.

What is ment by constrained user interface?

Software that allows users to enter only specific information.

Structured Attacks

Sophisticated hacking techniques to identify, penetrate, probe, and carry out malicious activities.

The location of the origination of the packet. Addresses generally can be indicated by a specific IP address or range of addresses, an IP mask, the MAC address, or host name.

Source address

The TCP/IP port number being used to send packets of data through. Options for setting the _____ _____ often include a specific port number, a range of numbers, or Any.

Source port

What is the term used to describe unsolicited messages received on instant messaging software?

Spim

Which type of cryptographic algorithm takes an input string of any length, and returns a string of any requested variable length?

Sponge

_____ _____ _____ keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.

Stateful packet filtering

_____ _____ _____ looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator.

Stateless packet filtering

Anti-virus products typically utilize what type of virus scanning analysis?​

Static analysis

When an authentication request is received, the RADIUS server validates that the request is from an approved AP and then decrypts the data packet to access the user name and password information. Name the step.

Step 3

If the user name and password are correct, the RADIUS server sends an authentication acknowledgment that includes information on the user's network system and service requirements. Name the step.

Step 4

If accounting is also supported by the RADIUS server, an entry is started in the accounting database. Name the step.

Step 5

Once the server information is received and verified by the AP, it enables the necessary configuration to deliver the wireless services to the user. Name the step.

Step 6

​An algorithm that takes one character and replaces it with one character.

Stream cipher

Process of subdividing a single class of networks into multiple, smaller logical networks, or segments.

Subnetting

____ is the process of subdividing a network segment.

Subnetting

What is a transposition cipher, a substitution cipher and which one is a Caesar Cipher?

Substitution is a Caesar Cipher.

If the authentication is successful, a _____ packet is sent to the supplicant; if not, a _____ packet is sent.

Success, failure

Large-scale, industrial control systems.

Supervisory control and data acquisition (SCADA)

One of the armored virus infection techniques utilizes encryption to make virus code more difficult to detect, in addition to separating virus code into different pieces and inject these pieces throughout the infected program code. What is the name for this technique?

Swiss cheese

9. Symmetric Encryption

Symmetric meaning the same, uses only 1 key, a public key that is available to everyone

A ________ enables the virus to take control and execute before the computer can load most protective measures.

System infector

1.8 Hold all the mission-critical systems, applications, and data. Authorized user. Data like treasure. Private customer data, intellectual property, or national security. Seek deep within an IT system.

System/application Domain

The current version of the Terminal Access Control Access Control System authentication service.

TACACS+

____ is a connection oriented protocol.

TCP

____ operates at the Transport layer of the OSI Model and provides reliable data delivery services.

TCP (Transmission Control Protocol)

_____ divides a channel into multiple intervals of time, or time slots.

TDM (time division multiplex)

What cryptographic transport algorithm is considered to be significantly more secure than SSL?

TLS

Among the Session layer's functions are establishing and keeping alive the communications link for the duration of the session, keeping the communication secure, synchronizing the dialogue between the two nodes, determining whether communications have been cut off, and, if so, figuring out where to restart transmission, and terminating communications.

TRUE

Every process that occurs during network communications can be associated with a layer of the OSI Model

TRUE

In a ________, the attacker sends a large number of packets requesting connections to the victim computer

SYN flood

In a ________, the attacker sends a large number of packets requesting connections to the victim computer.

SYNflood

SOX

Sarbanes-oxley act of 2002: enacted in response to the financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices.

3.8 Which of the following terms best describes a person with very little skill?

Script kiddie

Select below the term that is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so:

Script kiddies

A small form factor storage media of a variety of different types and sizes.

Secure Digital (SD)

SHA

Secure Hash Algorithm - A one way hash algorithm designed to ensure the integrity of a message.

Transporting LDAP traffic over Secure Sockets Layer (SSL) or Transport Layer Security (TLS)

Secure LDAP

The regulating agency for the Sarbanes-Oxley Act is the ________.

Securities and Exchange Commission

An Extensible Markup Language (XML) standard that allows secure web domains to exchange user authentication and authorization data.

Security Assertion Markup Language (SAML)

TRUE or FALSE: Addressing is a system for assigning unique identification numbers to devices on a network.

TRUE

TRUE or FALSE: If congestion or failures affect the network, a router using dynamic routing can detect the problems and reroute data through a different path.

TRUE

TRUE or FALSE: One disadvantage to using wireless NICs is that currently they are somewhat more expensive than wire-bound NICs.

TRUE

TRUE or FALSE: Protocols ensure that data are transferred whole, in sequence, and without error from one node on the network to another.

TRUE

TRUE or FALSE: Static IP addressing can easily result in the duplication of address assignments.

TRUE

TRUE or FALSE: Transmission methods using fiber-optic cables achieve faster throughput than those using copper or wireless connections.

TRUE

TRUE or FALSE: UDP (User Datagram Protocol) belongs to the Transport layer of the OSI.

TRUE

TRUE or FALSE: When a router is used as a gateway, it must maintain routing tables as well.

TRUE

Cipher locks are sometimes combined with what type of sensor, which uses infrared beams that are aimed across a doorway?

Tailgate sensors

The physical procedure whereby an unauthorized person gains access to a location by following an authorized user is known as?

Tailgating

____ is a terminal emulation protocol to log on to remote hosts using the TCP/IP protocol suite.

Telnet

The WPA and WPA2 encrytion technology.

Temporal Key Integrity Protocol (TKIP)

An authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server.

Terminal Access Control Access Control System (TACACS)

True

The ANSI produces standards that affect nearly all aspects of IT.

True

The Gauss is a measurement of a magnetic field.

HIPAA

The Health Insurance Portability and Accountability Act, a federal law protecting the privacy of patient-specific health care information and providing the patient with control over how this information is used and distributed.

True

The Info tech Security Certified Program (SCP) certification programs apply mainly to network security topics and are most appropriate for professionals involved in securing network components within the IT infrastructure.

American National Standards Institute (ANSI)

The ________ is a U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.

World Wide Web Consortium (W3C)

The ________ is an organization formed in 1994 to develop and publish standards for the World Wide Web.

LAN-to-WAN Domain

The ________ is where the fourth layer of defense is required.

IAB

The ________ provides oversight for architecture for Internet protocols and procedures, processes used to create standards, editorial and publication procedures for RFCs, and confirmation of IETF chair and technical area directors. It also provides much of the high-level management and validation of the processes of conducting IETF business.

CISSP-ISSMP®

The ____________ concentration from (ISC)2 contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a business continuity planning program.

CISSP-ISSEP®

The ____________ concentration from (ISC)2 is the road map for incorporating security into projects, applications, business processes, and all information systems.

Hollings Manufacturing Extension Partnership

The ____________ is a network of centers around the United States that offers technical and business assistance to small- and medium-sized manufacturers.

LAN-to-WAN Domain

The ____________ represents the fourth layer of defense for a typical IT infrastructure.

What is meant by annual rate of occurrence (ARO)?

The annual probability that a stated threat will be realized.

Certified Authorization Professional

The best fits for (ISC)2's_____________ are personnel responsible for developing and implementing processes used to assess risk and for establishing security requirements.

True

The best-known standard that relates to information security is the IEEE 802 LAN/MAN standard family.

Physical Layer

The lowest, or first, layer of the OSI model. Protocols in the Physical layer generate and detect signals so as to transmit and receive data over a network medium. These protocols also set the data transmission rate and monitor data error rates, but do not provide error correction.

True

The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas.

Which of the following is the definition of system owner?

The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO.

Which of the following is an accurate description of cloud computing?

The practice of using computing services that are delivered over a network.

Principles of least privilege

The principles of least privilege, means giving a user account only those privileges which are essential to that user's work.

Which of the following is the definition of access control?

The process of protecting a resource so that it is used only by those allowed to use it; a particular method used to restrict or allow access to resources.

True

The purpose of DoD Directive 8570.01 is to reduce the possibility that unqualified personnel can gain access to secure information.

What is a security audit?

The purpose of a security audit is to make sure your systems and security controls work as expected. Includes Monitor, Audit, Improve & Secure.

data loss

The recovery point objective (RPO) identifies the amount of _________ that is acceptable.

Confidentiality

The requirement to keep information private or secret is the definition of __________.

When an information security breach occurs in your organization, a --- helps determine what happened to the system and when.

Security event log

What is a worm and how does it propagate?

Self-contained programs designed to propagate from one host machine to another, using the host's own network communication protocols.

---- is the process of dividing up tasks into a series of unique activities

Separation of duties

____ is a method of identifying segments that belong to the same group of subdivided data.

Sequencing

What kind of server connects a remote system through the Internet to local serial ports using TCP/IP?

Serial server

Select below the type of certificate that is often issued from a server to a client, with the purpose of ensuring the authenticity of the server:

Server digital

Data Link Layer

The second layer in the OSI model. The Data Link layer bridges the networking media with the Network layer. Its primary function is to divide the data it receives from the Network layer into frames that can then be transmitted by the Physical layer.

Application Layer

The seventh layer of the OSI model. Application layer protocols enable software programs to negotiate formatting, procedural, security, synchronization, and other requirements with the network.

Presentation Layer

The sixth layer of the OSI model. Protocols in the Presentation layer translate between the application and the network. Here, data are formatted in a schema that the network can understand, with the format varying according to the type of network used. The Presentation layer also manages data encryption and decryption, such as the scrambling of system passwords.

four-year

The standard bachelor's degree is a __________ program.

Network Layer

The third layer in the OSI model. Protocols in the Network layer translate network addresses into their physical counterparts and decide how to route data from the sender to the receiver.

security

The world needs people who understand computer-systems ________ and who can protect computers and networks from criminals and terrorists.

USBtoken

This device uses public key infrastructure (PKI) technology—for example, a certificate signed by a trusted certification authority—and doesn't provide one-time passwords.

intrusion detection system (IDS)

This security appliance examines IP data streams for common attack and malicious intent patterns.

Certain security objectives add value to information systems. _________ provides an exact time when a producer creates or sends information.

Timestamping

Know the government data classification standards.

Top Secret, Secret and Confidential

WAN Domain Vulnerability

Transmitting private data unencrypted, Malicious attacks from anonymous sources, Denial of Service attacks, and Weaknesses in software.

Select below the type of malware that appears to have a legitimate use, but actually contains or does something malicious:

Trojan

2.6 VoIP is more secure than SIP.

True

2.7 SIP is less secure than VoIP.

True

3.7 The main goal of a cyberattack is to affect one or more IT assets.

True

5.13 access control are policies or procedure used to control access to certain items.

True

A compliance liaison works with each department to ensure that it understands, implements, and monitors compliance in accordance with the organization's policies.

True

A physically constrained user interface is a user interface that does not provide a physical means of entering unauthorized information.

True

Encrypting e-mail communication is needed if you are sending confidential information within an e-mail message through the public internet. True or False?

True

Information security is specific to securing information, whereas information systems security is focused on the security of the systems that house the information. True or False?

True

Most certifications require certification holders to pursue additional education each year to keep their certifications current.

True

The weakest link in the security of an IT infrastructure is the user

True

Using security policies, standards, procedures, and guidelines helps organizations decrease risks and threats. True or False?

True

The type of trust relationship that can exist between individuals or entities.

Trust model

____ cable consists of color-coded pairs of insulated copper wires, each with a diameter of 0.4 to 0.8 mm.

Twisted-pair

authentication

Two-factor __________ should be the minimum requirement for valuable resources as it provides a higher level of security than using only one.

The regulating agency for the Family Educational Rights and Privacy Act is the ________.

U.S. department of eduacation

Restricting access to unapproved websites.

URL filtering

This device uses public key infrastructure (PKI) technology—for example, a certificate signed by a trusted certification authority—and doesn't provide one-time passwords.

USBtoken

LAN Domain Vulnerability

Unauthorized network access, transmitting private data unencrypted, and spreading malicious software.

System/Application Domain Vulnerability

Unauthorized physical or logical access to resources, Weakness in server operating system or application software, and Data loss from errors, failures or disasters.

Workstation Domain Vulnerability

Unauthorized user access, Malicious software introduced, and weaknesses in installed software.

An address that represents a single interface on a device.

Unicast address

Network hardware that provides multiple security functions.

Unified Threat Management (UTM)

ANSI

Unlike other organizations that specifically focus on engineering or technical aspects of computing and communication, the __________ primarily addresses standards that support software development and computer system operation.

What are the four types of attacks?

Unstructured, Structured, Direct and Indirect.

A communication protocol that is connectionless and is popular for exchanging small amounts of data or messages is called ---

User Datagram Protocol (UDP)

1.16 The____ is the weakest link in IT infrastructure.

User Domain

The ___ is the weakest link in an IT infrastructure.

User Domain

1.1 User can access systems, applications, and datapending

User domain

Risk Mitigation

Uses various controls to mitigate or reduce identified risks. These controls might be administrative, technical or physical.

A type of virus that infects other files and spreads in multiple ways.

What is meant by multiparite virus

A list of identified risks that results from the risk-identification process.

What is meant by risk register?

Federal Information Security Management Act (FISMA)

What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens' private data and have proper security controls in place?

Dense wavelength division multiplexing (DWDM)

What name is given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video, or data communications?

Point-to-Point Tunneling Protocol (PPTP)

What name is given to a protocol to implement a VPN connection between two computers?

qualitative risk analysis

What name is given to a risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them?

role-based access control (RBAC)

What name is given to an access control method that bases access control approvals on the jobs the user is assigned?

National Centers of Academic Excellence in Information Assurance Education (CAE/IAE)

What name is given to educational institutions that meet specific federal information assurance educational guidelines?

Network address translation (NAT)

What term is used to describe a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address?

frame relay

What term is used to describe a packet-based WAN service capable of supporting one-to-many and many-to-many WAN connections?

Wi-Fi Protected Access (WPA)

What term is used to describe the current encryption standard for wireless networks?

negative risk

When you accept a __________, you take no further steps to resolve.

threshold

When you apply an account-lockout policy, set the __________ to a high enough number that authorized users aren't locked out due to mis-typed passwords.

True

Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security.

Architect

Which is Cisco's highest level of certification?

Operating System Defense

Serves as an interface between application software and hardware resources. Controls to secure the operating system are important. These include: Deploying change-detection and integrity-checking software and maintaining logs, deploying or enabling change-detection and integrity-checking software on all servers, ensuring that all operating systems are consistent and have been patched with the latest updates from vendors, ensuring that only trusted sources are used when installing and upgrading OS code, and disabling any unnecessary OS services and processes that may pose a security vulnerability.

The --- framework defines the scope and content of threelevels of audit reports.

Service Organizaiton Control (SOC)

The alphanumeric user-supplied network name of a WLAN.

Service Set Identifier (SSID)

--- is the basis for unified communication and is the protocol used by real-time applications such as IM chat, conferencing and collaboration

Session Initiation Protocol (SIP)

Voice an unified communications are --- applications that use 64 byte IP packets

Session Initiation Protocol (SIP)

Which OSI Reference Model layer creates, maintains, and disconnects communications that take place between processes over the network?

Session Layer

An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:

Session hijacking

Only if a signature of scanning by this application has been previously created.

Signature-based monitoring

​An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

Smurf attack

What term below is used to describe a means of gathering information for an attack by relying on the weaknesses of individuals?

Social engineering

one of the most popular types of attacks on computer systems involves--- . These attack deceive or use people to get around security controls.

Social engineering

The process of protecting a resource so that it is used only by those allowed to use it; a particular method used to restrict or allow access to resources.

Which of the following is the definition of access control?

A standard unit of credit that equals 50 minutes of instruction.

Which of the following is the definition of continuing professional education (CPE)?

A network device that connects network segments, echoing all received traffic to all other ports.

Which of the following is the definition of hub?

What is the name of the cryptographic hash function that has international recognition and has been adopted by standards organizations such as the ISO, that creates a digest of 512 bits and will not be subject to patents?

Whirlpool

3.5 ethical hacker, is an information systems security professional, has authorization to identify vulnerabilities and perform penetration testing, fixing system

White-hat

What term is used to describe the current encryption standard for wireless networks?

Wi- Fi protected access

The original set of protections from the Wi-Fi Alliance designed to address both encryption and authentication.

Wi-Fi Protected Access (WPA)

The second generation of WPA security from the Wi-Fi Alliance that addresses authentication and encryption on WLANs and is currently the most secure model for Wi-Fi security.

Wi-Fi Protected Access 2 (WPA2)

An optional means of configuring security on wireless local area networks primarily intended to help users who have little or no knowledge of security to quickly and easly implement security on their WLANs. Due to design and implementation flaws, WPS is not considered secure.

Wi-Fi Protected Setup (WPS)

An IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information. WEP has significant vulnerabilities and is not considered secure.

Wired Equivalency Privacy (WEP)

With wireless LANs (WLANs), radio transceivers are used to transmit IP packets from a WLAN NIC to a _____________.

Wireless access point (WAP)

no standard time frame

With university doctoral programs, completing the degree requirements takes ________.

Wireless access point (WAP)

With wireless LANs (WLANs), radio transceivers are used to transmit IP packets from a WLAN NIC to a _____________.

The director of IT security is generally in charge of ensuring that the ____________ conforms to policy.

Workstation Domain

1.2 A workstation can be a desktop computer, a laptop computer, aspecial-purpose. Require tight security and access controls

Workstation domain

The International Organization for Standardization (ISO) created a standard for directory services known as _____.

X.500

What language below is for the transport and storage of data, with the focus on what the data is?

XML

A collection of protocols designed by the IETF to simplify the setup of nodes on a TCP/IP network.

Zeroconf

Dense wavelength division multiplexing (DWDM)

________ is a technique where multiple light streams can transmit data through a single strand of fiber.

Need-to-know

________ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object's classification.

A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.

a botnet

Standard

a detailed written definition for hardware and software and how it is to be used. Standards ensure that consistent security controls are used throughout the IT system.

IPS

a device that can take immediate action during an attack to block traffic, blacklist an IP address, or segment an infected host

Gray-hat Hackers

a hacker with average abilities who may one day become a Black-hat or White-hat hacker.

Which of the following describes the Family Educational Rights and Private ACT?

a law that protects the private data of students

Policy

a short written statement that the people in charge of the organization have set as a course of action or direction. A Policy comes from upper management and applies to the entire organization.

Guidelines

a suggested course of action for using the policy, standards, or procedures. Guidelines can be specific or flexible regarding use.

Vulnerability

a weakness that allows a threat to be realized or to have an effect on an asset.

Biometrics is another --- method for identifying subjects

access control

The mechanism used in an information system for granting or denying approval to use specific resources.

access control

A set of permissions that is attached to an object.

access control list (ACL)

A predefined framework found in hardware and software that a custodian can use for controlling access.

access control model

LAN to WAN connectivity is ____.

access server

The process of setting a user's account to expire.

account expiration

________refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.

accredited

24. Mitigate

action taken to reduce the likelihood of a threat occurring.

Slave devices that are connected to the piconet and are sending transmissions are known as _____ _____; devices that are connected but are not actively participating are called _____ _____.

active slaves, parked slaves

DMZ

acts as a buffer zone between the web where no controls exist and the LAN which has security policies and controls in place.

A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ________.

administrative control

A software program that collects information about Internet usage and uses it to present targeted advertisements to users is the definition of ________.

adware

What name is given to a method of developing software that is based on small project iteration, or sprints, instead of long project schedules?

agile development

In information security, what constitutes a loss?

all of the above

A wave's ____ is a measure of its strength at any given point in time.

amplitude

The formal process of monitoring and controlling risk focuses on --- new risks.

analyzing

An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.

anomaly-based IDS?

A monitoring technique used by an intrusion detection system (IDS) that creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from this baseline, an alarm is raised.

anomaly-based monitoring

Threats

any action that could damage an asset. Threats include natural and human-induced threats.

Through ____ layer protocols, software applications negotiate their formatting, procedural, security, synchronization, and other requirements with the network.

application

A specialized intrusion detection system (IDS) that is capable of using "contextual knowledge" in real time.

application-aware IDS

An intrusion prevention system (IPS) that knows information such as the applications that are running as well as the underlying operating systems.

application-aware IPS

A firewall that can identify the applications that send packets through the firewall and then make decisions about the applications.

application-aware firewall

A special proxy server that knows the application protocols that it supports.

application-aware proxy

5.14 which are the best describes the authorization

approvad for

54. De Jure standards

are official standards such as those that are set by the IEEE.

38. Stateless firewalls

are only capable of examining individual packets. They obviously much quicker but not as sophisticated.

7. Assets

are resources and information an organization need to conducts its business. Data is unquestionably a company's most important asset.

55. De Facto standards

are those standards, though not set by the IEEE or any other organization, and still are accepted as the industry standard.

3. Critical infrastructure

are those whose loss would have severe repercussions to our nation i.e. Transportation Sector, Power Grid, Financial Infrastructure, Water Filtration Plants, Telecom Infrastructure, National Monuments, Chemical Facilities etc.

Procedures

are written instructions for how to use polices and standards. The may include a plan of action, installation, testing and auditing of security controls.

How your organization responds to risk reflects the value it puts on its ___________.

assests

An item that has value.

asset

Maintaining an accurate record of company-owned mobile devices.

asset tracking

The first step in risk analysis is to determine what and where the organizations --- are located

assets

The first step in risk analysis is to determine what and where the organizations _________ are located.

assets

A common DSL service is ________,where the bandwidth is different for downstream and upstream traffic.

asymmetric digital subscriber line (ADSL)

An authentication token used to process challenge-response authentication with a server. It takes the server's challenge value and calculates a response. The user enters the response to authenticate a connection.

asynchronous token?

What name is given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video , or data communications?

asynchronous transfer mode (ATM)

An attempt to exploit a vulnerability of a computer or network component is the definition of ________.

attack

The loss of a signal's strength as it travels away from its source is known as ____.

attenuation

The primary differnece between SOC 2 and SOC 3 reports is thier...

audience

Two-factor __________ should be the minimum requirement for valuable resources as it provides a higher level of security than using only one.

authentication

The AP, serving as the _____ that will accept or reject the wireless device, creates a data packet from this information called the _____ _____. This packet includes information such as identification of the specific AP that is sending the authentication request and the user name and password. Name the step.

authenticator, authentication request

Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.

availability

The ____ of a network refers to that part of the network to which segments and shared devices connect.

backbone

When an attacker discovers a __________, he or she can use it to bypass existing security controls such as passwords, encryption, and so on.

backdoor

Brewer and Nash Integrity Model

based on the mathematical theory published in 1989 to ensure fair competition. It is used to apply dynamically changing access permissions.

What is the name for a standard or checklist against which systems can be evaluated and audited for their level of security (security posture)?

baseline

What term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products?

baseline

A monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it.

behavior-based monitoring

The term ____ refers to the most efficient route from one node on a network to another.

best path

The total number of errors divided by the total number of bits transmitted is the definition of

bit error rate

A __________ tries to break IT security and gain access to systems with no authorization, in order to prove technical prowess.

black- hat -hacker

A method of security testing that isn't based directly on knowledge of a programs architecture is the definition of ...

black-box testing

A __________ tries to break IT security and gain access to systems with no authorization, in order to prove technical prowess.

black-hat hacker

_______________ is another symmetric algorithm that organizations currently use. It is a 64-bit block cipher that has a variable key length from 32 to 448 bits. It is much faster than DES or IDEA and is a strong algorithm that has been included in more than 150 products, as well as v2.5.47 of the Linux kernel. Its author, Bruce Schneier, placed it in the public domain.

blowfish

An attack that sends unsolicited messages to Bluetooth-enabled devices.

bluejacking

An attack that accesses unauthorized information from a wireless device through a Bluetooth connection.

bluesnarfing

_____________ are the main source of distributed denial of service (DDoS) attacks and spam.

botnets

What type of trust model has a single CA that acts as a facilitator to interconnect all other CAs?

bridge trust

Octet(s) that represent host information are set to equal all 1s, or in decimal notation 255 are known as _____ .

broadcast addresses

Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________.

brute-force attack

It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________.

buisness continuity plan

A computer's ____ is the circuit, or signaling pathway, used by the motherboard to transmit data to the computer's components, including its memory, processor, hard disk, and NIC.

bus

A___________ primarily addresses the processes, resources, equipment, and devices needed to continue conducting critical business activities when an interruption occurs that affects the business's viability.

business continuity plan (BCP)

A ___________ is a formal analysis of an organization's functions and activities that classifies them as critical or noncritical.

business impact analysis (BIA)

What term is used to describe streamlining processes with automation or simplified steps?

business process engineering

Most portable devices, and some computer monitors, have a special steel bracket security slot built into the case, which can be used in conjunction with a:

cable lock

The hardware that makes up the enterprise-wide cabling system is known as the ____.

cable plant

The software in a phone system that performs the call switching from an inboundtrunk to a phone extension

call control

A _____ _____ _____ uses a standard web browser to provide information, and gives the wireless user the opportunity to agree to a policy or present valid login credentials, providing a higher degree of security.

captive portal AP

An infrastructure that is used on public access WLANs to provide a higher degree of security.

captive portal AP

The technical evaluation of a system to provide assurance that you have implemented the system correctly

certification

A ____ is a distinct communication path between nodes, much as a lane is a distinct transportation path on a freeway.

channel

The output of a one-way algorithm; a mathematically derived numerical representation of some input.

check-sum

A _____ is a unique character string that allows the receiving node to determine if an arriving data unit matches exactly the data unit sent by the source.

checksum

What name is given to a software-based application like WebEx that supports audio conferencing and sharing of documents (text, spreadsheets, presentations, etc.) for real-time discussions with team members or colleagues?

collaboration

Information security activities directly support several common business drivers, including ________ and efforts to protect intellectual property.

compliance

What do the letters of the C - I - A triad stand for?

confidential , integrety, availabilty

What term is used to describe guarding information from everyone except those who have rights to it?

confidentiality

The Bell-La Padula access control model focuses primarily on ---

confidentiality of data and control of access to classified information

Information regulated under the GRamm Leach Bliey Act is

consumer financial information

Cold Site

contains site, power and telecom. Everything else i.e. hardware, software and backups must be brought in.

Warm Site

contains site, telecom, power and hardware. Software and backups are to be brought with.

Searching incoming web content to match keywords.

content inspection

The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree.

continueing education

An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________.

continuing education

What name is given to educational institueitons that meet specifif federal information assurance educational guidelines

continuing education centers

As your organization evolves and as threats mature, it is important to make sure your ... stil meets the risks you face today

controls

Information regulated under the sarbanes oxley act is

corporate financial information

Forensics and incident response are examples of ___________ controls.

corrective

A measure installed to counter or address a specific threat is the definition of ________.

countermeasure

A _________ has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. They represent the greatest threat to networks and information resources.

cracker

A secure repository for storing valuable authentication information on a mobile device.

credential management

A premeditated, politically motivated attack against information, computer systems, computer programs, and data, which often results in violence.

cyberterrorism

The goal and objective of a --- is to provide a consistent definition for how an organization should handle and secure different types of data

data classification standard

The primary function of protocols in the ____ layer, is to divide data they receive from the Network layer into distinct frames that can then be transmitted by the Physical layer.

data link

The recover point objective (RPO) identifies the amount of ---- that is acceptable

data loss

The recovery point objective (RPO) identifies the amount of _________ that is acceptable.

data loss

A system that puts access control into the hands of people such as department managers who are closest to system users; there is no one centralized entity to process access requests in this system.

decentralized access control

A defense that uses multiple types of security devices to protect a network. Also called layered security.

defense in depth

The point of division between the telcom service provider and internal network ____.

demarc

What name is given to an exterior network that acts as a buffer zone between the public internet and the organizations IT?

demilitarized zone

A separate network that rests outside the secure network perimeter: untrusted outside users can access the DMZ but cannot enter the secure network.

demilitarized zone (DMZ)

What name is given to an attack that uses ping or ICMP echo-request, echo-reply messages to bring down the availability of a server or system?

denial of service

36. Mutual Authentication

describes a process in which each side of an electronic communication verifies the authenticity where you would use a token and a password to authenticate. It can however be a combination of two or more types of authentication.

_____ is a TCP/IP utility similar to nslookup.

dig

What name is given to an object that uses asymmetric encryption to bind a message or data to a specific entity

digital signature

The X.500 standard defines a protocol for a client application to access an X.500 directory called the _____ _____ _____ (_____).

directory access protocol (DAP)

The purpose of the X.500 standard was to standardize how the data was stored so that any computer system could access these directories. The information is held in a _____ _____ _____ (_____).

directory information base (DIB)

Entries in the DIB are arranged in a tree structure called the _____ _____ _____ (_____).

directory information tree (DIT)

A _____ _____ is a database stored on the network itself that contains information about users and network devices. It contains information such as the user's name, telephone extension, email address, login name, and other facts.

directory service

--- is rapidly becoming an increasingly important aspect of enterprisecomputing

disaster recovery

In what kind of attack can attackers make use of hundreds of thousands of computers under their control in an attack against a single server or network?

distributed

Because of the limitations of a hierarchical trust model, what type of trust model is used for CAs on the Internet?

distributed trust

Group of computers that belongs to the same organization and has part of their IP addresses in common.

domain

A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?

drive-by-download

A(n) ____ is software that enables an attached device to communicate with the computer's OS.

driver

What name is given to patient health information that is computerbased?

electronic protected health information

The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ...

emergency operations group

An AP set up by an attacker to mimic an authorized AP and capture transmissions, so a user's device will unknowingly connect to this evil twin instead of the authorized AP.

evil twin

53. Behavior-Based Monitoring

examines and analyzes the behavior of processes and programs and detect any abnormal activities. It can then decide to allow or block the activity. Its advantage is that it doesn't have to compile a baseline or update its signature files and as a result can quickly stop new attacks.

At what stage can a certificate no longer be used for any type of authentication?

expiration

Automated attack package that can be used without an advanced knowledge of computers

exploit kit

Together, the additional bits used for subnet information plus the existing network ID are known as the ____.

extended network prefix

5.18 access control cannot be implemented in various

false

A professional certification states that you have taken the course and completed the tasks and assignments.

false

Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks.

false

GLBA distinguishes between customers and consumers for its notice requirements. A customer is any person who gets a consumer financial product or service from a financial institution.

false

In an asymmetric key system, where everyone shares the same secret, compromising one copy of the key compromises all copies.

false

In general, security training programs are identical to security education programs with respect to their focus on skills and in their duration.

false

One of the OSI Reference Model layers,the Transport Layer, is responsible for maintaining communication sessions between computers.

false

SOX doesn't apply to publicly traded companies

false

Security controls do not need to be implemented to secure VoIP and SIP on LANs andWANs.

false

The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues.

false

The goal of risk amangement is to eliminate risk.

false

The most difficult and slowest option for IT security training is studying materials yourself.

false

The standard bachelor's designation is a four-year diploma program.

false

The term certificate authority refers to a trusted repository of all public keys.

false

Wiretapping is an application incorporating known software vulnerabilities, data, and scripted commands to exploit a weakness in a computer system or IP host device.

false

Incorrectly identifying abnormal activity as normal

false negative

internet control message protocol is a method of IP address assignment that uses an alternate, public IP address to hide a systems real IP address

fasle

A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files).

file infector

A _____________ contains rules that define the types of traffic that can come and go through a network.

firewall

A program or dedicated hardware device that inspects network traffic passing though it

firewall

What type of device, sometimes called a packet filter, is designed to prevent malicious network packets from entering or leaving computers or networks?

firewall

A set of individual instructions to control the actions of a firewall.

firewall rules

37. Stateful firewalls

firewalls have the capability to examine the data stream from end to end.

A stateful inspection firewall compares received traffic with a set of rules that define which traffic it will permit to pass through the firewall.

flase

The process of gauging the appropriate rate of transmission based on how fast the recipient can accept data is known as _____.

flow control

46. NIST Password Standard 800-118

for Enterprise Password Management currently requires 8 characters with 1 uppercase and 1 special character.

What term is used to describe a packet- based WAN service capable of supporting one-to-many and many-to-many WAN connections?

frame relay

What term is used to describe a packet-based WAN service capable of supporting one-to-many and many-to-many WAN connections?

frame relay

Using a mobile device's GPS to define geographical boundaries where an app can be used.

geo-fencing

Adding or allowing geographical identification data in a mobile app.

geo-tagging

What is security testing that is based on limited knowledge of an application's design?

gray-box testing

5.5 group(s) you are in.

group membership policy

Attacker who attacks for ideological reasons that are generally not as well defined as a cyberterrorist's motivation

hactivist

The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.

hardend configuration

5.16 which are the best describes the authentication

hasbeen granted that access

What type of cryptographic algorithm is considered to be a one-way algorithm, in that its contents can't be used to reveal the original set of data?

hash

17. Differential backups

have a larger backup window where the files that have changed or modified are backed up. After the incremental backup has occurred it does not uncheck the archive bit back to 0 as does the incremental backup, in other words with a differential backup the archive bit always reads 1. The disadvantage is the backup takes longer but the restore process is shorter as all that is needed is the last differential backup and the last full backup to restore

16. Incremental backups

have a smaller backup window where files that have modified or changed are backed up. When the incremental backup is complete all archive bits are unchecked back to 0. The advantage is the backups are faster and the disadvantage is the restore process is longer and backups have to be restored in order. It is cumulative in nature.

Instead of trying to make a match, modern AV techniques are beginning to use a type of detection that attempts to identify the characteristics of a virus. What is the name for this technique?

heuristic detection

A monitoring technique used by an intrusion detection system (IDS) that uses an algorithm to determine if a threat exists.

heuristic monitoring

A ____ enables resource sharing by other computers on the same network.

host

A software-based application that runs on a local host computer that can detect an attack as it occurs.

host-based intrusion detection system (HIDS)

Among common recovery location options, this is one that can take over operations quickly. It has all the equipment and data already staged at the location, though you may need to refresh or update the data.

hot site

A _____ is a standard network device for connecting multiple network devices together so that they function as a single network segment.

hub

For all the technical solutions you can devise to secure your systems, the --- remains your greatest challenge.

human element

baseline

is a foundation for comparison or measurement. It is a comparison for what is and what it will be. For example of your boss tells you that he wants' to increase the amount of users on the network by 200 and your existing network is 500 you divide 200 by 500 and the result is a 40% increase in your baseline.

6. An Algorithm

is a mathematical formula, usually for encryption, which gives a step by step or instructions on how to solve a problem.

47. Entropy

is a measure of unpredictability of information content.

67. CSMA/CD

is a method of accessing a wired medium and when a collision occurs it uses a technique called jamming to make sure it can transmit the data which is unlike CSMA/CA a wireless access method which uses ACK or acknowledge packets to access and verify the transmission

Digital Certificate

is a password protected and encrypted file that holds individuals identification information including the public key.

34. Implicit Deny

is a philosophy where all user actions are prohibited unless specifically permitted.

25. AUP

is a policy that communicates to users what the who, what, why, where, when and how network resources are to be used.

Worm

is a program that travels through and replicates itself on the network. They do not alter programs as viruses do but are payload specific. They can and sometimes do carry viruses however.

Proxy Server

is a software application on a network host that screens all incoming and outgoing traffic. It's sometimes called the application gateway or simply the proxy.

IMPACT

is a systematic and methodical evaluation of exposure of assets to attackers, forces of Nature or any other entity that is a potential harm.

Disaster Recovery Plan or DRP

is a written plan developed to address how an organization will react to a natural or man made disaster in order to assure organizations business continuity. Remember also that some incidents can become disasters.

35. Single Sign On

is an authentication process by which the user can enter a single user ID and password and then move from resource to resource or application to application.

Hot Site

is an exact copy or mirror of your present network. It includes facility, hardware, power, telecom, software and backups.

Disaster

is an issue that escalates from an incident, either man made or natural that causes catastrophic damage to the functionality or QoS of a network. It is generally not solved in a timely manner.

Incident

is an issue that may be man made or natural whose impact affects the QoS or functionality of a network is resolved in a timely manner.

Trojan

is as it suggests. It is a program that disguises itself but actually causes harm to the machine

49. Public Key Encryption

is data that is encrypted using 2 keys, one private that's known only to the user and one public that's associated with the user. RSA is the most popular type used today and this type is called Asymmetric, meaning different.

48. Private Key Encryption

is data that is encrypted using a single key that only the sender and receiver know. The most common types of private key are AES and DES or 3 DES. This is known as Symmetric Encryption.

Virus

is program that replicates itself to other devices on the network. It needs an executable program to attach itself to in order to do its job.

anomaly

is something that does not fit into an expected pattern.

Control

is something you use to detect, prevent or mitigate the risk associated with a threat. Encryption is a good example of a control.

5. Access Control

is the ability of mechanisms or methods used to determine which permissions a user has for any network resource

68. Nonrepudiation

is the ability to verify that an operation has been performed by a particular person or account. It is a system property that prevents the parties to a transaction from subsequently denying involvement in the transaction.

57. Throughput

is the amount of data that a medium can transmit during a given period of time.

40. Fault Tolerance

is the capability of a network, system or component to continue functioning despite damage or malfunction.

29. AES or Advanced Encryption Standard

is the defacto method of encryption used today. Its block size is 128 bit and It can use key lengths of 128, 160, 192 & 256 bit.

56. Latency

is the delay between transmission of a signal and its receipt.

62. Risk

is the likelihood that a threat agent will exploit vulnerability

11. Confidentiality

is the principle that states information should not be disclosed to unauthorized individuals

58. Scalability

is the property that allows you to increase the size of the network easily.

41. Redundancy

is the use of one or more identical devices, connections or components for storing, processing, or transporting data. Redundancy is the most common method of achieving fault tolerance.

20. Biometrics

is where a individual uses finger prints, retinal scans, hand and facial geometry or voice analysis for authentication.

52. Anomaly Based Monitoring

is where an IPS or IDS establishes a baseline of normal activities over a given period of time. Then whenever a significant deviation for the baseline occurs it can detect it and sound an alarm. There are two issues with this form of detection and they are false alarms because sometimes network behavior changes rapidly and higher than usual network cost i.e. processing time.

51. Signature Based Monitoring

is where an IPS or IDS examines network traffic, activity and transactions and look for well known patterns.

21. Block cipher

is where entire blocks of data are encrypted at one time and inserted back into the text randomly. The randomness contributes to unpredictability which makes for stronger encryption. It is usually used by AES where its block size is 128 bit.

The act of moving individuals from one job responsibility to another.

job rotation

The process of issuing keys to valid users of a cryptosystem so they can communicate.

key distribution

The number of possible keys to a cipher is a

keyspace

Whether software or hardwarebased, a ____________ captures keystrokes, or user entries, and then forwards that information to the attacker.

keystroke logger

The NTRUEncrypt cryptographic algorithm makes use of which of the following cryptographic techniques?

lattice-based

A defense that uses multiple types of security devices to protect a network. Also called defense in depth.

layered security

Providing only the minimum amount of privileges necessary to perform a job or function.

least privilege

A dedicated network device that can direct requests to different servers based on a variety of factors.

load balancer

Services that can identify the location of a person carrying a mobile device or a specific store or restaurant.

location services

A technology that prevents a mobile device from being used until the user enters the correct passcode.

lock screen

A program that executes a malicious function of some kind when it detects certain conditions.

logic bomb

Computer code that is typically added to a legitimate program but lies dormant until it is triggered by a specific logical event is known as a?

logic bomb

A mechanism that limits access to computer systems and network resources is ________,

logical access control

The IP address 127.0.0.1 is called a(n) ____.

loopback address

Searching for malware in incoming web content.

malware inspection

What term is used to describe an attack in which the attacker gets between two parties and intercepts messages before transferring them on to their intended destination?

man-in-the-middle attack

What information security position reports to the CISO and supervises technicians, administrators, and security staff?

manager

One device is the _____, and controls all of the wireless traffic. The other device is known as a _____, which takes commands from the master.

master, slave

13. Availability

means that the software, hardware and data should be available to the user when he or she wants to access it.

A(n) ____ is a piece of hardware that enables networks or segments running on different media to interconnect and exchange signals.

media converter

The ________ is aregulation that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function.

minimum necessary rule

The tools and services responsible for distributing and controlling access to apps. Also called application control.

mobile application management (MAM)

Tools that allow a device to be managed remotely.

mobile device management (MDM)

Medical practices and hospitals realized early on that ________ provide(s) the ability to provide access to the necessary information without having to invest in many computers and network infrastructure.

mobile devices

Medical practices and hospitals realized early on that ________ provide(s) the ability toprovide access to the necessary information without having to invest in many computersand network infrastructure

mobile devices

A router with multiple slots that can hold different interface cards or other devices is called a(n) ____.

modular router

The ____ is the main circuit that controls the computer.

motherboard

A form of transmission that allows multiple signals to travel simultaneously over one medium is known as ____.

multiplexing

On networks that run NetBIOS over TCP/IP, the ____ utility can provide information about NetBIOS statistics and resolve NetBIOS names to their IP addresses.

nbtstat

A set of standards primarily for smartphones and smart cards that can be used to establish communication between devices in close proximity.

near field communication (NFC)

When you accept a --- you take no further steps to resolve

negative risk

When you accept a __________, you take no further steps to resolve.

negative risk

A network utility program that reads from and writes to network connections.

netcat

A method to restrict access to a network based on identity or other rules is the definition of ________.

network access control

A technique that examines the current state of a system or network device before it is allowed to connect to the network.

network access control (NAC)

A technique that allows private IP addresses to be used on the public Internet.

network address translation (NAT)

A technology that watches for attacks on the network and reports back to a central device.

network intrusion detection system (NIDS)

A technology that monitors network traffic to immediately react to block a malicious attack.

network intrusion prevention system (NIPS)

What is the process of using tools to determine the layout and services running on an organization's systems and networks?

network mapping

The ____ is the software that runs on a server and enables the server to manage data, users, groups, security, applications, and other networking functions.

network operating system

You must limit the number of ___ on a segment for a clear, strong, and timely signal.

nodes

_______________ enables you to prevent a party from denying a previous statement or action.

non-repudiation

If knowing about an audit changes user behavior, an audit will

not be accurate

The ____ utility allows you to query the DNS database from any computer on the network and find the host name of a device by specifying its IP address, or vice versa.

nslookup

An _____ is a specific resource, such as a file or a hardware device.

object

The ability to quickly remove devices from the organization's network.

off-boarding

The ability to rapidly enroll new mobile devices.

on-boarding

A ___________ fingerprint scanner is a software program that allows an attacker to send log-on packets to an IP host device.

operating system (OS)

a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version are running on a computer?

operating system fingerprinting

The action that is taken by the subject over the object is called an _____.

operation

A protocol analyzer or --- is a software program that enables a computer to monitor and capture network traffic

packet sniffer

A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator.

packet-filtering firewall

A(n) ____ hub does nothing.

passive

a ---- is an authentication credential that is generally longer and more complex than a password

passphrase

A ___________ is a software program that performs one of two functions: brute-force password attack to gain unauthorized access to a system, or recovery of passwords stored in a computer system.

password cracker

A ___________ is a software program that performs one of two functions: brute-force password attack to gain unauthorized access to a system,or recovery of passwords stored in a computer system.

password cracker

An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.

pattern-based IDS

In a(n) ____ network, every computer can communicate directly with every other computer.

peer-to-peer

its essential to match your organizations required ... with its security structure

permission level

An attack that seeks to obtain personal or private financial information through domain spoofing

pharming

The progress of a wave over time in relationship to a fixed point is known as the ____ of the wave.

phase

A ____________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.

phishing attack

Connectivity devices such as hubs and repeaters operate at the ____ layer.

physical

Protocols at the ____ layer accept frames from the Data Link layer and generate voltage so as to transmit signals.

physical

The ____ layer is the lowest, or first, layer of the OSI Model.

physical

Instead of using a key or entering a code to open a door, a user can use an object, such as an ID badge, to identify themselves in order to gain access to a secure area. What term describes this type of object?

physical token

Can be twisted at least twelve times per foot.

Cat5

_____ cable has a 250-MHz rate.

Cat6

Which OSI Reference Model layer is responsible for the coding of data?

Presentation layer

When working on a UNIX-type of system, you can limit the maximum number of router hops the traceroute command allows by typing the ____ switch.

-m

The netstat ____ command allows you to display the routing table on a given machine.

-r

A risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them.

...

A security awareness program includes

...

A___________ primarily addresses the processes, resources, equipment,and devices needed to continue conducting critical business activities when an interruption occurs that affects the business's viability.

...

E-commerce changed how businesses sell, and the --- change how they market

...

Malicious software can be hidden in a

...

The requirement to keep information private or secret is the definition of

...

What are monitoring issues for logging?

...

What does a bushiness impact analysis determine?

...

What is the difference between a BCP and a DRP?

...

Follows the 5-4-3 rule of networking.

10BASE-T

TKIP's enhancements are in three basic areas: the required key length is increased from 64 bits to _____ bits, the IV is increased from 24 bits to _____ bits, and a unique "base key" is created for each wireless device using a master key derived in the authentication process along with the sender's unique MAC address.

128, 48

What is the maximum effective range of a typical passive RFID tag?

19

The SSID serves as the user-supplied network name of a wireless network and generally can be any alphanumeric string up to _____ characters.

32

According to the U.S. Bureau of Labor Statistics, what percentage of growth is the available job outlook supposed to reach by the end of the decade?

22

The formula for determining how to modify a default subnet mask is ____.

2^n - 2 = Y

How is decentralized access control defined?

A system that puts access control into the hands of people such as department managers who are closest to system users; there is no one centralized entity to process access requests in this system.

You can help ensure confidentiality by implementing ___.

A virtual private network for remote access

A trusted third-party agency that is responsible for issuing digital certificates​

Certificate Authority (CA)​

A publicly accessible centralized directory of digital certificates that can be used to view the status of a digital certificate​

Certificate Repository​

What name is given to a document that verifies that a student has completed courses and earned a sufficient score on an assessment?

Certificate of completion

A document that describes in detail how a CA uses and manages certificates, as well as how end users register for a digital certificate, is known as?

Certificate practice statement (CPS

Select below the term that is used to describe a trusted third-party agency that is responsible for issuing digital certificates:

Certification Authority

Laws of Security Compliance

FISMA, HIPAA, GLBA and SOX

The regulating agency for the Gramm Leach Bliley act is the

FTC

An anonymous login may be used with _______ .

FTP

2.5 SIP is more secure than VoIP.

False

2.8 VoIP is less secure than SIP.

False

Access control is the process of proving you are the person or entity you claim to be.

False

Encrypting data on storage devices or hard drives is a main strategy to ensure data integrity. True or False?

False

What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens private data and have proper security controls in place?

Federal Information Security Management Act

What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens' private data and have proper security controls in place?

Federal Information Security Management Act (FISMA)

FISMA

Federal Information Security Management Act (FISMA, United States) - Requires U.S. government agencies to protect citizens' private data and have proper security controls in place.

____ refer to the capability of a server to share data files, applications (such as word-processing or spreadsheet programs), and disk storage space.

File services

Who is responsible for IP addressing and domain name management.

ICANN (Internet Corporation for Assigned Names andNumbers)

____ is a Network layer protocol that reports on the success or failure of data delivery.

ICMP (Internet Control Message Protocol)

A(n) _____ requires two network connections: one that connects to the Internet and one that connects to the LAN.

ICS Host

What are controls that monitor activity?

IDS, IPS and Firewalls

What are the controls that monitor activity?

IDS, IPS andFirewalls

____ is a mail retrieval protocol that was developed as a more sophisticated alternative to POP3.

IMAP (Internet Message Access Protocol)

The ____ is a specialized United Nations agency that regulates international telecommunications, including radio and TV frequencies, satellite and telephony specifications, networking infrastructure, and tariffs applied to global communications.

ITU (International Telecommunication Union)

The _____ provides developing countries with technical expertise and equipment to advance those nations' technological bases.

ITU (International Telecommunication Union)

____ provides information about how and where data should be delivered, including the data's source and destination addresses.

IP (Internet Protocol)

Addresses used to identify computers on the Internet and other TCP/IP-based networks are known as ____ addresses.

IP (internet protocol)

A _____ consists of four 8-bit octets (or bytes) that can be expressed in either binary or dotted decimal notation.

IP address

In the context of TCP/IP, a packet is also known as a(n) ____.

IP datagram

What protocol below supports two encryption modes: transport and tunnel?

IPSec

____ is a command-line utility that provides information about a network adapter's IP address, subnet mask, and default gateway.

IPconfig

Unlike other organizations that specifically focus on engineering or technical aspects of computing and communication, the __________ primarily addresses standards that support software development and computer system operation.

ISO

A business that provides organizations and individuals with access to the Internet and often, other services, such as e-mail and Web hosting is known as a(n) _____.

ISP (internet service provider)

1.10 Intergrity

ISS, Avaibility, Confident

1.13 Confident

ISS, Intergrity, Avaibility

1.12 Avaibility

ISS, Intergrity, Confident

Public Domain Data

Information or data shared with the public such as web site content, white papers, etc.

Confidential Data

Information or data that is owned by the organization. Intellectual property such as customer lists, pricing information, and patents.

compliance

Information security activities directly support several common business drivers, including ________ and efforts to protect intellectual property.

True

Information technology, perhaps the best-known ISO standard is the Open Systems Interconnection (OSI) Reference Model. This internationally accepted framework of standards governs how separate computer systems communicate using networks.

In cryptography, which of the five basic protections ensures that the information is correct and no unauthorized person or malicious software has altered that data?

Integrity

Bluetooth is a _____ _____ _____ technology designed for data communication over short distances.

Personal Area Network (PAN)

What kind of certificate is typically used by an individual to secure e-mail transmissions?

Personal digital

Generically, this is data that can be used to individually identify a person, including Social Security number, driver's license number, financial account data, and health data.

Personally identifiable information

5.1 These control entry into buildings, parking lots, and protected areas.

Physic access control

An organization's facilities manager is often responsible for ---

Physical Access Control

Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium?

Physical Layer

What are the types of Access Control?

Physical access controls - Control entry into buildings, parking lots and protected areas.

What name is given to a protocol to implement a VPN connection between two computers?

Point to Point tunneling protocol

IT Security Policy Framework

Policy, Standard, Procedures and Guidelines.

3.3 a tool used to scan IP host devices for open port. A port is like a channel slector switch in the IP packet.

Port Scan

____ is a mail protocol that is incapable of doing anything more than transporting mail or holding it in a queue.

SMTP (Simple Mail Transfer Protocol)

____ is the protocol responsible for moving messages from one mail server to another over TCP/IP-based networks.

SMTP (Simple Mail Transfer Protocol)

What language below is used to view and manipulate data that is stored in a relational database?

SQL

What protocol, developed by Netscape in 1994, is designed to create an encrypted data path between a client and server that could be used on any platform or operating system?

SSL

A process that creates the first secure communications session between a client and a server is the definition of ________.

SSL handshake

In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.

SYN Flood attack

Bit error rate

The ________ in analog communications is one error for every 1,000 bits sent; in digital communications, the __________ is one error for every 1,000,000 bits sent.

False

The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues.

Risk Vulnerability

The likelihood that something bad will happen.

Security Gap

The difference between the security controls in place and the control you need in order to address all vulnerabilities.

Workstation Domain

The director of IT security is generally in charge of ensuring that the ____________ conforms to policy.

Session Layer

The fifth layer in the OSI model. The Session layer establishes and maintains communication between two nodes on the network. It can be considered the "traffic cop" for network communications.

assets

The first step in risk analysis is to determine what and where the organizations _________ are located.

professional development

The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.

Transport Layer

The fourth layer of the OSI model. In this layer protocols ensure that data are transferred from point A to point B reliably and without errors. this layer services include flow control, acknowledgment, error correction, segmentation, reassembly, and sequencing.

Data classification standard

The goal and objective of a __________ is to provide a consistent definition for how an organization should handle and secure different types of data.

Data Classifications Standards

The goal and objective of data classification standard is to provide a consistent definition for how an organization should handle and secure different types of data. (Private Data, Confidential Data, Internal Use Only and Public Domain Data.

What is ment by application convergence?

The integration of applications to enhance productivity

How can an area be made secure from a non-secured area via two interlocking doors to a small room

Using a mantrap

50. Encryption & Algorithm Analogy

Using an envelope the Encryption is that data contained in the letter. An Algorithm is a set of detailed instructions based on a mathematical formula and how to insert the data into the envelope.

A device that aggregates VPN connections.

VPN concentrator

A ________ is oneof the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A.

Vigenere cipher

The two types of malware that require user intervention to spread are:

Viruses and trojans

​A phishing attack that uses telephone calls instead of e-mails.

Vishing

2.1 Real-time support

VoIP

Audio conferencing is a software-based, real-time audio conference solution for ________ callers.

VoIP

The ________ is an organization formed in 1994 to develop and publish standards for the World Wide Web.

W3C

1.6 As network costs drop, organizations can afford faster Internet. telecommunication service providers sell. In the business of providing. Supplier troubleshooting.

WAN Domain

_____ _____ is for individuals or small office/home offices and _____ _____ is for larger enterprises, schools, and government agencies.

WPA2 Personal, WPA2 Enterprise

The operating system for Apple mobile devices that is a closed and proprietary architecture.

iOS

The ____ utility performs the same TCP/IP configuration and management as the ipconfig utility, but applies to UNIX and Linux OS's.

ifconfig

Rejecting access unless a condition is explicitly met.

implicit deny

Intrusion Detection System is a (Passive Visibility Tool)

in all that it does is catch an intrusion and record it into the logs where an administrator can take whatever action is needed. It can be host or network based but generally is deployed on a network basis.

Which term below is frequently used to describe the tasks of securing information that is in a digital format?

information security

Private Data

information which is confidential and only ethically available to selected individual.. The right to keep certain things to yourself; not for public viewing.

A 24-bit value used in WEP that changes each time a packet is encrypted.

initialization vector (IV)

Malicious code attacks all three information security properties.Malware can modify database records either immediately or over a period of time. This property is ________.

integrety

_______ means only authorized users can change information and deals with the validity and accuracy of data.

integrety

A routers strength lies in its ____ .

intelligence

Connecting your computers or devices to the ---- immediately exposes them to attack

internet

A(n) _____ is usually assigned an IP address that ends with an octet of .1.

internet gateway

A device that detects an attack as it occurs.

intrusion detection system (IDS)

This security appliance examines IP data streams for common attack and malicious intent patterns.

intrusion detection system (IDS)

The operation of stockrooms where mobile devices are stored prior to their dispersal.

inventory control

30. Computer Forensics

involves the preservation, identification, documentation and interpretation of computer data used in legal proceedings.

44. UDP

is a connectionless protocol which also resides at the transport layer of the TCP/IP suite. It however does not provide for reliable delivery but it is more efficient and is best suited for such things as video over the web.

43. TCP

is a core protocol of the TCP/IP suite. It resides at the transport layer, it's a connection oriented protocol and it provides for reliable delivery.

26. AAR or After Action Review

is a document that lists the who, what, why, where, when and how of an incident or disaster response.

60. Vulnerability

is a flaw or a weakness that allow a threat agent to bypass security.


संबंधित स्टडी सेट्स

The Science of Nutrition Chapter 4 Questions

View Set

Unit 3 Lesson 2 Unemployment (Waldonomics)

View Set

Prep U Questions Chapter 7: Legal Dimensions of Nursing Process

View Set

Caring for the Older Adult PREPU

View Set

Marketing Exam 2 Multiple Choice

View Set

unit3 - spinal cord & spinal nerves

View Set