ctc 362
Which one of the following is the best example of an authorization control?
Access control lists
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?
Address Resolution Protocol (ARP) poisoning
During what phase of a remote access connection does the end user prove his or her claim of identity?
Authentication
Which security model does NOT protect the integrity of information?
Bell-LaPadula
Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement?
Bring Your Own Device (BYOD)
Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?
Brute-force attack
Which one of the following measures the average amount of time that it takes to repair a system, application, or component?
Correct Mean time to repair (MTTR)
Which characteristic of a biometric system measures the system's accuracy using a balance of different error types?
Crossover error rate (CER)
Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices?
Data ownership
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?
Discretionary access control (DAC)
Which risk is most effectively mitigated by an upstream Internet service provider (ISP)?
Distributed denial of service (DDoS)
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?
Evil Twin
A dictionary password attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.
False
Connectivity is one of the five critical challenges that the Internet of Things (IoT) has to overcome.
False
Passphrases are less secure than passwords.
False
The main difference between a virus and a worm is that a virus does not need a host program to infect.
False
The term risk methodology refers to a list of identified risks that results from the risk-identification process.
False
Which compliance obligation includes security requirements that apply specifically to federal government agencies in the United States?
Federal Information Security Management Act (FISMA)
Which one of the following is NOT a market driver for the Internet of Things (IoT)?
Global adoption of non-IP networking
Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer?
Health Insurance Portability and Accountability Act (HIPAA)
Which one of the following governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals?
Health Insurance Portability and Accountability Act (HIPAA)
With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network?
Home agent (HA)
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate?
Integrity
Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion?
Interoperability
What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?
Kerberos
Which of the following is an example of a hardware security control?
MAC filtering
Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?
Parallel test
Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?
Passive wiretap
A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?
Payment Card Industry Data Security Standard (PCI DSS)
Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining?
Recovery time objective (RTO)
What is NOT one of the three tenets of information security?
Safety
Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of Internet of Things (IoT) innovation?
Secure
In which type of attack does the attacker attempt to take over an existing connection between two systems?
Session hijacking
Which one of the following is an example of two-factor authentication?
Smart card and personal identification number (PIN)
Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?
Standard
Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it.
True
Which term describes any action that could damage an asset?
Threat
Which classification level is the highest level used by the U.S. federal government?
Top Secret
A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks.
True
A IT security policy framework is like an outline that identifies where security controls should be used.
True
A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.
True
A surge protector is an example of a preventative component of a disaster recovery plan (DRP).
True
Using Mobile IP, users can move between segments on a local area network (LAN) and stay connected without interruption.
True
Which one of the following is NOT a commonly accepted best practice for password security?
Use at least six alphanumeric characters.
Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation?
Warm site
A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer.
false
Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user.
True
Bring Your Own Device (BYOD) opens the door to considerable security issues.
True
Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?
80
Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?
Business continuity plan (BCP)