CYSE 300- Introduction to Cybersecurity
Which data source comes first in the order of volatility when conducting a forensic investigation?
RAM
Which control is not designed to combat malware?
Firewalls
Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place?
Evil Twin
What type of malicious software masquerades as legitimate software to entice the user to run it?
Trojan Horse
Rootkits are malicious software programs designed to be hidden from normal methods of detection. (T/F)
T
Standards are used when an organization has selected a solution to fulfill a policy goal. (T/F)
T
Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?
Discretionary access control (DAC)
Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?
checklist
Forensics and incident response are examples of __________ controls.
corrective
Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements?
Applying security updates promptly
Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create?
Baseline
What level of technology infrastructure should you expect to find in a cold site alternative data center facility?
Basic computer hardware
Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?
Brute-force attack
Which activity manages the baseline settings for a system or device?
Configuration control
What is NOT a common endpoint for a virtual private network (VPN) connection used for remote network access? Laptop Firewall Router Content filter
Content Filter
In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?
Correspondent node (CN)
Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate?
Deidentification
Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?
Does the firewall properly block unsolicited network connection attempts?
A VPN router is a security appliance that is used to filter IP packets. (T/F)
F
Connectivity is one of the five critical challenges that the Internet of Things (IoT) has to overcome. (T/F)
F
Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP). (T/F)
F
Cryptography is the process of transforming data from cleartext into ciphertext. (T/F)
F
Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks. (T/F)
F
Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages. (T/F)
F
In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries. (T/F)
F
Most enterprises are well prepared for a disaster should one occur. (T/F)
F
Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time. (T/F)
F
Service-level agreements (SLAs) are optical backbone trunks for private optical backbone networks. (T/F)
F
Terminal Access Controller Access Control System Plus (TACACS+) is an authentication server that uses client and user configuration files.
F
The asset protection policy defines an organization's data classification standard. (T/F)
F
The weakest link in the security of an IT infrastructure is the server. (T/F)
F
Voice pattern biometrics are accurate for authentication because voices can't easily be replicated by computer software.(T/F)
F
Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP). (T/F)
F
A phishing attack "poisons" a domain name on a domain name server. (T/F)
F: Pharming
A bricks-and-mortar strategy includes marketing and selling goods and services on the Internet. (T/F)
F: They have global reach
Which type of attack involves the creation of some deception in order to trick unsuspecting users?
Fabrication
Configuration changes can be made at any time during a system life cycle and no process is required.
False
Which element of the security policy framework offers suggestions rather than mandatory actions? Policy Standard Guideline Procedure
Guideline
Which one of the following governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals?
Health Insurance Portability and Accountability Act (HIPAA)
With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network?
Home agent (HA)
Which one of the following is NOT a good technique for performing authentication of an end user? Password Biometric scan Identification number Token
ID #
Risk management Process
Identifying Risks Assess Risks Plan risk response Implement risk responses Monitor and control risk responses
Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate? Confidentiality Integrity Availability Nonrepudiation
Integrity
What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?
Kerberos
When should an organization's managers have an opportunity to respond to the findings in an audit?
Managers should include their responses to the draft audit report in the final audit report.
What term describes the longest period of time that a business can survive without a particular critical system?
Maximum tolerable downtime (MTD)
Which one of the following is an example of a reactive disaster recovery control? Moving to a warm site Disk mirroring Surge suppression Antivirus software
Moving to a warm site
What is NOT a commonly used endpoint security technique? Full device encryption Network firewall Remote wiping Application control
Network firewall
Beth must purchase firewalls for several network circuits used by her organization. Which one circuit will have the highest possible network throughput? DS1 DS3 OC-3 OC-12
OC-12
An example of logical access controls
Password
Which tool can capture the packets transmitted between systems over a network?
Protocol analyzer
What is the correct order of steps in the change control process?
Request, approval, impact assessment, build/test, implement, monitor
Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?
Risk survey results
Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?
SOC 3
In what type of attack does the attacker send unauthorized commands directly to a database?
SQL injection
Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery model is Kaira's company using?
Software as a Service (SaaS)
A control limits or constrains behavior. (T/F)
T
A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment. (T/F)
T
A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats. (T/F)
T
An SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA). (T/F)
T
Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet.
T
Authentication controls include passwords and personal identification numbers (PINs). (T/F)
T
Bring Your Own Device (BYOD) opens the door to considerable security issues. (T/F)
T
Company-related classifications are not standard, therefore, there may be some differences between the terms "private" and "confidential" in different companies. (T/F)
T
In e-business, secure web applications are one of the critical security controls that each organization must implement to reduce risk. (T/F)
T
IoT technology has a significant impact on developing economies, given that it can transform countries into e-commerce-ready nations. (T/F)
T
Metadata of Internet of Things (IoT) devices can be sold to companies seeking demographic marketing data about users and their spending habits. (T/F)
T
Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available. (T/F)
T
The Gramm-Leach-Bliley Act (GLBA) addresses information security concerns in the financial industry. (T/F)
T
The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.(T/F)
T
Using Mobile IP, users can move between segments on a local area network (LAN) and stay connected without interruption. (T/F)
T
While running business operations at an alternate site, you must continue to make backups of data and systems. (T/F)
T
The idea that users should be granted only the levels of permissions they need in order to perform their duties is called
The principle of least privilege
Which term describes any action that could damage an asset? Risk Countermeasure Vulnerability Threat
Threat
Written security policies document management's goals and objectives. (T/F)
True
Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using?
Typosquatting
Which one of the following is typically used during the identification phase of a remote access connection? Username Password Token Fingerprint
Username
Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered?
Vulnerability
Which security testing activity uses tools that scan for services running on systems?
Vulnerability testing
Hardware configuration chart
You must have up-to-date map or layout of configuration of hardware components. As-built diagram, copies of software configurations
Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?
Zero-day attack
passphrases
a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security.
A smart card
a token shaped like a credit card that contains one or more microprocessor chips that accept, store, and send information through a reader
Birthday Attack
a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier
Anomaly-based intrusion detection systems
compare current activity with stored profiles of normal (expected) activity.
Social engineering
deceiving or using people to get around security controls.
functional policy
declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing.
Classification scope
determines what data you should classify; classification process determines how you handle classified data.
A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime.
disaster
Personnel safety plan should include
escape plans, escape routes, drills, and control testing
Examples of major business disruptions
extreme weather criminal activity civil unrest/terrorist acts operational application failure
Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?
false positive error
1992 - COBIT-Control Objectives for Business and IT
framework for IT management
Spyware
gathers information about a user through an Internet connection, without his or her knowledge.
Accreditation
is the formal agreement by an authorizing official to accept the risk of implementing a system.
denial of service attack exploits the existence of software flaws to disrupt a service?
logoc attack
Which intrusion detection system strategy relies upon pattern matching?
signature detection
Any component that, if it fails, could interrupt business processing is called
single point of failure (SPoF)
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
system integrity monitoring
Data loss prevention (DLP)
uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.
Regarding security controls, the four most common permission levels are
-Promiscuous -Permissive -Prudent -Paranoid.
key principles of risk management programs?
1) don't spend more to protect an asset than it is worth 2) a countermeasure without a corresponding risk is a solution seeking a problem
The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?
13
Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore?
2
Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the single loss expectancy (SLE)?
2,000,000
Matthew captures traffic on his network and notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted connections? 20 22 23 80
22
Denial of service (DoS) attack
A coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks
Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?
Accountability
Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?
Address Resolution Protocol (ARP) poisoning
Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement?
Bring Your Own Device (BYOD)
Which one of the following is NOT a market driver for the Internet of Things (IoT)?
Global adoption of non-IP networking
Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers?
HIPAA
Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer? Federal Information Security Management Act (FISMA) Health Insurance Portability and Accountability Act (HIPAA) Children's Internet Protection Act (CIPA) Gramm-Leach-Bliley Act (GLBA)
HIPAA
Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of Internet of Things (IoT) innovation?
Secure
Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?
Secure Socket Layer (SSL)
What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications?
Security Assertion Markup Language (SAML)
Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing?
Separation of duties
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?
Separation of duties
false positive
Also known as Type I errors, ...are alerts that seem malicious yet are not real security events. These false alarms are distractions that waste administrative effort. Too many false alarms cause the administrator to ignore real attacks
Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality? Securing wiring closets Applying patches promptly Implementing LAN configuration standards Applying strong encryption
Applying strong encryption
In an accreditation process, who has the authority to approve a system for implementation?
Authorizing official (AO)
Which organization pursues standards for Internet of Things (IoT) devices and is widely recognized as the authority for creating standards on the Internet?
Internet Society
Which agreement type is typically less formal than other agreements and expresses areas of common interest?
Memorandum of understanding (MOU)
Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing?
Passive Wiretap
A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?
Payment Card Industry Data Security Standard (PCI DSS)
Gwen's company is planning to accept credit cards over the Internet. Which one of the following governs this type of activity and includes provisions that Gwen should implement before accepting credit card transactions?
Payment Card Industry Data Security Standard (PCI DSS)
Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of?
Phishing
What is NOT a goal of information security awareness programs? -Teach users about security objectives -Inform users about trends and threats in security -Motivate users to comply with security policy -Punish users who violate policy
Punish users who violate policy
Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining?
Recovery time objective (RTO)
Which of the following does NOT offer authentication, authorization, and accounting (AAA) services?
Redundant Array of Independent Disks (RAID)
What is the first step in a disaster recovery effort?
Respond to the disaster
George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?
Risk Management Guide for Information Technology Systems (NIST SP800-30)
Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?
Service level agreement (SLA)
An example of a threat to access control is in a peer-to-peer (P2P) arrangement in which users share their My Documents folder with each other by accident.(T/F)
T
During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences. (T/F)
T
Each 4G device has a unique Internet Protocol (IP) address and appears just like any other wired device on a network. (T/F)
T
In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data.
T
Organizations should start defining their IT security policy framework by defining an asset classification policy. (T/F)
T
Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device. (T/F)
T
Simple Network Management Protocol (SNMP) is used for network device monitoring, alarm, and performance. (T/F)
T
Some vending machines are equipped with a cellular phone network antenna for secure credit card transaction processing. (T/F)
T
The recovery point objective (RPO) can come from the business impact analysis or sometimes from a government mandate, such as banking laws. (T/F)
T
The recovery point objective (RPO) is the maximum amount of data loss that is acceptable. (T/F)
T
Unified messaging allows you to download both voice and email messages to a smartphone or tablet. (T/F)
T
When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks. (T/F)
T
Which one of the following is an advantage that the Internet of Things (IoT) brings to economic development for countries?
Technical and industry development
The Gramm-Leach-Bliley Act (GLBA)
addresses information security concerns in the financial industry
false negative
also known as Type II errors, are the failure of the alarm system to detect a serious event. Perhaps the event went unnoticed, or maybe the alarm was fooled into thinking the event was not serious when in fact it was
The number of failed logon attemps that trigger an account action
threshold